UK Water Suppliers Hacked But Hackers Extort Wrong Victim

By   ISBuzz Team
Writer , Information Security Buzz | Aug 17, 2022 04:15 am PST

Hackers attack UK water supplier but extort wrong victim. The Clop ransomware gang claimed to have breach Thames Water supplier by accessing their SCADA systems, which would give them the ability to cause harm to 15 mill customers. However, as Clop published evidence of stolen files, the spreadsheet presented featured South Staff Water and South Staffordshire email addresses. South Staffordshire Water, a company which supplies 330 million litres of drink water to 1.6 consumers daily, issued a statement confirming an IT disruption from a cyberattack.

Notify of
4 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
John Gunn
John Gunn , CEO
August 17, 2022 12:20 pm

There are literally tens of thousands of local and regional utilities providers across the US that have neither the budget nor expertise to implement adequate cybersecurity and they are sitting ducks for our foreign enemies that could easily disrupt the provision of services to millions of Americans.

Last edited 1 year ago by John Gunn
Chris Vaughan
Chris Vaughan , Technical Account Manager
August 17, 2022 12:20 pm

As the pressure on the utilities sector is rising, the cyber-attack on South Staffordshire Water highlights how cyber criminals are targeting the industry. This is a trend which, unfortunately, I expect to continue. It’s also a worrying reflection of the rapidly growing ransomware market, with major incidents now being reported regularly. These attacks are growing in sophistication – with criminal gangs becoming more targeted in their approach and increasing the huge sums of money that they are demanding. 

In this case, South Staffordshire Water was able to respond quickly to the incident due to the controls and robust systems in place. Yet the price of the ransom lingers over them to prevent the attackers from releasing how they hacked the company.

Protecting an organization from the impact of any attack – including ransomware – comes down to ensuring security defenses are up to date, appropriately configured and by making sure employee behavior is driven towards best practices. Focusing on these areas will help to minimize the impact of the many security issues which are caused by gaps in basic IT hygiene. These weak points can be identified and fixed before a problem occurs if organizations have the correct level of visibility and control into the IT environment, but many don’t. In the aftermath of an attack, it is important to immediately start the process of damage control, to mitigate the impact as much as possible and avoid future issues.

Last edited 1 year ago by Chris Vaughan
Rajiv Pimplaskar
August 17, 2022 12:19 pm

Utilities and other critical infrastructure industries that utilize ICS SCADA systems and IoT devices can have a number of vulnerabilities that present appealing soft targets for ransomware and other threat actors. A key strategy for avoidance is using stealth networking which obfuscates source to destination relationships as well as sensitive data flows. Such technology can assure full privacy and anonymity of all protected OT assets without adversely impacting their ability to communicate. This makes it virtually impossible for a threat actors to detect or target such systems even with exposed VNC and other vulnerabilities adding defense in depth to the infrastructure.

Last edited 1 year ago by Rajiv Pimplaskar
Dr. Darren Williams
Dr. Darren Williams , Founder and CEO
August 17, 2022 12:18 pm

With the rise of ransomware as a main attack method, criminals are running rampant to find any vulnerable systems they can take over. Whilst Clop did successfully breach South Staffordshire Water’s systems, they totally missed the mark here, claiming responsibility for a breach that didn’t happen (Thames Water being in South England, and Staffordshire being up North…) 

Nevertheless, whilst misidentification of their target is somewhat embarrassing, the very fact that a water board is their latest victim is really quite harrowing: severe drought conditions currently preside over the UK, with millions of households facing strict water usage restrictions. Clearly, attackers want to hit us where it hurts the most…

All organisations must remember how crucial it is to secure your environment and prevent data exfiltration at the endpoint, if we are to prevent cataclysmic scarcities in our critical infrastructure supply chain.

On a lighter note, we must remember that such attack vectors are not any more dangerous than the usual, just uniquely targeted.

Last edited 1 year ago by Dr. Darren Williams

Recent Posts

Would love your thoughts, please comment.x