US subsidiary of global water treatment firm probes November cyberattack after data encrypted

Dive Brief:

• Kurita America, the North American subsidiary of Tokyo-based Kurita Water Industries, said Monday it is investigating a cyberattack, which was detected by its security monitoring system in late November. 
• The Minnesota-based company said an unauthorized actor gained access to its servers and encrypted company data in the Nov. 29 attack. The company disconnected the compromised servers to prevent further spread of malware, but later restored the main servers. 
• Kurita Group is one of the world’s top providers of industrial water treatment equipment and services, with $2 billion in annual revenue. Information on Kurita America’s customers, business partners, business contact information, purchasing data and other proprietary information may have been accessed, the company said.  

Dive Insight:

U.S. authorities have repeatedly warned the water industry that state-linked hacktivist groups and financially-motivated threat groups have targeted the water industry. The malicious actors are targeting known security weaknesses and poor cyber hygiene, including reliance on default passwords, failing to implement multifactor authentication or exposing systems to the public internet. 

A November report by the Office of Inspector General at the Environmental Protection Agency found 300 water systems, serving 26 million people across the U.S., had vulnerabilities.

In October, American Water Works, the largest regulated water utility in the U.S., disclosed a hack that forced it to take its systems offline for about a week. An Arkansas, Kansas-based water utility was hacked in September. 

While Kurita America did not specify whether any ransomware is involved, encryption is a technique commonly used by ransomware groups to limit access to data. The company declined to comment on any specifics beyond the posted blog.

Kurita America is working with outside forensic experts and conducting a thorough review of its security protocols and technology systems. The company warned customers of emails requesting payments, reminding them to check to confirm the account numbers. 

The company urged customers if they get any of the suspicious emails to call the Kurita America accounting department using the phone numbers they already have, not the phone number provided in the email.