Florida water treatment plant hack

The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.

A U.K. water supplier suffered a disruption in its corporate IT systems Monday as a result of a cyber-attack but claims that its water supply was not affected.

Meanwhile, the alleged attack perpetrator—the Clop ransomware group—claimed the attack was on another, larger water utility, which for its part indignantly called the claim a “cyber hoax.”

South Staffordshire PLC, the parent company of South Staffs Water and Cambridge Water, confirmed on Monday that it was the victim of a cyber-attack that did not affect its “ability to supply safe water” to all of its customers, it said in a statement Monday. The company provides water to about 1.6 million consumers daily.Infosec Insiders Newsletter

The lack of disruption in water supply was “in thanks to the robust systems and controls over water supply and quality we have in place at all times as well as the quick work of our teams to respond to this incident and implement the additional measures we have put in place on a precautionary basis,” the company said in its statement.

South Staffordshire’s IT teams were working to resolve the disruption to the corporate network on Monday, while customer service remained unaffected, the company said.

Victim Misidentified

The Clop ransomware gang took responsibility for an attack on a U.K. water supplier on its dark web site, but said the victim was Thames Water and not South Staffordshire, according to a report posted on Bleepingcomputer. Thames Water is the United Kingdom’s largest water supplier, serving 15 million customers in Greater London and other areas on the river that runs through the city.

Thames Water quickly took to its website to let all of its customers know that any media report claiming it suffered a cyber-attack was completely bogus. In its post, the Clop gang claimed it accessed the company’s SCADA systems.

“We are aware of reports in the media that Thames Water is facing a cyber attack,” the company said. “We want to reassure you that this is not the case and we are sorry if the reports have caused distress.”

Further inspection of stolen data dumped from the attack on the Clop site appears to confirm Thames Water’s assurance, as it includes a spreadsheet of usernames and passwords featuring South Staff Water and South Staffordshire email addresses, according to Bleepingcomputer.

The breached data, published online after ransom negotiations between Clop and its victim broke down, also includes passports, screenshots from water-treatment SCADA systems, driver’s licenses and more, the report said.

Water Supply Under Attack

The incident is among a series of attacks on critical infrastructure that will likely continue as threat actors increasingly focus their cybercriminal efforts against systems that people depend on, which also boosts their chances of successfully extorting victims, noted one security professional.

“In the case of financially motivated attacks designed to obtain a ransom, wrongdoers have significantly more chances of getting paid by cruelly exploiting people in extreme need,” observed Ilia Kolochenko, founder of ImmuniWeb and a member of the Europol Data Protection Experts Network, in an email to Threatpost.

The attack in the United Kingdom comes as Europe and other regions are suffering from unprecedented wildfires and catastrophic drought, which can unwittingly bolster the efforts of attacks on critical infrastructure, he said.

“Therefore, [critical infrastructure] operators should prepare for a mounting number of cyber-attacks exacerbated by spiralling natural disasters,” Kolochenko said.

The U.K. attack comes auspiciously on the heels of a dire warning issued by the Center on Cyber and Technology Innovation (CCTI) in June that was focused on water utilities in the United States but could be said of most facilities providing the critical resource.

The center claimed that the inherent lack of cybersecurity preparedness of U.S. water utilities makes them a prime target for attack, with CCTI Chair Samantha Ravich calling water the greatest vulnerability in U.S. national infrastructure.

Last year a glimpse of what could be possible in a successful attack on a water supply occurred when an attacker hacked a water treatment facility in Oldsmar, Fla., and raised the levels of sodium hydroxide, or lye, in the water. An operator quickly noticed the attack and corrected the lye levels in the water before any significant damage was done, but the attack could have been extremely dangerous had it not been thwarted quickly, officials said at the time.