Category: Cybersecurity

The U.S. Environmental Protection Agency (EPA) is issuing this alert to encourage water system owners and operators across the country to take deliberate and meaningful steps to strengthen cybersecurity in light of activities in the middle east and the potential for U.S. critical infrastructure to be targeted. Iranian government–affiliated and aligned cyber actors have previously demonstrated the ability to exploit internet‑exposed operational technology devices at U.S. water and wastewater systems, in some cases forcing temporary reversion to manual operations and causing operational impacts. EPA urges utilities to adopt a heightened security posture and promptly report suspicious activity to CISA and the FBI.

Mitigations

All drinking water and wastewater systems are strongly encouraged to implement the following mitigations immediately to enhance resilience against low-level cyberattacks:

 

 

The FBI, CISA, NSA assess pro-Russia hacktivist groups are conducting less sophisticated, lower-impact attacks against critical infrastructure entities, compared to advanced persistent threat (APT) groups. These attacks use minimally secured, internet-facing virtual network computing (VNC) connections to infiltrate (or gain access to) OT control devices within critical infrastructure systems. Pro-Russia hacktivist groups—Cyber Army of Russia Reborn (CARR), Z-Pentest, NoName057(16), Sector16, and affiliated groups—are capitalizing on the widespread prevalence of accessible VNC devices to execute attacks against critical infrastructure entities, resulting in varying degrees of impact, including physical damage. Targeted sectors include Water and Wastewater Systems, Food and Agriculture, and Energy.

More information on this alert can be found here.

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Canadian Centre for Cyber Security (Cyber Centre) assess People’s Republic of China (PRC) state-sponsored cyber actors are using BRICKSTORM malware for long-term persistence on victim systems. CISA, NSA, and Cyber Centre are releasing this Malware Analysis Report to share indicators of compromise (IOCs) and detection signatures based off analysis of eight BRICKSTORM samples. CISA, NSA, and Cyber Centre urge organizations to use the IOCs and detection signatures to identify BRICKSTORM malware samples.

More information on the alert can be found on the CISA website here.

The EPA has training material and courses which can help improve your waterworks cybersecurity found here.

EPA is issuing this alert to inform water and wastewater system owners and operators of cyber incidents involving Cityworks Software. The Cityworks (owned by Trimble) platform is used widely by State, Local, Tribal, and Territorial municipalities, including water and wastewater systems.  Read more about this alert here.

The U.S. EPA is issuing this alert to inform water and wastewater system owners and operators of the need for increased vigilance for potential cyber activity in the United States due to the current geopolitical environment. More information can be found here.

The U.S. EPA is issuing this alert to inform water and wastewater system owners and operators of the need for increased vigilance surrounding the use of Microsoft SharePoint.  While the scope and impact continue to be assessed, the chain, publicly reported as “ToolShell,” provides unauthenticated access to systems and authenticated access through network spoofing, respectively, and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network.  See a full update regarding this release on the CISA’s Webpage.