United States has warned of more ransomware attacks on information technology (IT) and operational technology (OT) networks of the country’s Water and Wastewater Systems (WWS) Sector facilities.
On Thursday, multiple US government agencies, including the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA), the Environmental Protection Agency (EPA), and the National Security Agency (NSA), issued a joint alert, warning organizations in the Water and Wastewater Systems (WWS) Sector regarding an upsurge in cyberattacks against these facilities.
The alert revealed that three industrial control systems (ICS) at water facilities in the US had been impacted by ransomware attacks in the past two years.
“The ransomware variant had been in the system for about a month and was discovered when three supervisory control and data acquisition (SCADA) servers displayed a ransomware message,” the agencies noted in the alert.
WWS Facilities Under Threat
As per the alert from the FBI, CISA, EPA, and NSA, the WWS sector is currently under the radar of cybercriminals. Threat actors can launch phishing campaigns and target outdated software to exploit control systems.
The agencies claim that they are aware of the emerging threat against water facilities’ OT and IT networks. The agencies revealed that threat actors are explicitly targeting critical infrastructure sectors; however, this doesn’t mean that the threat isn’t restricted to the WWS sector only.
The Executive Assistant Director for Cybersecurity, Eric Goldstein, stated that the recent ransomware incidents make cybersecurity a top priority of critical infrastructure owners and operators.
“While vulnerabilities within the Water Sector are comparable to vulnerabilities observed across many other sectors, the criticality of water and wastewater infrastructure and recent intrusions impacting the sector reflect the need for continued focus and investment,” Goldstein said.
Potable Water Facilities The Prime Target
The advisory noted that malicious activities targeting WWS facilities might launch ransomware attacks affecting the potable water generating facilities by gaining control of wastewater processes.
Since these facilities are part of the sixteen US critical infrastructure sectors, spearphishing or other kinds of attacks that cause their compromise or incapacitation would directly impact national and economic security and jeopardize public health and safety.
Multiple Malware Strains Discovered
The agencies further revealed that they had identified multiple ransomware strains against the WWS sector in the incidents. The threat actors are trying to encrypt water treatment facilities systems using Ghost used in August 2021 against a WWS facility in California.
The ransomware variant persisted in the system for a month. Authorities later discovered it in three supervisory control and data acquisition (SCADA) servers that displayed a ransomware message
In September 2021, threat actors used the Makop ransomware variant against a New Jersey-based WWS facility. In March 2021, a Nevada-based WWS facility was also targeted with an unknown malware strain that affected the SCADA system.
Moreover, a ransomware strain called ZuCaNo was launched against a Maine-based WWS facility’s SCADA wastewater computer in July 2021, and the system had to be run manually until the computer was restored.