While some water and wastewater utilities are able to maintain strict separation between OT and IT networks and the internet, that is not the reality for all. Credential leaks, credential reuse across sites, services, and systems, along with the ability to discover internet accessible and insecure control systems through open source search engines such as Shodan and Censys provide threat actors with plenty of opportunity to gain remote access to OT systems. Applied Risk discovered several clear-text usernames and passwords of major vendors such as Siemens, Schneider Electric, Hirschmann and Emerson along with default passwords of multiple SCADA systems. Read more about the analysis and mitigations to curb this threat at Applied Risk.