Hackers hit water supply company amid drought in the UK

17 Aug 2022

Image: © david/Stock.adobe.com

While South Staffordshire Water was hit, ransomware group Clop may have misidentified its victim as Thames Water in London.

As the UK struggles to cope with unprecedented drought conditions, cybercriminals conducted an attack on a water supplier in England this week.

However, the threat actors may have attempted to extort the wrong company.

South Staffordshire Water, a company that supplies around 1.6m people, confirmed on Monday (15 August) that its IT systems had been disrupted by a targeted cyberattack.

The utility company said in a statement that its supply of safe water had not been affected “thanks to the robust systems and controls over water supply and quality we have in place at all times”. This includes water it supplies to Cambridge Water and South Staffs Water.

According to BleepingComputer, the Clop ransomware gang claimed responsibility this week for an attack on a UK water supplier. However, the group said that Thames Water, a separate company supplying water in and around Greater London, was the victim.

Clop claimed it accessed supervisory control and data acquisition (SCADA) systems that it could manipulate to cause harm to 15m customers.

Thames Water responded by dismissing the claim and calling it a “cyber hoax”.

“We are aware of reports in the media that Thames Water is facing a cyberattack. We want to reassure you that this is not the case, and we are sorry if the reports have caused distress,” the UK’s largest water supplier wrote in a statement on its website.

The Clop cybercriminal group reportedly published a sample of stolen data such as passports, screenshots from water treatment SCADA systems, driver’s licences and other confidential details.

However, according to some of the leaked documents seen by BleepingComputer, it is likely that Clop misidentified its victim. One of the leaked documents sent to Thames Water was found to be explicitly addressed to South Staffordshire Water.

The cyberattack comes at a time when parts of the UK are facing severe drought conditions, with millions of households facing strict water usage restrictions.

“Whilst misidentification of their target is somewhat embarrassing, the very fact that a water board is their latest victim is really quite harrowing,” said Dr Darren Williams, CEO and founder of cybersecurity firm Blackfog.

“Clearly, attackers want to hit us where it hurts the most. All organisations must remember how crucial it is to secure your environment and prevent data exfiltration at the endpoint, if we are to prevent cataclysmic scarcities in our critical infrastructure supply chain.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain is a journalist with Silicon Republic