American Water (which operates across many states in the US) issued a press release announcing it has shut down some of its billing system instances after finding signs of hackers within its network.
“In an effort to protect our customers’ data and to prevent any further harm to our environment, we disconnected or deactivated certain systems,” Ruben Rodriguez, a spokesperson for American Water, told TechCrunch in a statement. “There will be no late charges for customers while these systems are unavailable.”
There was another story last week issued by a security vendor stating its systems had fended off the largest Distributed Denial of Service (DDoS) attack seen to date across the world. The attack peaked at around 3.8 terabits per second of bogus volume targeting client data centers of this security firm. In some sense, these notices aren’t normally newsworthy because a) the nature of the beast is that DDoS volumes will increase over time due to normal Moore’s Law dynamics affecting compute speed and network bandwidth and b) this security firm is just touting its own wares. However, the timing amidst world events and a US election should give anyone pause.
The real question for American Water is what was the true target of the attack? Credit card information in its billing systems or its operations control / monitoring systems for drinking water supplies?
WTH