Moody’s, the renowned credit agency, has sounded a public alarm regarding the growing cybersecurity menace facing critical water infrastructure in the United Kingdom. In a recent report to investors, Moody’s underscores the heightened risk confronting water companies, highlighting a surge in cyber threats specifically targeting drinking water facilities. Despite the urgent need for enhanced cybersecurity measures, water suppliers find themselves in a regulatory limbo awaiting approval to bolster their defenses.
Current Landscape:
The report sheds light on a disturbing trend wherein hackers are increasingly targeting crucial infrastructure, including water and waste treatment facilities. Moody’s expresses concern about the potential acceleration of this perilous pattern with the incorporation of artificial intelligence (AI) by cybercriminals. Notably, the agency cites the January 2024 breach of Southern Water, a major supplier serving over 4.5 million customers in southern England, by the Black Basta ransomware group. The hackers claimed successful access to systems and posted a limited amount of data on the dark web, having previously targeted the outsourcing firm “Capita.”
Incidents and Vulnerabilities:
Another notable incident highlighted in the report involves South Staffordshire Water, which publicly apologized after hackers compromised customer Personally Identifiable Information (PII) by gaining unauthorized access to their systems. Moody’s points out that the increasing use of data-logging equipment for monitoring water consumption, along with the adoption of digital smart meters, has exposed companies to greater vulnerability. While water treatment facilities’ systems are typically separated from general IT infrastructure, some integration has occurred to enhance operational efficiency.
Ransomware Operator: Black Basta:
The report details the Black Basta ransomware group, also known as “BlackBasta,” as a prominent Ransomware-as-a-Service (RaaS) criminal enterprise that emerged in early 2022. Operating globally, BlackBasta targets organizations and critical infrastructure in the US, Canada, Japan, the UK, Australia, and New Zealand. The group employs double extortion tactics, encrypting critical data and servers while threatening to publish the information on its public leak site. Moody’s highlights the origin of BlackBasta’s core membership, believed to have emerged from the defunct “Conti” threat actor group, drawing parallels in their malware development approaches. Additionally, BlackBasta has been linked to the FIN7 (Carbanak) threat actor due to similarities in their Endpoint Detection/Response (EDR) evasion modules.
Urgent Regulatory Action Needed:
Moody’s concludes its report by emphasizing the urgent need for regulatory approval to strengthen cybersecurity defenses. The evolving threat landscape and the critical role of water infrastructure in the UK underscores the necessity for proactive measures to safeguard against cyber threats. As water suppliers navigate the regulatory approval process, the cybersecurity landscape continues to evolve, demanding swift action to protect vital national resources.
