CISA warns of continuing attacks on water systems after Kansas town reports incident

Avatar

Government-run water systems are still at risk of attack by cybercriminals and nation-states, according to a new advisory from the U.S.’s top cybersecurity agency.

The notice from the Cybersecurity and Infrastructure Security Agency (CISA) came two days after Arkansas City, Kansas reported a cybersecurity issue that forced them to switch to manual operations. 

On Thursday, CISA said they continue to “respond to active exploitation of internet-accessible operational technology (OT) and industrial control systems (ICS) devices, including those in the Water and Wastewater Systems (WWS) Sector.” 

“Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm,” they said.

The cyber agency urged operators to apply previously released recommendations to defend systems. 

The attack on Arkansas City — home to about 11,000 people — started on Sunday morning. City Manager Randy Frazer declined to answer questions about whether the FBI and CISA were involved in the response to the attack, but said the water supply “remains completely safe and there has been no disruption to service.”

“Out of caution, the Water Treatment Facility has switched to manual operations while the situation is being resolved. Residents can rest assured that their drinking water is safe, and the City is operating under full control during this period,” he said on Monday. 

He said cybersecurity experts and government authorities are now working to resolve the situation. He did not respond to requests for an update on Wednesday. 

Due to their importance, the more than 150,000 public water systems in the U.S. have become a focal point of debate about what role federal and state governments have in protecting the public from a cybersecurity perspective. 

Water industry groups last year partnered with Republican lawmakers to stop federal efforts to protect water systems despite significant increases in the number of ransomware attacks and nation-state intrusions. 

Even after a string of attacks on U.S. water systems last Fall by hackers allegedly connected to the government of Iran, groups like the American Water Works Association have insisted that they should be able to write their own cybersecurity rules governing the sector. 

Several cybersecurity experts said they have seen an increase in attacks on industrial water systems and echoed CISA in explaining that one of the key issues is the fact that many water systems continue to connect industrial tools to the internet as a way to remotely manage them.

Waterfall Security Solutions CEO Lior Frenkel told Recorded Future News that in his extensive work with water system operators, many either don’t know what tools are connected to the internet or believe the risks outweigh the dangers. 

“Systems that are connected to the internet can be shut down or manipulated or can impair the process that they are controlling,” he said. 

“All of that should never be accessible from the internet unless there’s such a need that you can say that need is stronger than the risk. But the default today is they are connected. We try to put them off the grid. The default should be everything is off the grid, and you connect only what’s the bare necessity.”

CybercrimeGovernmentNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Google’s Shift to Rust Programming Cuts Android Memory Vulnerabilities by 52%

Next Post

Cybercriminals target transportation companies in North America with info-stealing malware

Related Posts

New Android Malware ‘Ajina.Banker’ Steals Financial Data and Bypasses 2FA via Telegram

Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2023 with the goal of harvesting financial information and intercepting two-factor authentication (2FA) messages. Singapore-headquartered Group-IB, which discovered the threat in May 2024, said the malware is propagated via a network of Telegram channels
Avatar
Read More

New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers

Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza. BabbleLoader is an "extremely evasive loader, packed with defensive mechanisms, that is designed to bypass antivirus and sandbox environments to deliver stealers into memory," Intezer security
Avatar
Read More