Cyber attack on UK water utility has serious implications: Claroty

This week, UK water company South Staffs Water announced it was hit by a cyber attack. A ransomware group claimed it was possible to tamper with water supplies in an online post, but this was disputed by South Staffs Water, which claims that its IT systems were disrupted. According to South Staffordshire PLC, the parent company of South Staffs Water and Cambridge Water, its ability to supply water was not affected.

Ransomware attacks involve criminals breaking into a network and stealing or blocking access to important files until a ransom payment is made.

Cybersecurity firm Claroty has weighed in, explaining why key infrastructure around the world is vulnerable to attack and threats by cybercriminals, what their mindset is and what can be done to close these security gaps.

“Threat actors want to put decision-makers in a morally impossible situation by targeting the availability of their operations so that they have no choice but to pay ransoms in order to get their services back up and running,” said Simon Chassar, CSO at Claroty. “Despite contradicting statements between South Staffordshire Water and the Cl0p ransomware group, what is clear is that cybercriminals are moving beyond operational availability to human risk with critical infrastructure attacks for maximum liability and monetary gain by trying to contaminate safe water supplies and put lives at risk.

“Ransomware gangs know that poisoning water supplies could end in fatalities, and this is exactly the leverage they want for the highest possible ransom. We saw in February 2021 that water treatment and supply environments are globally at risk, when a ransomware group tried to poison Florida’s citizens after remotely controlling the computer operating a facility’s water treatment system.

“These groups are not interested in the consequences of their attack as long as their victim pays a ransom. Unfortunately, this tactic is working. In 2021, 80% of critical infrastructure organisations experienced a ransomware attack, and 62% paid the ransom.”

Ransomware attacks are exponentially increasing, and as critical infrastructure organisations digitally transform and connect cyber-physical systems to their networks, they will only increase exposure areas. Cyber-physical systems, such as operational technology (OT), IoT and IIoT devices, are often not designed with cybersecurity in mind, meaning they can have a number of vulnerabilities for threat actors to exploit.

“In order to close these security gaps, security teams must have full visibility across all the devices on their networks, including both IT and OT as well as any XIoT connected devices,” Chassar said. “They also need to start patching and segmenting or implementing security controls where urgent.

“It is fundamental that specialist OT cyber tools are used on networks so they are segmented with asset class network policies to restrict unnecessary connectivity detected by anomaly detection — ultimately limiting the movement of malware and mitigating the human risk impact of cyber attacks.”

Image: ©stock.adobe.com/au/tuastockphoto