Dive Brief:
- Following months of attacks against water and wastewater treatment systems, researchers are warning about a much wider risk of malicious activity due to internet-exposed devices at industrial sites across the U.S.
- State-linked and politically motivated threat groups have escalated attacks against drinking water and wastewater treatment sites in the U.S. since late 2023, mainly by targeting poorly secured devices that relied on outdated software or default passwords.
- “The attacks conducted by OT-focused actors were not limited to public sector facilities, but also affected private companies in various countries,” Microsoft Threat Intelligence researchers said in a report released on Thursday.
Dive Insight:
The risk goes well beyond the water industry, Microsoft researchers warn, as a range of industries use similar devices, from power plants to heating, ventilation and air conditioning systems.
The devices interact with a variety of critical functions in OT systems, including temperature control and speed. Some of the earliest of these attacks were led by threat groups affiliated with the Islamic Revolutionary Guard Corp. of Iran. These groups targeted Israeli-made Unitronics programmable logic controllers, which are also widely used in U.S. facilities.
Industrial providers often are using infrastructure that can be anywhere from 10 to 30 years old, which often lack the most basic protections. They are simply not equipped or upgraded enough to manage sophisticated, modern threats.
“Organizations try to minimize these risks with segmentation, various technologies, and tactics,” said Chris Grove, director, cybersecurity strategy at Nozomi Networks. “As a result, they need more people and budget to monitor, react, and implement necessary mitigation measures, which takes time and long planning cycles.”
The FBI and Cybersecurity and Infrastructure Security Agency joined foreign partner agencies in May warning about pro-Russia threat groups targeting water and other critical infrastructure by manipulating human machine interfaces.
In late May, Rockwell Automation released an advisory urging customers to disconnect devices from the internet. The advisory cited heightened geopolitical tension, but did not address whether there were any specific threats or attacks linked to the advisory.