Analysis Summary

The biggest publicly traded water and wastewater utility firm in the United States, American Water, was forced to shut down portions of its infrastructure on Thursday due to a cyberattack.

American Water stated in a filing with the U.S. Securities and Exchange Commission (SEC) that it had already engaged outside cybersecurity specialists to assist in containing and evaluating the incident's effects. Additionally, it notified law enforcement of the compromise, and it is currently coordinating its efforts in a cooperative and continuous investigation.

The filing reads, “The Company has taken and will continue to take steps to protect its systems and data, including disconnecting or deactivating certain of its systems.”

The attack also compelled American Water to halt billing services and close its MyWater online customer interface, the company claimed in a separate statement on its website. A company representative did clarify, though, that clients won't be assessed late fees during the unavailability of these systems. The company’s committed team of experts is looking into the circumstances and extent of the occurrence nonstop. At this time, the firm feels that this occurrence has not had any negative effects on any of its wastewater or water facilities or activities.

With more than 6,500 workers, American Water serves more than 14 million people in 14 states as well as 18 military facilities with water and wastewater services. This incident comes after another similar one that affected Arkansas City, Kansas's water treatment facility, forcing it to convert to manual operations following a cyberattack over the weekend.

These occurrences follow the Water Information Sharing and Analysis Center's (WaterISAC) TLP:AMBER bulletin warning of Russian-linked cyberattacks targeting the water sector. WaterISAC is a charity that assists in defending water utilities against cyber threats. Additionally, the U.S. Environmental Protection Agency (EPA) has released guidelines to help owners and operators of water and wastewater systems (WWSs) assess their cybersecurity procedures and determine countermeasures to lessen their vulnerability to attacks.

Impact

• Operational Disruption
• Reputational Damage

Remediation

• Ensure all operating systems and software are up to date with the latest security patches.
• Employ reliable antivirus and antimalware software to detect and block known threats.
• Regularly update these tools to maintain the latest threat intelligence.
• Implement IDPS to detect and prevent unusual network activity, system behavior, or similar threats.
• Enable two-factor authentication (2FA) on your accounts adds an extra layer of security and can help prevent unauthorized access even if your login credentials have been stolen.
• Regularly backing up your important data can help ensure that you don’t lose any critical information in the event of a malware infection or other data loss event.
• Be wary of emails, attachments, and links from unknown sources. Also, avoid downloading software from untrusted sources or clicking on suspicious ads or pop-ups.
• Use email filtering solutions to block malicious attachments and links that may deliver malware to users via phishing emails.
• Segment your network to limit lateral movement for attackers.
• Employ application whitelisting to only allow approved software to run on systems, reducing the risk of unauthorized applications being executed.
• Implement robust monitoring solutions to detect any unusual or suspicious activities, such as unauthorized access attempts or data exfiltration. Establish an effective incident response plan to respond to and mitigate any potential breaches quickly.
• Make sure all of your software, including your operating system and applications, is up-to-date with the latest security patches. This can help prevent vulnerabilities that info-stealers and other types of malware could exploit.