Andauernde Cyberbedrohungen gegenüber U.S. Wasser- und Abwassersystemen


Mitte Oktober haben das FBI, CISA, EPA und NSA ein Advisory veröffentlicht, in dem es um andauernden Cyberangriffe auf die Wasserwirtschaft in den USA geht.

Folgende Vorfälle sind gelistet:

  • In August 2021, malicious cyber actors used Ghost variant ransomware against a California- based WWS facility. The ransomware variant had been in the system for about a month and was discovered when three supervisory control and data acquisition (SCADA) servers displayed a ransomware message.
  • In July 2021, cyber actors used remote access to introduce ZuCaNo ransomware onto a Maine-based WWS facility’s wastewater SCADA computer. The treatment system was run manually until the SCADA computer was restored using local control and more frequent operator rounds.
  • In March 2021, cyber actors used an unknown ransomware variant against a Nevada-based WWS facility. The ransomware affected the victim’s SCADA system and backup systems. The SCADA system provides visibility and monitoring but is not a full industrial control system (ICS).
  • In September 2020, personnel at a New Jersey-based WWS facility discovered potential Makop ransomware had compromised files within their system.
  • In March 2019, a former employee at Kansas-based WWS facility unsuccessfully attempted to threaten drinking water safety by using his user credentials, which had not been revoked at the time of his resignation, to remotely access a facility computer.

Die Angriffe sind bis zum Weißen Haus hin thematisiert worden.

Hinweisen möchte ich auf die in dem Advisory angegeben Ressourcen, die für das eine oder andere Unternehmen eine Fundquelle sein können: