CISA’s Annual 'Captain Obvious' Alert: Hacktivists Use Stone Age Tactics to Exploit Water Systems — Who Knew?

📌CISA’s ‎Mayday‏ ‎Call: CISA, along ‎with ‎other ‎federal ‎agencies‏ ‎and ‎counterparts‏ ‎in‏ ‎Canada ‎and ‎the‏ ‎UK, ‎issued‏ ‎a ‎five-page ‎warning ‎on‏ ‎May‏ ‎1, ‎2024,‏ ‎to ‎water‏ ‎treatment ‎operators ‎in ‎North ‎America‏ ‎and‏ ‎Europe. ‎Apparently,‏ ‎they ‎needed‏ ‎to ‎be ‎told ‎(again) ‎that‏ ‎their‏ ‎systems‏ ‎are ‎under‏ ‎attack… ‎and‏ ‎again ‎Russia‏ ‎is‏ ‎to ‎blame

📌Rudimentary‏ ‎Attack ‎Techniques: ‎These ‎hacktivists ‎aren’t‏ ‎even ‎using‏ ‎sophisticated‏ ‎methods. ‎They’re ‎exploiting‏ ‎outdated ‎remote‏ ‎access ‎software ‎to ‎mess‏ ‎with‏ ‎human-machine ‎interfaces‏ ‎(HMIs) ‎and‏ ‎industrial ‎control ‎systems ‎(ICSs). ‎So,‏ ‎basically,‏ ‎they’re ‎taking‏ ‎advantage ‎of‏ ‎the ‎fact ‎that ‎some ‎facilities‏ ‎are‏ ‎stuck‏ ‎in ‎the‏ ‎digital ‎Stone‏ ‎Age.

📌Impact ‎of‏ ‎Attacks: The‏ ‎attacks ‎have‏ ‎caused ‎«nuisance-level» ‎impacts, ‎such ‎as‏ ‎tank ‎overflows,‏ ‎which‏ ‎were ‎fixed ‎by‏ ‎reverting ‎to‏ ‎manual ‎controls. ‎There ‎has‏ ‎been‏ ‎no ‎impact‏ ‎on ‎drinking‏ ‎water ‎so ‎far, ‎but ‎the‏ ‎potential‏ ‎for ‎physical‏ ‎threats ‎exists‏ ‎but ‎no ‎worries, ‎Cola ‎is‏ ‎coming‏ ‎to‏ ‎save ‎lives

Cybersecurity‏ ‎on ‎a‏ ‎Budget: CISA’s ‎advice‏ ‎for‏ ‎water ‎facility‏ ‎operators ‎is ‎to:

📌Change ‎all ‎default‏ ‎passwords ‎(because‏ ‎apparently,‏ ‎that’s ‎still ‎a‏ ‎thing).

📌Disconnect ‎HMIs‏ ‎and ‎PLCs ‎from ‎the‏ ‎public‏ ‎internet ‎(who‏ ‎knew ‎that‏ ‎was ‎a ‎bad ‎idea?).

📌Implement ‎multi-factor‏ ‎authentication‏ ‎(because ‎now‏ ‎we ‎need‏ ‎faceID ‎to ‎protect ‎water).

📌Budget ‎Constraints:‏ ‎Yes,‏ ‎budgets‏ ‎are ‎tight,‏ ‎but ‎that’s‏ ‎no ‎excuse‏ ‎to‏ ‎do ‎nothing.‏ ‎Basic ‎cybersecurity ‎practices ‎like ‎cyber‏ ‎awareness ‎training,‏ ‎maintaining‏ ‎an ‎accurate ‎asset‏ ‎inventory, ‎continuous‏ ‎threat ‎monitoring, ‎and ‎vulnerability‏ ‎assessments‏ ‎can ‎be‏ ‎done ‎without‏ ‎breaking ‎the ‎bank. ‎Even ‎Google‏ ‎started‏ ‎in ‎a‏ ‎garage

📌Hacktivist ‎Magnet:‏ ‎Water ‎and ‎wastewater ‎systems ‎are‏ ‎prime‏ ‎targets‏ ‎because ‎they‏ ‎have ‎tight‏ ‎budgets, ‎lax‏ ‎cybersecurity‏ ‎practices, ‎and‏ ‎almost ‎guaranteed ‎publicity ‎for ‎even‏ ‎minor ‎attacks.‏ ‎It’s‏ ‎like ‎a ‎80s‏ ‎hacker’s ‎dream‏ ‎come ‎true.

📌Vendor ‎Support: Nozomi ‎Networks‏ ‎is‏ ‎here ‎to‏ ‎save ‎the‏ ‎day, ‎offering ‎solutions ‎to ‎help‏ ‎water‏ ‎and ‎wastewater‏ ‎utilities ‎do‏ ‎more ‎with ‎less. ‎Because, ‎of‏ ‎course,‏ ‎they‏ ‎understand ‎OT/ICS‏ ‎cybersecurity ‎better‏ ‎than ‎anyone‏ ‎else.