The Cybersecurity and Infrastructure Security Agency (CISA), FBI, and National Security Agency (NSA) once again have teamed up in a cybersecurity advisory — this time regarding ongoing attack campaigns against US water and wastewater facilities.
Both known and unknown cyber-threat groups have been going after both IT and OT networks, systems, and equipment at these facilities, the agencies warned.
"This activity — which includes attempts to compromise system integrity via unauthorized access — threatens the ability of [water and wastewater systems] facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities," the alert said.
The report includes more detailed mitigations and defenses and details on the modes of attack, and the agencies recommend water facilities immediately adopt practices of not opening suspicious links; secure and monitor RDP; and employ strong passwords and multifactor authentication.
”Recent ransomware incidents and ongoing threats demonstrate why all critical infrastructure owners and operators should make cybersecurity a top priority. While vulnerabilities within the water sector are comparable to vulnerabilities observed across many other sectors, the criticality of water and wastewater infrastructure and recent intrusions impacting the sector reflect the need for continued focus and investment," said Eric Goldstein, executive assistant director for cybersecurity at CISA, in a statement.
"The battle against ransomware doesn't start the day a cyber incident occurs," he said. "It begins long before that with the proactive measures detailed in this joint advisory and at StopRansomware.gov that every owner and operator must take to address security gaps and protect the communities they serve.”
Read the advisory here.