South Staffordshire Water Latest Target Of Criminal Cyber Attack

It has been reported that South Staffordshire Water “has been the target of a criminal cyber attack”, the company has confirmed. In a statement, it stressed it was “still supplying safe water to all of our Cambridge Water and South Staffs Water customers”.

The full story can be found here: https://news.sky.com/story/south-staffordshire-water-says-it-was-target-of-cyber-attack-as-criminals-bungle-extortion-attempt-12674039

Please see below for commentary from several cybersecurity experts!

Subscribe
Notify of
guest

14 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Steve Bradford
Steve Bradford , Senior Vice President
InfoSec Expert
August 17, 2022 12:08 pm

Critical national infrastructure is no exception for cyber criminals, as the latest ransomware attack on South Staffordshire Water shows. It’s particularly concerning at a time when the UK is facing water shortages as a result of the heatwave.

Now, governments and businesses alike face the threat of bigger, more sophisticated attacks from ransomware – ones where cyber criminals have worked methodically to develop software to steal vast quantities of data, and where they can take advantage of vulnerabilities that come with multiple user access points.

Ransomware has become so effective that many organisations have simply paid ransom, sometimes to the tune of thousands of pounds. Multiple security controls must be standard best practice for cyber security, to reduce the risk of ransomware along with other malicious malware threats.

Last edited 1 month ago by Steve Bradford
Jim.simpson
Jim.simpson , Director of Threat Intelligence
InfoSec Expert
August 17, 2022 12:07 pm

The timing of this attack undoubtedly capitalizes on the public’s very real concerns about the insecurity of water treatment facilities and the timing of its data leak during a drought in the UK is beneficial to negotiations. In this context, the misattribution of the data to Thames Water – rather than South Staffordshire – could be seen as a deliberate tactic to induce more fear, as Thames Water is the largest water and wastewater services company in the UK. The leak of data from the water company’s corporate IT systems is serious but the real concern here is Cl0P’s claim that it has compromised operational technology that could impact water supply. South Staffordshire has reassured the public that there is no disruption to operational technology but even if Cl0P’s claims are inflated it may still suit their aim to cause as much fear as possible.

Last edited 1 month ago by jim.simpson
Simon.chassar
Simon.chassar , CRO
InfoSec Expert
August 17, 2022 12:02 pm

Threat actors want to put decision makers in a morally impossible situation by targeting the availability of their operations so that they have no choice but to pay ransoms in order to get their services back up and running. Despite, contradicting statements between South Staffordshire Water and the Cl0p ransomware group, what is clear, is that cyber criminals are moving beyond operational availability to human risk with critical infrastructure attacks for maximum liability and monetary gain by trying to contaminate safe water supplies and put lives at risk.

Ransomware gangs know that poisoning water supplies could end in fatalities, and this is exactly the leverage they want for the highest possible ransom. We saw in February 2021 that Water treatment and Supply environments are Globally at risk, when a ransomware group tried to poison Florida’s citizens after remotely controlling the computer operating a facility’s water treatment system.

These groups are not interested in the consequences of their attack as long as their victim pays a ransom. Unfortunately, this tactic is working. In 2021, 80% of critical infrastructure organisations experienced a ransomware attack, and 62% paid the ransom.

Ransomware attacks like these are exponentially increasing, and as critical infrastructure organisations digitally transform and connect cyber-physical systems to their networks, they will only increase exposure areas. Cyber-physical systems such as operational technology (OT), Internet of Things (IoT) devices and Industrial IoT (IIoT), are not designed with cybersecurity in mind, meaning they can have a number of vulnerabilities for threat actors to exploit.

In order to close these security gaps, security teams must have full visibility across all the devices on their networks, including both IT and OT (operational technology) as well as any XIOT connected devices, start patching and segmenting or implementing security controls where urgent. It is fundamental that specialist OT Cyber tools are used on networks, so they are segmented with asset class network policies to restrict unnecessary connectivity from anomaly detection; ultimately limiting the movement of malware and mitigating the human risk impact of cyber attacks.

Last edited 1 month ago by simon.chassar
Barry.cashman
Barry.cashman , Regional Vice President UK&I
InfoSec Expert
August 17, 2022 11:57 am

Hackers are unscrupulous and this has been reaffirmed once more by the breach at UK-based utility supplier, South Staffordshire Water. Attacks to critical infrastructure at times of extreme pressure are becoming commonplace. It is no coincidence that at this time when water companies are already fighting the impact of extreme heat and resulting drought, that the attack has hit, as ransomware continues to be a cash cow for cybercriminals.
The nation’s critical infrastructure, such as healthcare, emergency services and utilities sector organisations, have become prime targets. These threats of disruption for such essential services force the public sector to rapidly decide whether to pay the ransom or not.

To avoid becoming the latest victim, utility IT security needs to span the whole complex IT estate including back-office and often multi cloud systems as well as specialist control and project management systems. IT teams need visibility across all of the technology infrastructure so that they can implement effective disaster recovery plans. By backing up data, scanning networks and deploying strong encryption, potential victims take back the power from hackers, leaving them unable to perform extreme levels of extortion. We’re seeing more organisations turn to autonomous AI data management solutions that help IT administrators to monitor, archive, back-up and protect data more rapidly so that any problems are rapidly identified and prevented from escalating. Although there’s no magic fix-all yet as hackers methods continue to evolve, AI and skilled IT administrators are essential to helping organisations stay on top of the relentless beat of cyber crime.

Last edited 1 month ago by barry.cashman
John Davis
John Davis , Director UK & Ireland
InfoSec Expert
August 17, 2022 11:53 am

The potential for cybercrime to be used as a tool in warfare is real. This attack on South Staffordshire Water is a reminder that no organisation is safe, and every citizen has a role to play in digital fortification, whether it’s protecting a country, a company or a consumer.

Awareness and vigilance are vital weapons in our response to these threats. Power comes through knowledge about how cyber attacks could happen, and flagging them to the UK’s national reporting centre for fraud and cyber crime. This is why cyber security training shouldn’t just be a tick-in-the-box exercise, but an ongoing journey of education for us all.

Last edited 1 month ago by John Davis
Information Security Buzz
14
0
Would love your thoughts, please comment.x
()
x