© 2024 CoolTechZone - Latest tech news,
product reviews, and analyses.

CISA: ‘Threat actors actively exploiting industrial water systems through unsophisticated means’


Organizations and enterprises in water drinking and wastewater management should be cautious of threat actors and cyberattacks through ‘unsophisticated means’.

The Cybersecurity and Infrastructure Security Agency (CISA) says in a notice that it continues to respond to “active exploitation of internet-accessible operational technology (OT) and industrial control systems (ICS) devices, including those in the Water and Wastewater Systems (WWS) sector”.

“Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm,” the United States cybersecurity agency warns.

CISA recommends providers of water management and other essential services to improve their cyber hygiene and implement appropriate technical and organizational security measures to protect their systems from cyberattacks, like changing default passwords, enabling multi-factor authentication, and installing the latest software updates. A disruption or outage could cripple society and pose a serious threat to the United States’ national security.

CISA’s notice comes a few days after the water treatment facility of the City of Arkansas City fell victim to a cyberattack. Last Sunday, IT employees of the water plant noticed that a computer wasn’t working. To make sure the facility remained operational, they reported the incident to the authorities and implemented ‘enhanced security measures’.

“Despite the incident, the water supply remains completely safe, and there has been no disruption to service. Out of caution, the Water Treatment Facility has switched to manual operations while the situation is being resolved. Residents can rest assured that their drinking water is safe, and the City is operating under full control during this period,” City Manager Randy Frazer said in a statement.

“Fortunately, there was no disruption to the water supply, and sensitive information remained secure. However, similar attacks could easily result in more severe consequences. This event reinforces the need for heightened vigilance and continuous improvements in cybersecurity across this sector,” cybersecurity specialist Itay Glick added.

According to BleepingComputer, Iranian and Chinese state-backed hacking groups have been linked to several U.S. water system breaches in recent years.


Leave a Reply

Your email address will not be published. Required fields are marked