The Security Service of Ukraine, or SBU, claims to have stopped a Russian cyber attack on a Ukrainian facility that provides chlorine for drinking water and sewage treatment. In its allegation, the SBU indicates the attack involved the VPNFilter malware (reported on by WaterISAC initially in late May – read more here) and was intended to disrupt operations. "Specialists of the cyber security service established minutes after [the incident] that the enterprise's process control system and system for detecting signs of emergencies had deliberately been infected by the VPNFilter computer virus originating from Russia. The continuation of the cyber attack could have led to a breakdown in technological processes and a possible accident," reported the SBU. It’s unclear how the attack could have caused operational impacts because the VPNFilter malware isn’t known to be capable of facilitating such a scenario, unless it allowed for an attacker to have direct access to the facility. But if true, Russia’s targeting of facility affiliated with the water and wastewater sector is a notable development and should serve to further justify employing measures to protect against the VPNFilter malware. DarkReading.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!