Veolia North America, a leading water utility company in the United States, and Southern Water in the United Kingdom have both become victims of ransomware attacks resulting in significant data breaches.
Veolia North America’s Ransomware Incident
Veolia, which describes itself as the world’s largest private player in the water sector, announced that its Municipal Water division experienced a ransomware attack last week. The company responded by shutting down the affected backend systems and servers, disrupting its online bill payment systems. Veolia confirmed that the incident was limited to internal back-end systems, and there was no evidence to suggest any impact on water or wastewater treatment operations.
Despite this, Veolia acknowledged that the personal information of a limited number of individuals might have been compromised. The company plans to notify the affected individuals.
Southern Water Targeted by Black Basta Group
In the UK, Southern Water, servicing millions in the South of England, confirmed suspicious activities on its systems. The confirmation came after the Black Basta ransomware group claimed responsibility for the attack on its leak website. The group alleges to have stolen 750 GB of files, including personal information and corporate documents, and is threatening to release this data if a ransom is not paid. Southern Water stated that while they are investigating the claims, there is currently no evidence of customer relationship or financial systems being impacted, and their services are operating normally.
Increasing Cyber Threats in the Water Sector
The water sector, especially in Western countries, has seen a rise in targeting by cybercriminals. Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ, commented on the situation: “Water and wastewater operations giant Veolia fell victim to a ransomware attack targeting the company’s North America Municipal Water division earlier this week. The water and wastewater sector (WWS) continues to be relentlessly targeted by threat actors."
He further emphasized the importance of adopting preventative cybersecurity measures: "The vulnerability of this sector was highlighted last week when the CISA, FBI, and EPA released guidelines on how the WWS can mitigate cyber threats. These guidelines highlighted the need for a preventative cybersecurity approach. One way to do this is by using existing, real-world threat actors' tactics, techniques, and procedures (TTPs) to test against an organization's security response.”
The Need for Enhanced Cybersecurity Measures
These incidents underline the critical need for enhanced cybersecurity measures in the water and wastewater sector. The guidelines issued by federal agencies like CISA, FBI, and EPA, as well as insights from cybersecurity experts, highlight the necessity for organizations to adopt robust, threat-informed incident response plans to safeguard against such cyber threats.
As ransomware attacks become more sophisticated and prevalent, water utilities are urged to bolster their cyber defenses and remain vigilant against potential vulnerabilities to ensure uninterrupted services and the protection of sensitive customer data.