US government warns water services are being targeted in cyberattacks

Date:
Wed, 20 Mar 2024 18:00:22 +0000

Description:
Threatening the water supply is the tip of the iceberg, as EPA letter
suggests critical infrastructure is under attack

FULL STORY ======================================================================

The US government has issued a warning to its allies that state-backed
hackers from Iran and China are increasingly targeting critical infrastructure, with the most notable attacks against water systems.

The Cybersecurity and Infrastructure Security Agency (CISA) probed a number
of Iranian attacks targeting Unitronic programmable logic controllers (PLC) used in water facilities.

China has also turned its attention to probing critical US infrastructure in what government officials claim could be practice for a wider playbook in the event of war between the US and China. Targeting the weakest link in the
chain

A public letter issued by Environment Protection Agency (EPA) Administrator, Michael Regan, and National Security Advisor, Jake Sullivan, said, Disabling cyberattacks are striking water and wastewater systems throughout the United States. These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on
affected communities.

While the attack conducted by an Iranian-backed group did not affect the
water supply at the targeted facility, a breach of the PLCs used to control the supply of water means that had the attack progressed further, the attackers could have contaminated the water, damaged the facility itself, or even turned off the municipal water supply.

Volt Typhoon is the most likely culprit behind the attacks carried out by China, with water facilities alongside power grids, port infrastructure, and at least one oil and gas pipeline. The letter continued, stating, Federal departments and agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves to disrupt critical infrastructure operations in the event of geopolitical tensions and/or military conflicts.

Water facilities in the US have long been an easy target for cyber attacks
due to the critical underfunding, low staffing levels, and a general lack of cyber security. The Biden Administration recently announced that the burden
of responsibility for cyber security should be shifted onto private enterprises that are best positioned to reduce the risks for small businesses and public institutions.

In many cases, even basic cybersecurity precautions such as resetting
default passwords or updating software to address known vulnerabilities are not in place and can mean the difference between business as usual and a disruptive cyberattack, the letter stated.

Via Bloomberg More from TechRadar Pro Hackers abuse API popularity to break into accounts and steal data Take a look at the best endpoint protection software on the market Almost half of IT teams are burnt out as a result of war rooms, as blame game culture becomes the norm for most organizations






======================================================================
Link to news story: https://www.techradar.com/pro/us-government-warns-water-services-are-being-tar geted-in-cyberattacks


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)