The CISA, the Federal Bureau of Investigation (FBI), and the Department of the Health and Human Services (HHS) released a joint Cybersecurity Advisory with technical details associated with Hive ransomware variants identified through FBI investigations as recently as November 2022.
From June 2021 through at least November 2022, threat actors have used Hive ransomware, which follows the Ransomware-as-a-Service (RaaS) model, to target a wide range of businesses and critical infrastructure sectors. The method of initial intrusion depends upon the Hive RaaS affiliate that targets the network, using compromised credentials in Remote Desktop Protocol, virtual private networks, and other remote network connection protocols in which multifactor authentication is not enabled.
The EPA recommends that all drinking water and wastewater utilities take the following mitigation actions:
Prioritize remediating known exploited vulnerabilities.
Enable and enforce multifactor authentication with strong passwords.
Close unused ports and remove any application not deemed necessary for day-to-day operations.
Follow the steps outlined in the joint Cybersecurity Advisory to protect your organization from a potential Hive ransomware attack.
Additionally, if you suspect that your organization is the victim of a ransomware attack please report it to CISA and/or the FBI.
Although the Office of Water recognizes that there is no direct mention of this threat specifically applying to the Water & Wastewater Sector, we are confident that this information would enhance cyber resilience.
If you have questions regarding any of the information contained in this email, please contact Brandon Carter, Water Infrastructure and Cyber Resilience Division, USEPA.