The Download
The Washington Post reports that an attack against the city's water supply in Muleshoe, TX is believed to be perpetrated by Russian gang that is a front for the Russian intelligence agency GRU. Google's Mandiant tracks the Russian gang who calls themselves the Cyber Army of Russia Reborn (CARR) and believes them to be the group known as Sandworm, who have previously launched the destructive malware NotPetya, attacks on the Olympic Games in Seoul, Ukrainian power grids and French elections.
Citizens noticed water overflowing into the streets in Muleshoe, TX. Authorities determined the water utility's systems had been attacked and managed to stop the overflow. In two hours, tens of thousands of gallons of water had flowed into the streets.
The city manager said they believe the hackers brute forced the password for the control system's interface. This of course raises broader questions about why the control system's interface was accessible to the internet and why multi-factor authentication was not used.
What You Can Do
The lesson learned is critical infrastructure attacks are becoming more normalized and we will not be surprised when critical services go down due to cyber attacks. Clearly, the critical infrastructure providers need to do better on managing their attack surfaces such as not making critical systems accessible to the Internet and enforcing MFA. These same lessons apply to all firms.
To learn more: