In going after America’s water, hackers aren’t doing anything special. Despite rising fears of AI use in cyber threats, the go-to criminal way into systems remains preying on human foibles, be it via phishing, social engineering, or a system still running on a default password — “old school” cyberattacks, according to Ryan Witt, vice president of cybersecurity firm Proofpoint.
The rising cybercrime wave targeting key infrastructure led the Environmental Protection Agency to issue an enforcement alert warning that 70% of water systems it inspected do not fully comply with requirements in the Safe Drinking Water Act. Without quantifying an exact number, the EPA said some have “alarming cybersecurity vulnerabilities” — default passwords that have not been updated, vulnerable single login setups and former employees who retained systems access. (Ed note: also be aware of the wastewater management systems and the electrical grid) (Read More)
