A UK water supplier suffered a disruption in its corporate IT systems on Mon. because of a cyber-attack, but claims that its water supply was unaffected.
The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that had leaked the stolen data.
The alleged attack perpetrator—the Clop ransomware group—claimed the attack was on another, larger water utility, which called the claim a “cyber hoax.”
South Staffordshire PLC
South Staffordshire PLC, the parent company of South Staffs Water & Cambridge Water, confirmed yesterday that it was the victim of a cyber-attack that did not affect its “ability to supply safe water” to all of its customers, it outlined in a statement. The company provides water to about 1.6m consumers daily.
The lack of disruption in water supply was “in thanks to the robust systems & controls over water supply & quality we have in place at all times as well as the quick work of our teams to respond to this incident & implement the additional measures we have put in place on a precautionary basis,” the company stated in its statement.
South Staffordshire’s IT teams were working to resolve the disruption to the corporate network on Mon., while customer service remained unaffected, the company explained.
Victim Misidentified
The Clop ransomware gang took responsibility for an attack on ‘a UK water supplier’ on its dark web site, but Explained that the victim was Thames Water & not South Staffordshire, according to a report posted on Bleeping Computer. Thames Water is the UK’s largest water supplier, serving 15m customers in Greater London & other areas on the river.
Thames Water quickly took to its website to let all of its customers know that any media report claiming it suffered a cyber-attack was completely false. In its post, the Clop gang claimed it accessed the company’s SCADA systems.
Thames Water
“We are aware of reports in the media that Thames Water is facing a cyber-attack,” the company responded. “We want to reassure you that this is not the case & we are sorry if the reports have caused distress.”
Further inspection of stolen data dumped from the attack on the Clop site appears to confirm Thames Water’s assurance, as it includes a spreadsheet of usernames & passwords featuring South Staff Water & South Staffordshire email addresses, according to Bleeping Computer.
The breached data, published online after ransom negotiations between Clop & its victim broke down, also includes passports, screenshots from water-treatment SCADA systems, driver’s licenses etc., the report revealed.
Water Supply Under Attack
The incident is among a number of attacks on critical infrastructure that will likely continue as threat players increasingly focus their cyber-criminal efforts against systems that people depend on, which also increases their chances of successfully extorting victims, noted a security professional.
“In the case of financially motivated attacks designed to obtain a ransom, wrongdoers have significantly more chances of getting paid by cruelly exploiting people in extreme need,” observed Ilia Kolochenko, founder of ImmuniWeb & a member of the Europol Data Protection Experts Network,.
Catastrophic Drought
The attack in the UK comes as much of Europe & other regions are suffering from unprecedented wildfires & catastrophic drought, which can unwittingly help the efforts of attacks on critical infrastructure, he observed.
“Therefore, critical infrastructure operators should prepare for a mounting number of cyber-attacks exacerbated by spiralling natural disasters,” Kolochenko warned.
The UK attack comes quickly after a dire June warning issued by the US Center on Cyber & Technology Innovation (CCTI) that was focused on water utilities in the US, but could be said of most facilities providing the resource.
The centre claimed that the lack of cyber-security preparedness of US water utilities makes them a prime target for attack, with CCTI Chair Samantha Ravich calling water ‘the greatest vulnerability in US national infrastructure.’
Sodium Hydroxide
In 2021 an example of what could be possible in a successful attack on a water supply occurred, when an attacker hacked a water treatment facility in Oldsmar, Florida, & raised the levels of sodium hydroxide, or lye, in the water.
An operator quickly noticed the attack & corrected the lye levels in the water before any severe damage was done, but the attack could have been extremely dangerous had it not been defeated quickly, officials concluded at the time.
