A Very Good Poster In Here Recently Mentioned Water
BTW If I Was a Bad-Guy or Black-Hat Poisoning Our Water Supply Would be Top of My List - Easy and Would Kill Millions Immediately and Aftermath of Having No Potable Water
To the 3 Letter Agencies I'm Not a Bad Guy or a Black Hat - You Are - I'm Speaking Hypothetically
Maybe to "Watch the Water"
https://us-cert.cisa.gov/ncas/alert...J7C0zkNcMu7ivy9ceCJCFPw_d7-srKjUyvAIS3O35GOkI
This Alert Came Out Yesterday
Pasting Because It Is IMPORTANT and You Might Skip the Link
Alert (AA21-287A)
Ongoing Cyber Threats to U.S. Water and Wastewater Systems
Original release date: October 14, 2021
ummary
Immediate Actions WWS Facilities Can Take Now to Protect Against Malicious Cyber Activity
• Do not click on suspicious links.
• If you use RDP, secure and monitor it.
• Use strong passwords.
•
Use multi-factor authentication.
Note: This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.
This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) to highlight ongoing malicious cyber activity—by both known and unknown actors—targeting the information technology (IT) and operational technology (OT) networks, systems, and devices of
U.S. Water and Wastewater Systems (WWS) Sector facilities. This activity—which includes attempts to compromise system integrity via unauthorized access—threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities.
Note: although cyber threats across
critical infrastructure sectors are increasing, this advisory does not intend to indicate greater targeting of the WWS Sector versus others.
To secure WWS facilities—including Department of Defense (DoD) water treatment facilities in the United States and abroad—against the TTPs listed below, CISA, FBI, EPA, and NSA strongly urge organizations to implement the measures described in the Recommended Mitigations section of this advisory.
Threat Overview
Tactics, Techniques, and Procedures
WWS facilities may be vulnerable to the following common tactics, techniques, and procedures (TTPs) used by threat actors to compromise IT and OT networks, systems, and devices.
- Spearphishing personnel to deliver malicious payloads, including ransomware [T1566].
- Spearphishing is one of the most prevalent techniques used for initial access to IT networks. Personnel and their potential lack of cyber awareness are a vulnerability within an organization. Personnel may open malicious attachments or links to execute malicious payloads contained in emails from threat actors that have successfully bypassed email filtering controls.
- When organizations integrate IT with OT systems, attackers can gain access—either purposefully or inadvertently—to OT assets after the IT network has been compromised through spearphishing and other techniques.
- Exploitation of internet-connected services and applications that enable remote access to WWS networks [T1210].
- For example, threat actors can exploit a Remote Desktop Protocol (RDP) that is insecurely connected to the internet to infect a network with ransomware. If the RDP is used for process control equipment, the attacker could also compromise WWS operations. Note: the increased use of remote operations due to the COVID-19 pandemic has likely increased the prevalence of weaknesses associated with remote access.
- Exploitation of unsupported or outdated operating systems and software.
- Threat actors likely seek to take advantage of perceived weaknesses among organizations that either do not have—or choose not to prioritize—resources for IT/OT infrastructure modernization. WWS facilities tend to allocate resources to physical infrastructure in need of replacement or repair (e.g., pipes) rather than IT/OT infrastructure.
- The fact that WWS facilities are inconsistently resourced municipal systems—not all of which have the resources to employ consistently high cybersecurity standards—may contribute to the use of unsupported or outdated operating systems and software.
- Exploitation of control system devices with vulnerable firmware versions.
- WWS systems commonly use outdated control system devices or firmware versions, which expose WWS networks to publicly accessible and remotely executable vulnerabilities. Successful compromise of these devices may lead to loss of system control, denial of service, or loss of sensitive data [T0827].
WWS Sector Cyber Intrusions
Cyber intrusions targeting U.S. WWS facilities highlight vulnerabilities associated with the following threats:
- Insider threats, from current or former employees who maintain improperly active credentials
- Ransomware attacks
WWS Sector cyber intrusions from 2019 to early 2021 include:
- In August 2021, malicious cyber actors used Ghost variant ransomware against a California-based WWS facility. The ransomware variant had been in the system for about a month and was discovered when three supervisory control and data acquisition (SCADA) servers displayed a ransomware message.
- In July 2021, cyber actors used remote access to introduce ZuCaNo ransomware onto a Maine-based WWS facility’s wastewater SCADA computer. The treatment system was run manually until the SCADA computer was restored using local control and more frequent operator rounds.
- In March 2021, cyber actors used an unknown ransomware variant against a Nevada-based WWS facility. The ransomware affected the victim’s SCADA system and backup systems. The SCADA system provides visibility and monitoring but is not a full industrial control system (ICS).
- In September 2020, personnel at a New Jersey-based WWS facility discovered potential Makop ransomware had compromised files within their system.
- In March 2019, a former employee at Kansas-based WWS facility unsuccessfully attempted to threaten drinking water safety by using his user credentials, which had not been revoked at the time of his resignation, to remotely access a facility computer.
Read Article for Suggested "Mitigations"
boriquagato.substack.com
That’s when you callfor @M E R L I N to drop the hammer.
www.breitbart.com
