Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Water facility attack. Show all posts

UK Water Provider Targeted by Clop Group Ransomware

The UK water supplier, South Staffordshire Water fell prey to a CLOP Ransomware attack. Following the attack, the company released a statement mentioning that the exploit had no effect on the systems that distribute water safely. 

South Staffordshire Water plc, also known as South Staffs Water, is a UK water supply firm that supplies water to a small portion of the West Midlands, Staffordshire, and other nearby counties in England.

Over 1,500 square kilometers in the West Midlands, South Staffordshire, South Derbyshire, North Warwickshire, and North Worcestershire, South Staffordshire provides drinking water to about 1.3 million individuals and 35,000 commercial clients.

The company was able to offer Cambridge Water and South Staffs Water customers safe water because of the security measures in place. Additionally, South Staffordshire Water reassures its clients that all service teams are working normally, negating any possibility of prolonged disruptions as a result of the incident.

Alongside carefully collaborating with the relevant governmental and regulatory agencies, the company is looking into the issue. The supplier's identity was published to the Clop ransomware gang's Tor leak site along with a claim of responsibility for the attack.

The wrong firm extorted by hackers

The Clop ransomware gang's Tor leak site through a release on their onion website today stated that Thames Water was their target. They claimed to have gained access to SCADA systems that they could control to affect 15 million users.

The hackers contend that they acted appropriately by not encrypting their data and only stealing 5TB from the hacked systems. Further claims have it that they warned Thames Water of its network security flaws. However, after allegedly failing to reach an agreement on the ransom payment, the actors released the first sample of stolen information, which included passport images, screenshots from SCADA systems used for water treatment, driver's license images, etc.

In a statement released today, Thames Water formally refuted these assertions, further asserting that any accusations of Clop breaching its network were "cyber-hoaxes" and that its services were already at capacity. One significant aspect of the lawsuit is that, among the public material, Clop offers a table of usernames and passwords that includes the email addresses of South Staffordshire and South Staff Water.

This incident occurs as eight locations in the UK are enforcing water rationing rules and hosepipe bans because of extreme drought. Due to the extreme pressure that could be placed on water suppliers to pay the demanded ransom, cybercriminals don't choose their victims at random.

However, for this to happen, Clop must target its threats on the appropriate party. However, given the amount of attention the situation has received, it's likely too late for that at this point.

Cyber Attacks Are A Threat To The Energy Sector

 

According to a senior industry source, concern over cyber-attacks on power plants and electricity grids is "off the scale" in the UK energy sector. It just takes one component to fail for the entire chain to be disrupted, resulting in a cascade effect that affects our daily life. 

As winter approaches, the supply chain that serves the UK's crucial demand for gas and power is experiencing a broad energy crisis. The global gas crisis, the UK's electricity system, has already forced numerous elderly nuclear power facilities to take unplanned maintenance outages, while persistent energy shortages are expected to force further industry shutdowns. 

"The United Kingdom stands out in terms of cyber threats. Our energy system's cyber threats are over the charts," Steve Holliday stated. The UK parliament is reeling from a "sustained and aggressive" cyber-attack that has rendered MPs' email inaccessible.

So, why is the energy sector a target for cyber-attacks and why is it vulnerable? 

Any effect on the energy sector can have far-reaching consequences for entire towns and even countries. An attack on a power plant or a pipeline can result in widespread blackouts, disrupting transportation, heating, and other important economic functions. According to Mohammed AlMohtadi, the chief information security officer at Abu Dhabi's Injazat, the risk in the energy business derives from the usage of old industrial control systems that haven't been modernized in years and aren't properly linked across systems. 

So, how can big energy and utility businesses fall victim to cyber-attacks? 

Typically, ransomware attacks are used to steal commercial secrets, confidential data, and intellectual property. "The energy sector is classified as vital infrastructure. The nation's financial and physical infrastructure might be crippled if it is infiltrated," warned Avinash Advani, founder, and CEO of CyberKnight, a Dubai-based cybersecurity firm. Potential targets include oil and gas infrastructure, nuclear power plants, electricity grids, water corporations, and utility companies that provide power, water, and sewage treatment to the population. 

The Covid-19 epidemic has revealed the dark side of the energy sector. As more people work from home to stop the spread of the coronavirus, they unknowingly expose a company to cyber-attacks. The energy business should not underestimate groups who target facilities, given the devastating consequences of cyber attacks, they should focus on reinforcing their cybersecurity technology to guarantee that their firewall is safe and that any outdated, archaic computer systems and software they are employing are adequately protected.

Man Indicted In Kansas Water Facility Breach

 

Today the US Department of Justice charged a Kansas man for breaching a public water system and trying to shut down the water functioning process with the intention of damaging the local community. 

The official statement has been posted on Wednesday by the Department of Justice (DOJ); The 22-year-old man named Wyatt A. Travnichek, accused of hacking into the computer system of the local water utility is a native of Ellsworth County, Kan. He was well aware of the public damage that could be caused by getting access to the Ellsworth County Rural Water District's (also known as Post Rock Rural Water District) computer system with illegal means. He tried to sabotage the water running system, according to the sources. 

The episode first appeared on 27 March 2019, when Post Rock experienced an uncertified remote trespass the facility system and successfully shut down the whole functioning operations. 
Lance Ehrig, Special Agent in Charge of EPA’s Criminal Investigation Division in Kansas said that “By illegally tampering with a public drinking water system, the defendant threatened the safety and health of an entire community…”

“…EPA and its law enforcement partners are committed to upholding the laws designed to protect our drinking water systems from harm or threat of harm. Today’s indictment sends a clear message that individuals who intentionally violate these laws will be vigorously prosecuted.” 

Nevertheless, the court’s documents had not mentioned whether Travnichek’s operation was successful or not. Additionally, the court did not explain how the operation was detected. In this regard, the officials stated that Travnichek was an employee of the Post Rock Rural Water District from January 2018 to January 2019 until he resigned from the facility in January 2019. 

Post Rock provides water facilities around eight Kansas counties. Part of Travnichek's job was to log in to the Post Rock computer system to monitor the plant after hours, but he ended up exploiting the system by illicitly accessing it. 

"He logged in remotely to Post Rock Rural Water District's computer system and performed activities that shut down processes at the facility which affect the facility's cleaning and disinfecting procedures with the intention of harming the Ellsworth County Rural Water District No. 1," the document further reads.