Hackers Keep Targeting the US Water Supply

/in


In light of all the Facebook news lately—although frankly, when isn’t there any—you may finally be thinking about jumping ship. If so, here’s how to delete your Facebook account. You’re welcome.

That’s not all that happened this week, though! Google shed some new light on the Iranian hacking group known as APT35, or Charming Kitten, and how they use Telegram bots to let them know when a phishing lure has a nibble. Speaking of Telegram, a new report shows just how poor a job the messaging service has done keeping extremism off the platform.

There was good news for Cloudflare this week, as a judge ruled that the internet infrastructure company isn’t liable when one of its customers infringe copyright designs on their websites. And there was bad news for humanity, as the governor of Missouri has threatened repeatedly to sue a journalist for responsibly disclosing a security flaw on a state website that he uncovered.

And there’s more! Each week we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories, and stay safe out there.

In February, someone tried to poison a Florida city’s water supply by hacking into its control system and dramatically increasing the amount of sodium hydroxide. In 2020, a former employee at a Kansas water facility accessed and tampered with its controls remotely.  And that’s before you even get to the four ransomware attacks that intelligence officials documented this week, in a joint warning about the ongoing threats that hackers pose to US water and wastewater facilities. The alert notes that water treatment plants tend to invest in physical infrastructure rather than IT resources, and tend to use outdated versions of software, both of which leave them susceptible to attack. Disgruntled insiders have ample access to wreck havoc, and ransomware attackers always like a target that can’t afford to stay offline for any significant period of time. While this isn’t necessarily surprising—we sounded the same warning back in April—the joint FBI/CISA/NSA/EPA memo gives new detail into how many confirmed attacks have taken place in recent months, and it offers some guidance for critical infrastructure…

Source…