Wednesday, October 09, 2024

America's Largest Water Utility Targeted in Cyber Attack

The largest regulated water and wastewater utility company in the United States announced Monday that it was the victim of a cyberattack, prompting the firm to pause billing to customers.

More

Comments

America's drinking water is facing attack, with links back to China, Russia and Iran (June 2024)
www.cnbc.com

... Key Points

- - - Cyberattacks on the country's water systems could damage infrastructure, disrupt the availability or flow of water, and alter chemical levels, contaminating public drinking water supply.

- - - A recent string of attacks on water utilities included systems in Kansas, Texas and Pennsylvania.

- - - Taking out critical national infrastructure has become a top priority for foreign-linked cybercriminals. "All drinking water and wastewater systems are at risk -- large and small, urban and rural," an EPA spokesman said. ...


#1 | Posted by LampLighter at 2024-10-08 12:58 PM

ALL American utilities are facing cyber attacks. Frankly every organization out there is facing them daily. I am focused on security constantly and I have dedicated security professionals in several organizations. I am telling half of you here nothing new...

Email is the worst. I know someone that left a big security software company recently. He was kind of high up in the organization and a long time employee. The official stats put compromise by email at about 90% of all compromises and their company does too, but he says the reality is more like 98%. And anyone trying to sell you on AI is the answer - well it simply isn't at this point. Any reputable email filtering company is leveraging it as part of their scanning. Some of the stuff that has made it through our email filtering just boggles my mind. The things people open double boggle my mind. Train them all you want they are still people. One we had in the last month - Subject - "Information on your upcoming special bonus", mailed from a .jp email address from outside our company? No words in the body? Just and Excel attachment? I better open that... And I can't even begin to tell you it came from NOBODY in our company and didn't pretend to.

Today's EDR (antivirus) software is good. Management of the software is the real issue. You can't count on the companies to manage them and 3rd parties are a true roll of the dice. Some of the biggest breaches happened under the nose of very reputable security organizations. Everyone heard of Crowdstrike because they screwed up in a massive way recently. I don't run them but IMHO theirs is the best on the market at the moment. I recently had a behind the scenes look at their platform. They are ahead of the rest, again IMHO. There are several worthy competitors SentinelOne, CarbonBlack, PaloAlto, TrendMicro being some of the best. But it all comes down to the existing MITRE ATT&CK matrix (road mapped method of compromising a computer) and detecting new unmapped methods AND effectively blocking them.

My physical sites are hit with what reach "scan" level events daily. They are probably hit another 10 to 20 times a day on ports that don't reach scan level events (3 ports or less in my settings). I actively block half the countries in the world at this point because we should not have incoming traffic from them. All that to say, the US is still open and there are a lot of compromised computers in the US being used for the same thing. Staying on top of Firewalls is a top priority.

I definitely employ a few layers of defense but we are a private company so we are a bit more nimble in being able to adjust to the threat landscape and have owners that understand how high of a priority it is.

#2 | Posted by GalaxiePete at 2024-10-09 11:16 AM

I get 2 or 3 emails a day asking for payment that look legit but aren't.

I learned long ago to:

A. Look at the sender's email address (often not the company's domain)
B. Never click a link in an email from a company we do business with (internet, Amazon, etc etc), going to their website instead.

#3 | Posted by AMERICANUNITY at 2024-10-10 01:04 AM

If your infrastructure isnt air gaped, you sort of get what you ask for.

There's no reason our infrastructure should be able accessed online.

#4 | Posted by boaz at 2024-10-10 09:18 AM

Drudge Retort Headlines

Musk Suddenly Realizes He Has No Clue How to Govern (30 comments)

Trump's Coming House Headaches (23 comments)

Lousiana Bars Health Dept. from Promoting Vaccines (14 comments)

Abbott Buys Billboards Threatening Migrants (13 comments)

German Christmas Market Attack (13 comments)

Musk Raises Alarms by Endorsing What's Known as 'German neo-Nazi party' (13 comments)

Clearance Thomas Received More Lavish Gifts from Harlan Crow (11 comments)

Matt Gaetz Report to Be Released on Monday (10 comments)

U.S. Sees Rise in Life Expectancy (10 comments)

Newspaper: Absent Sitting Congress Woman Found in Dementia Care Facility (8 comments)