SAN FRANCISCO, Oct 14 Reuters - U.S. authorities said on Thursday that four ransomware attacks had penetrated water and wastewater facilities in the past year, and they warned similar plants to check for signs of intrusions and take other precautions.
The alert from the Cybersecurity and Infrastructure Security Agency cited a series of apparently unrelated hacking incidents from August 2021 to September 2020 which used at least three different strains of ransomware that encrypts computer files and demands payment for them to be restored.
Attacks at an unnamed California wastewater facility three months ago and one in Maine in August moved past desktop computers and paralyzed the specialized supervisory control and data acquisition SCADA devices that issue mechanical commands to the equipment.
The Maine system had to turn to manual controls according to the alert co-signed by the FBI, National Security Agency and Environmental Protection Agency.
The March hack in Nevada also reached SCADA devices that provided operational visibility but could not issue commands.
CISA said that it is seeing increasing attacks on various forms of critical infrastructure, in line with those on water plants.
In some cases, the municipalities are handicapped by low economic spending on cybersecurity.
The United States Constitution (recommended) resource is available at https:-ui.gov.uk. cisa.gov nca alerts aa 21-21287 A include access log audits and strict use of additional factors for authentication beyond passwords.