US Water and Wastewater Facilities Targeted in Cyberattacks, Feds Warn
CISA, FBI, and NSA issue advisory and defense practices to help these utilities thwart "ongoing" threats targeting IT and OT networks.
The Cybersecurity and Infrastructure Security Agency (CISA), FBI, and National Security Agency (NSA) once again have teamed up in a cybersecurity advisory — this time regarding ongoing attack campaigns against US water and wastewater facilities.
Both known and unknown cyber-threat groups have been going after both IT and OT networks, systems, and equipment at these facilities, the agencies warned.
"This activity — which includes attempts to compromise system integrity via unauthorized access — threatens the ability of [water and wastewater systems] facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities," the alert said.
The report includes more detailed mitigations and defenses and details on the modes of attack, and the agencies recommend water facilities immediately adopt practices of not opening suspicious links; secure and monitor RDP; and employ strong passwords and multifactor authentication.
”Recent ransomware incidents and ongoing threats demonstrate why all critical infrastructure owners and operators should make cybersecurity a top priority. While vulnerabilities within the water sector are comparable to vulnerabilities observed across many other sectors, the criticality of water and wastewater infrastructure and recent intrusions impacting the sector reflect the need for continued focus and investment," said Eric Goldstein, executive assistant director for cybersecurity at CISA, in a statement.
"The battle against ransomware doesn't start the day a cyber incident occurs," he said. "It begins long before that with the proactive measures detailed in this joint advisory and at StopRansomware.gov that every owner and operator must take to address security gaps and protect the communities they serve.”
Read the advisory here.
About the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024