US authorities reveal ransomware assaults on water services – Enterprise Insurance
(Reuters) – US authorities said Thursday that four ransomware attacks had penetrated water and sanitation facilities in the past year and warned similar facilities to look for signs of intruders and take other precautions.
The Cybersecurity and Infrastructure Security Agency warning cited a series of apparently unrelated hacking incidents from September 2020 to August 2021 that involved at least three different types of ransomware that encrypted computer files and required payment to be recovered.
Attacks on an unnamed sewage facility in Maine three months ago and one in California in August bypassed desktop computers and crippled the specialized monitoring and data-gathering equipment that issued mechanical commands to the devices.
The Maine system had to move to manual controls, according to the warning signed jointly by the FBI, the National Security Agency, and the Environmental Protection Agency.
A March hack in Nevada also reached SCADA devices that provided operational transparency but could not issue commands.
CISA stated that there were increasing attacks on many forms of critical infrastructure, similar to the waterworks.
In some cases, water systems are hampered by low municipal spending on tech cybersecurity.
Department of Homeland Security recommendations include auditing the access log and strictly using additional factors for authentication beyond passwords.