US officials find weak security practices at water plants breached by pro-Russia hackers
Source: CNN Politics
Published 10:15 AM EDT, Wed May 1, 2024
CNN Pro-Russia hackers have exploited shoddy security practices at multiple US water plants in recent cyberattacks that have hit a wider swathe of victims than was previously documented, according to an advisory by US federal agencies obtained by CNN.
Though the attacks have not impacted drinking water, the advisory lays bare the cybersecurity challenges facing the thousands of water systems across the US, many of which are often short of cash and personnel to deal with threats. The document helps explain the plea that US national security adviser Jake Sullivan made in March to water authorities to shore up their defenses.
US officials investigating the cyberattacks have found that the hacked facilities often had outdated equipment connected to the internet protected by weak passwords, making it relatively easy for hackers to breach the sensitive networks that handle water treatment and other industrial operations, the document says. The Cybersecurity and Infrastructure Security Agency, FBI and other agencies are set to release the advisory publicly later on Wednesday.
The advisory covers a string of recent cyberattacks claimed by Russian-speaking hackers some of which have been reported publicly that have alarmed US officials because of the hackers brazen willingness to infiltrate computers at US industrial plants using rudimentary attack techniques. US officials have in recent weeks been privately telling electric utilities, water facilities and other critical infrastructure firms to take industrial equipment off the internet before the hackers can exploit it, multiple people familiar with the efforts told CNN.
Read more: https://www.cnn.com/2024/05/01/politics/water-plants-hackers-weak-security-practices/index.html
Link to Cybersecurity & Infrastructure Security Agency (CISA)
ALERT -
CISA and Partners Release Fact Sheet on Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity
Link to CISA
FACT SHEET landing page -
https://www.cisa.gov/resources-tools/resources/defending-ot-operations-against-ongoing-pro-russia-hacktivist-activity
Link to CISA
FACT SHEET (PDF) -
https://www.cisa.gov/sites/default/files/2024-05/defending-ot-operations-against-ongoing-pro-russia-hacktivist-activity-508c.pdf