Commentary on American Water Cyberattack from Semperis
October 2024 by Sean Deuby, Principal Technologist, Semperis
The commentary on the American Water cyber attack form Sean Deuby, Principal Technologist, Semperis:
Last week’s cyberattack on American Water Works is not surprising, given that water treatment and wastewater treatment operators were recently given guidance by the EPA on securing their facilities. Then in March, a memo sent by the Biden administration to U.S. governors warned them of the increase in cyberattacks on water and wastewater treatment plants. And just last week, the Wall Street Journal reported that many U.S. telcos are being targeted by Chinese nation-state back groups such as Salt Typhoon.
While we don’t yet know which threat actor targeted this important critical infrastructure utility company, American Water appears to have responded quickly and effectively to isolate the damage caused by the cyberattack – a commendable response executed under duress.
Today, there is no silver bullet that will solve the cybersecurity challenges facing public and private sector organisations. Today, the most commonly used identity system, Active Directory, is compromised in 90 percent of cyberattacks. Identity systems have become the new perimeter in cybersecurity. Attacks have increased at such a rapid pace that the Five Eyes Alliance of the US, Canada, Australia, the UK, and New Zealand recently issued a comprehensive report, specifically focused on Active Directory, providing guidance on defense against 17 common attacks against this identity system.
One common thread across all these campaigns is the use of identity for initial access, propagation, privilege escalation, and persistence. Organisations should prioritise protecting these mission-critical systems that are always targeted by threat actors, whether they’re nation state actors or cybercriminals. This includes around the clock threat hunting, increasing security audits, organising security awareness training for employees, and locking down Active Directory because it’s a hacker’s highway.