North Texas Municipal Water District was recently pwned in a ransomware attack, causing operational issues and exfiltrated customer files:
Officials at North Texas Municipal Water District have confirmed that the water, wastewater, and solid waste management services provider had its business computer network impacted by a cyberattack, according to The Record, a news site by cybersecurity firm Recorded Future.
While phone services have been disrupted by the attack, there has been no impact on customers, said NTMWD Director of Communications Alex Johnson, who added that an investigation looking into the extent of the incident is already underway.
Ransomware operation Daixin Team has taken credit for the attack, which it claims has resulted in the exfiltration of more than 33,000 files with customer details from NTMWD’s systems.
Well that sucks for North Texas Water. Tom Marsland, VP of Technology, Cloud Range had this comment:
The breach of the North Texas Municipal Water District only breached the business network and phone system, and core water, wastewater, and solid waste services were unaffected. Kudos to the teams for strong isolation and/or practices that prevented a breach of the OT network. Municipal water and utility companies are a growing target due to limited staff – there is still a schism between IT and OT operations personnel in most organizations that I’ve worked with.
The recent publication by CISA regarding the exploitation of Unitronics PLCs used in water and wastewater systems highlights basic principles that highlight the schism between OT operations personnel and cybersecurity departments. Use of default passwords, multi-factor authentication, keeping backups of running configurations, practicing recovery, and keeping things off the open internet that do not need to be there are basic tenets of cybersecurity – the fact CISA has to remind organizations of these highlights the need for experienced professionals working in OT cybersecurity. All of these are low-hanging fruit for any organization to cover.
We will continue to see more breaches of OT/ICS systems until these methods of protection are taken seriously. Devices should not be connected to the internet that could directly impact human life just for convenience. There needs to be wider, open-source security solutions provided to smaller organizations, both in ICS/OT and IT, to help with cybersecurity practices. Too often we’re seeing the smaller organizations be the weak link in the chain that is then enabling wider breaches.
Seeing as a municipal water provider was the target of this attack, it highlights the fact critical infrastructure needs to be protected from attacks like this. But clearly that isn’t happening, and that needs to change. Now.
Related
This entry was posted on December 1, 2023 at 9:39 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
North Texas Municipal Water District Pwned In A Ransomware Attack
North Texas Municipal Water District was recently pwned in a ransomware attack, causing operational issues and exfiltrated customer files:
Officials at North Texas Municipal Water District have confirmed that the water, wastewater, and solid waste management services provider had its business computer network impacted by a cyberattack, according to The Record, a news site by cybersecurity firm Recorded Future.
While phone services have been disrupted by the attack, there has been no impact on customers, said NTMWD Director of Communications Alex Johnson, who added that an investigation looking into the extent of the incident is already underway.
Ransomware operation Daixin Team has taken credit for the attack, which it claims has resulted in the exfiltration of more than 33,000 files with customer details from NTMWD’s systems.
Well that sucks for North Texas Water. Tom Marsland, VP of Technology, Cloud Range had this comment:
The breach of the North Texas Municipal Water District only breached the business network and phone system, and core water, wastewater, and solid waste services were unaffected. Kudos to the teams for strong isolation and/or practices that prevented a breach of the OT network. Municipal water and utility companies are a growing target due to limited staff – there is still a schism between IT and OT operations personnel in most organizations that I’ve worked with.
The recent publication by CISA regarding the exploitation of Unitronics PLCs used in water and wastewater systems highlights basic principles that highlight the schism between OT operations personnel and cybersecurity departments. Use of default passwords, multi-factor authentication, keeping backups of running configurations, practicing recovery, and keeping things off the open internet that do not need to be there are basic tenets of cybersecurity – the fact CISA has to remind organizations of these highlights the need for experienced professionals working in OT cybersecurity. All of these are low-hanging fruit for any organization to cover.
We will continue to see more breaches of OT/ICS systems until these methods of protection are taken seriously. Devices should not be connected to the internet that could directly impact human life just for convenience. There needs to be wider, open-source security solutions provided to smaller organizations, both in ICS/OT and IT, to help with cybersecurity practices. Too often we’re seeing the smaller organizations be the weak link in the chain that is then enabling wider breaches.
Seeing as a municipal water provider was the target of this attack, it highlights the fact critical infrastructure needs to be protected from attacks like this. But clearly that isn’t happening, and that needs to change. Now.
Share this:
Like this:
Related
This entry was posted on December 1, 2023 at 9:39 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.