|
Security Advisory
Who: CISA
What: Continued cybersecurity vigilance
When: Ongoing
|
|
Amid the ongoing war with Iran, the Cybersecurity & Infrastructure Security Agency (CISA) among other federal agencies, distributed an advisory urging several sectors, including water and wastewater systems, to continue to guard against potential malicious activity from Iranian government-sponsored and government-linked cyber threat actors.
- The targeted CVEs span over 80 different software and hardware products provided by more than 50 vendors. Nearly 30% of these CVEs are associated with Microsoft software, predominately involving outdated or End-of-Service (EOS) versions of Windows and Exchange Server.
According to CISA, commonly used tactics from these actors include:
- Credential Abuse and Access Exploitation: Use of brute force, password spraying, and credential stuffing against internet-accessible services to compromise accounts and gain access to internal networks. These tactics are exacerbated by weak or default passwords, unprotected remote access, and lack of multi-factor authentication (MFA).
- Industrial Control Systems (ICS)/Operational Technology (OT) Targeting: Scanning and exploitation of exposed ICS devices such as programmable logic controllers, and the misuse of legitimate tools to interact with OT remain consistent with tactics observed in prior intrusions and often target unprotected ICS and OT environments.
- Ransomware and Data Leak Operations: Possible collaboration with criminal organizations to deploy ransomware or exfiltrate sensitive information for leverage or tactical advantage. Actors may conduct follow-on information-leak campaigns, with some exaggerating the scale, meaning, or importance of stolen data.
- Distributed Denial-of-Service Campaigns: Targeted distributed denial-of-service campaigns against public-facing services and websites intended to degrade availability and create cascading impacts, particularly when traffic filtering and rate-limiting protections are absent or insufficient.
CISA encourages all potential targets, including water and wastewater systems, to take the following actions:
- Eliminate unnecessary remote access by disabling Remote Desktop Protocol and administrative remote access unless explicitly required and enforcing MFA for privileged accounts.
- Reduce non-essential services and limit attack surface by disabling unused ports, protocols, and services; removing default or unused accounts; and segmenting critical systems such as ICS/OT from general business networks.
- Improve detection and monitoring capabilities for faster identification of malicious activity. Enable logging and real-time monitoring, maintain up-to-date anti-malware tools, and deploy intrusion detection or prevention systems where feasible.
- Implement strong patch and vulnerability management practices. Prioritize remediation of known exploited vulnerabilities identified by CISA and leverage available alerting and cyber hygiene services.
- Maintain offline backups, test restoration procedures, and ensure manual control contingencies for ICS/OT environments to sustain operations during and after an incident.
- Establish clear incident response roles and ensure unusual activity is escalated quickly.
CISA has the following resources for mitigation guidance and additional information:
Additionally, AWWA’s cybersecurity resources offer guidance on best practices focusing on utility action to support implementation of controls that maximize near-term risk reduction to build cyber resilience.
AWWA’s cybersecurity guidance and assessment tool are aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 and associated standards. Water systems of all types are encouraged to enroll in CISA’s vulnerability scanning service to help identify weaknesses that an attacker may exploit due to devices being publicly accessible via the internet.
Questions can be directed to Kevin Morley, AWWA federal relations manager.
|
|
Get AWWA Insider news every other week when you become an AWWA Water Utility or Organizational member!
