UK cybersecurity leaders speak out on UK water supply attack

South Staffordshire Water, a company supplying 330 million liters of drinking water to 1.6 consumers daily in the UK, has issued a statement confirming IT disruption from a cyberattack. 

The statement was released after a ransomware group known as Cl0p claimed to have hacked a different water company's networks. Using its darknet site as part of a bungled cyber-extortion effort, the group posted what appeared to be stolen identification documents. 

It is not clear how the criminals managed to misidentify the victim company. Alongside releasing files, the group criticised the company's security and suggested that other hackers could break into the network and cause significant damage.

Cyber magazine spoke to three cybersecurity leaders on the attack. 

Ilia Kolochenko, Founder of ImmuniWeb and a member of the Europol Data Protection Experts Network says: 

“Whilst Europe and other regions are suffering from the unprecedented wildfires and catastrophic drought, nefarious cybercriminals may purposely target critical national infrastructure (CNI) in sophisticated cyber-attacks. In the case of financially motivated attacks designed to obtain a ransom, wrongdoers have significantly more chances of getting paid, by cruelly exploiting people in extreme need. As such, perfidious attacks aimed to inflict operational damage upon the CNI infrastructure – most commonly launched by nation-state threat actors – will see their despicable efforts amplified by severe meteorological conditions. Therefore, CNI operators should prepare for a mounting number of cyber-attacks exacerbated by spiralling natural disasters. Worst, a few cybersecurity vendors with strong technical competencies in CNI defence and incident response are already overloaded with work. Governments need to urgently provide additional financial and other support to the sector to avoid a domino effect of collapsing infrastructure and subsequent social unrest.”

 Chris Deverill, UK director at Orange Cyberdefense says: 

“The cyberattack suffered by South Staffordshire Water drives home the fact that critical national infrastructure (CNI) remains a popular target for malicious actors. While all industry sectors are at threat, the situation for CNI operators is exacerbated given the devastating impacts downtime and delays in this sector can have. The succession of similar breaches amongst CNI operators such as Colonial Pipeline in the US, as well as Mabanaft and Oiltanking Deutschland in Europe, shows that this attack on South Staffordshire Water is just the latest in a series of breaches, rather than a one-off.

“In this case, ransomware group Cl0p claims to have accessed 5TB of the company’s data including passport scans and drivers’ licences. While some of this data has been published on the dark web, the criminal gang chose not to encrypt it, meaning that the company’s ability to supply safe water hasn’t been disrupted, even though it is experiencing ongoing disruption to its corporate IT systems.

“If Cl0p was not as lenient, or if South Staffordshire Water is targeted by a more malicious group in the future that does decide to encrypt its data and impact its ability to supply water, the effects of a cyberattack would be far more damaging. In this sector, failing to have a robust cybersecurity strategy could be fatal.

“With concerns about rising energy prices already adding strain to the utilities sector, thwarting cyber-attacks targeting key infrastructure has never been more critical and the severe consequences of failing to do so are profound. Organisations responsible for the security of our CNI need to ensure that a defence-in-depth approach to cybersecurity is in place that harnesses end-to-end security tools to address their specific challenges. This includes having processes in place to ensure operational resilience and maintain ‘business as usual’ in the face of an attack. Importantly, while defence-in-depth harnesses the power of security technology across all solution areas, it must also be supplemented by investment in both people and process to enable round-the-clock threat cyber-resilience.”

 Ed Macnair, CEO of British cybersecurity firm Censornet says: 

“Preventing sensitive data and intellectual property from leaking into the hands of cyber criminals is vital to ensuring the safe supply of water, particularly in a drought. Attackers are always looking for ways to cause maximum damage, disruption and of course, gain valuable personal information. And they’re increasingly bringing the fight into the public domain.

“Once again, we’re reminded why it’s important to stop ransomware before it’s had a chance to take hold. Those who pay are statistically more likely to be attacked again. Twenty percent of mid-market businesses end up paying a ransom to hackers and the average pay-out stands at £144,000.  Responding to ransomware comes down to limiting the reputational and financial damage of the breach, while carefully considering the ethical and legal implications of paying a demand. 

“As ransomware attacks continue to become more sophisticated, the ability to react with speed and accuracy is imperative. Organisations need to close any gaps in their security posture so cyber defences can work together at lightning speed to stop ransomware and deny cyber criminals any opportunity for extortion.”