To better secure the U.S. water and wastewater systems (WWS), the FBI, CISA, EPA, and NSA released a joint advisory reporting on various ransomware attacks and highlighting best practices to mitigate possible vulnerabilities in both information technology (IT) and operational technology (OT) networks, systems, and devices.
The advisory listed several attacks from 2019 to 2021 on WWS facilities across the country. The most recent attack in August consisted of a Ghost ransomware deployment against a facility in California. Infiltrators had been in the system for a month and were only discovered when three supervisory control and data acquisition (SCADA) servers displayed a ransomware message. Listed on the advisory were also the common tactics, techniques, and procedures (TTPs) used by threat actors to compromise systems, such as spearphishing, exploitation of outdated operating systems and software, and exploitation of system devices with vulnerable firmware.
While the advisory did not indicate a greater threat to the WWS sector, it does urge organizations to implement proper mitigating procedures and security measures. According to the report, attempts to compromise the integrity of these systems could cause significant disruptions, such as not being able to provide clean water and not properly managing wastewater. The advisory also brought to light the need to allocate resources for better security in IT and OT systems.