Aug 16 2022

Clop Ransomware Gang Breaches Water Utility, Just Not the Right One

South Staffordshire in the UK has acknowledged it was targeted in a cyberattack, but Clop ransomware appears to be shaking down the wrong water company.

Uk man hole cover

South Staffordshire plc, a UK water-supply company, has acknowledged it was the victim of a cyberattack. Around the same time, the Clop ransomware group started threatening Thames Water that it would release data it has stolen from the utility unless Thames Water paid up.

The problem? Thames Water wasn’t breached. 

Apparently, Clop got its UK water companies confused. 

South Staffordshire serves about 1.6 million customers and recently reported that it was targeted in a cyberattack and was “experiencing a disruption to out corporate IT network and our teams are working to resolve this as quickly as possible.” It added there has been no disruption on service. 

“This incident has not affected our ability to supply safe water, and we can confirm we are still supplying safe water to all of our Cambridge Water and South Staffs Water customers,” the water company said. 

Meanwhile, Thames Water, the UK’s largest water supplier to more than 15 million people, was forced to deny it was breached by Clop ransomware attackers, who threatened they now had the ability to tamper with the water supply, according to reports. 

“As providers of critical national infrastructure, we take the security of our networks and systems very seriously and are focused on protecting them, so that we can continue to provide resilient services to our customers and the environment,” the larger water company told the UK Mirror

While Clop seems to have its records all wrong, both water utilities mounted capable responses to the ransomware group’s attack on critical infrastructure, according to Edward Liebig, global director of cyber ecosystem at Hexagon Asset Lifecycle Intelligence. 

“I’m impressed by South Staffordshire Water’s ability to defend against the cyberattack in the IT systems and buffer the OT systems from impact,” Liebeg said. “And had Thames Water not done an investigation of the ‘proof of compromise,’ they may very well have decided to negotiate further. In both instances, each organization did their due diligence.”

Ransomware Protection Playbook

Tags: ransomware attacks, Ransomware Protection Playbook

Apr 19 2021

Experts demonstrated how to hack a utility and take over a smart meter

Category: Grid VulnerabilitiesDISC @ 3:19 pm

Researchers from the FireEye’s Mandiant team have breached the network of a North American utility and turn off one of its smart meters.

Over the years, the number of attacks against ICS/SCADA systems used by industrial organizations worldwide has rapidly increased. Many security firms highlighted the risks related to attacks targeting OT networks used in utilities.

Among the most clamorous attacks against industrial organizations, there is the 2015 attack against the electric grid in Ukraine and the 2017 Triton attack against a Saudi petrochemical plant.

Recently FireEye’s incident response unit Mandiant demonstrated how to infiltrate the network of a North American utility and hack into its industrial control systems to turn off one of its smart meters.

The scope of the test was to demonstrate tactics, techniques, and procedures used by threat actors to breach the protected perimeter between an IT network and an OT network.

In the first phase of the attack, the Mandiant team adopted techniques used by TEMP.Veles to breach the OT network during the TRITON attack.

“Mandiant’s experience during red team engagements highlights that collecting information from IT network assets plays a crucial role in targeted OT attacks. As a result, the internal reconnaissance phase for OT targeted attacks begins in the enterprise network, where the actor obtains knowledge and resources to propagate from an initial compromise in the IT network to remote access in the OT network.” states the FireEye’s report. “Detailed information collected about the target, their security operations, and their environment can also support an actor’s attempts at remaining undetected while expanding operations.”

Mandiant’s red team initially targeted the external-facing IT network, then attempted to gain access to the OT network.

Tags: Smart meters

Feb 04 2021

Smart meters and hackers

Category: cyber security,Grid VulnerabilitiesDISC @ 5:08 pm

Hackproofing smart meters

Tags: Smart meters

Jul 03 2019

US wants to isolate power grids with ‘retro’ technology to limit cyber-attacks

Category: Grid VulnerabilitiesDISC @ 2:04 pm

SEIA bill, inspired by the 2015 cyber-attack on Ukraine’s power grid, passes Senate.

Source: US wants to isolate power grids with ‘retro’ technology to limit cyber-attacks | ZDNet

US power grid increasingly vulnerable to cyber threats

Enter your email address:

Delivered by FeedBurner

Tags: OT security, Power grid vulnerabilities, Utility security