Cyberattacks: Water supply system in Texas overflowed

Small Texas towns suffered cyberattacks earlier this year, with a water supply system overflowing. An IT security firm is also seeing an increase in ransomware victims and groups year-over-year in the first quarter.

As AP reports, there were cyberattacks on three small, rural towns in Texas in January. In Muleshoe, a town of 5,000 people, cybercriminals caused a water supply system to overflow. It was shut down and manual control was taken over by government employees. The problem was quickly identified and resolved, according to a city administrator. "The city water disinfection system was not affected and the public water system or the public were not in danger," he added.

In Hale Center, a town of 2,000 people, there were 37,000 log-in attempts to a firewall in front of the systems within four days. The town had pulled the plug on the system and operated it manually. Again, there was no danger to the public and federal authorities were informed. Attacks on systems in Lockney, a town of 1500 inhabitants, could have been repelled before the water supply systems were accessed.

Cyberattacks by Russian online gangs

Mandiant was able to trace at least one of the attacks back to a Russian cyber gang calling itself CyberArmyofRussia_Reborn. In addition to water suppliers in the USA, they also attacked some in Poland. The criminal group is suspected of being linked to the Russian government and of having carried out attacks on Ukraine and its allies last year, including denial-of-service attacks.

Meanwhile, IT researchers at Guidepoint have investigated how the situation surrounding ransomware attacks has developed in the first quarter of this year. In their report, they conclude that the number of ransomware victims and active ransomware groups increased by around 20 percent and 55 percent respectively in the first quarter of the year. There has also been movement in the ecosystem: Law enforcement officials appear to have temporarily slowed down or postponed ransomware operations, for example in the strikes against AlphV and the largest cybergang to date, Lockbit.

IT security researchers have observed that smaller ransomware-as-a-service groups - namely Medusa, Cloack and Ransomhub - have attempted to recruit disaffected or now homeless allies of the large cybergangs. The sectors most affected by ransomware attacks were manufacturing and production, followed by retail and wholesale. In third place were healthcare organizations.

In the country ranking of organizations attacked, the USA is in first place by a clear margin (52.4 percent of all victims), with the United Kingdom in second place with 5.9 percent, followed by Canada (5.6 percent). Germany is in fourth place, with 3.4% of all victims coming from here. France, Italy, Australia, Spain, Sweden and the Netherlands follow.

At the end of March, the US government warned states of cyberattacks on the water supply. However, Iran and China in particular were suspected of being the source of the attacks. The governors should ensure that the water supply systems and the associated cybersecurity practices are put to the test. This should lead to significant weaknesses being found and rectified.

(dmk)