Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security United States

US Govt Reveals Three More Ransomware Attacks on Water Treatment Plants This Year (therecord.media) 10

Ransomware gangs have silently hit three US water and wastewater treatment facilities this year, in 2021, the US government said in a joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA. From a report: The attacks -- which had been previously unreported -- took place in March, July, and August and hit facilities in Nevada, Maine, and California, respectively. The attacks led to the threat actors encrypting files, and in one case, even corrupting a computer used to control the SCADA industrial equipment deployed inside the treatment plant. The three new incidents were listed as examples of what could happen when water treatment facilities ignore and fail to secure their computer networks.
This discussion has been archived. No new comments can be posted.

US Govt Reveals Three More Ransomware Attacks on Water Treatment Plants This Year

Comments Filter:
  • by Ostracus ( 1354233 ) on Friday October 15, 2021 @10:35AM (#61895031) Journal

    The three new incidents were listed as examples of what could happen when water treatment facilities ignore and fail to secure their computer networks.

    And here we thought it was examples of "WTF are you doing on the internet"?

    • Most of these probably boil down to the boss wants remote access because he’s too lazy to come in and doesn’t want any complicated passwords. Yeah I don’t care just make it happen.

    • Not only that, but what are they doing running Windows on those computers? The EULA always says not to do that.

      • Not only that, but what are they doing running Windows on those computers? The EULA always says not to do that.

        1. [citation needed]. If this was really an EULA violation, MS could probably sue them for it, since it's public knowledge that this is the case.

        2. What would be particularly nice is if the state and federal governments started mandating that infrastructure-specific software be available for both Windows and Linux, with the same levels of support, in order to qualify for a bid. It's a pretty safe bet that a lot of this software only runs on Windows, so mandating a Linux version makes a migration far more pa

        • by sjames ( 1099 )

          Many software licenses forbid use in critical infrastructure or where it might jeopardize human life. Those terms exist more for limiting liability than to actually be enforced.

  • Seems to me it would be appropriate to start issuing fines or other sanctions against these organizations who have not taken appropriate steps to secure these critical infrastructure systems. Any such punishment should also prohibit the passing of the impact on to the using public. At a minimum, loss of employment should be considered starting with management at the top and proceeding to the lowest level directly involved.
  • They silently hit three places because the government failed to report them.

Put your Nose to the Grindstone! -- Amalgamated Plastic Surgeons and Toolmakers, Ltd.

Working...