A joint cybersecurity advisory published by US agencies revealed that three ransomware attacks on wastewater systems this year.
A joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA revealed three more attacks launched by Ransomware gangs against US water and wastewater treatment facilities (WWS) this year.
This is the first time that these attacks are publicly disclosed, they took place in March, July, and August respectively. The three facilities hit by ransomware operators are located in the states of Nevada, Maine, and California. In all the attacks the ransomware encrypting files on the infected systems and in one of the security incidents threat actors compromised a system used to control the SCADA industrial equipment.
The advisory reports common tactics, techniques, and procedures (TTPs) used by threat actors to compromise IT and OT networks of WWS facilities, they include:
- Spearphishing campaign aimed at the personnel to deliver malicious payloads such as ransomware and RAT;
- Exploitation of services and applications exposed online that enable remote access to WWS networks (i.e. RDP accesses);
- Exploitation of vulnerabilities affecting control systems running vulnerable firmware versions.
The three new incidents included in the advisory
What’s the Difference Between OT, ICS, SCADA and DCS?
