back to article Southern Water not such a phisherman's phriend, hauls itself offline to tackle email lure

British utility biz Southern Water was the victim of a phishing attack on Wednesday, resulting in a hurried shutdown of some of the company's systems. An industry insider told The Register that Southern Water's networks, including the system responsible for Supervision, Control, and Data Acquisition (SCADA) were hit. The …

  1. macjules Silver badge

    CEO problems?

    Hope the new glass 4th floor windows are secure at Southern Water's HQ. Better move that Volvo as well ...

  2. a_yank_lurker Silver badge


    Unfortunately, phishing to be successful requires only 1 or 2 people to err. The problem often isn't awareness or incompetence but that people make mistakes and these mistakes sometimes have serious consequences. For example if you know who I routinely receive emails from (home or work) a carefully crafted email might fool me. Plus at work I will receive a 'random' email from a colleague I have not had any contact with before, another fruitful area for successful phishing, again a carefully crafted email might fool me.

    1. Anonymous Coward
      Anonymous Coward

      Re: Phishing

      For the past few years, we've had anti phishing campaigns at work that have taught the staff so well, they now question genuine emails (which actually results in better crafted emails from genuine addresses)

      I have to applaud Southern Water for having the right tools and processes in place to stop this dead in its tracks, although having a targetted attack does make things more tricky

    2. Mike 137 Silver badge

      Re: Phishing

      "Unfortunately, phishing to be successful requires only 1 or 2 people to err."

      Actually this kind of attack requires HTML email with unverified external links in to reach the desktop, wide open browser config and poor network segregation. The unfortunate "1 or 2" who supposedly "err" are the least well equipped to prevent it, and the people who supposedly can are not adequately securing the infrastructure.

      It's both unreasonable and hazardous to impose the entire responsibility for desktop security on office staff - that's what an organisation should have a security team for. It's not rocket science to block phishing or any other kind of attack triggered from the desktop, but the proper person to be responsible for it is not the user.

      1. Captain Scarlet Silver badge

        Re: Phishing

        Email link scanners are only useful if it detects something wrong, if its a spearphish to a specific company it might be crafted just for that company meaning the link scanner is useless.

      2. Anonymous Coward
        Anonymous Coward

        Re: Phishing

        In my org, our latest fail rate for phishing tests was 15%. That's 1 person in 6 opening a dodgy email, even though these tests are bleedingly obvious fakes, with all the signs of a scam (lousy grammar, external address pretending to be a company service, urgent tone...) in one email. Of course we have other defences in place in case someone opens the wrong attachment, but it's quite worrying that in spite of all the awareness and regular campaings, so many people still get so easily fooled. As always, your defence is only as good as your weakest link.

    3. DrXym Silver badge

      Re: Phishing

      Aside from scanning attachments, the most effective single countermeasure would be to turn on DMARC message authentication and work with major suppliers so they do too. It allows email servers to reject emails that claim to be from a domain when in fact they were sent from another. And also to verify a signature in the message header against a public key.

      It requires a bit of fiddling with DNS to make it happen but it would block most impersonation attempts.

      1. veti Silver badge

        Re: Phishing

        Then what do you do with emails from people - customers, for instance - who don't have this feature enabled?

        1. DrXym Silver badge

          Re: Phishing

          Virus / malware scanners, due diligence and risk assessment. Security is not just one thing but many layers of it and a company mentality that fosters it.

  3. SVV Silver badge

    I don't think they've really fixed the problem

    The big question here is how the hell can one user opening an email attachment on their PC cause mission critical control systems, that should be isolated in a completely different network zone, to be taken down?

    1. This post has been deleted by its author

    2. Dan 55 Silver badge

      Re: I don't think they've really fixed the problem

      Because people don't want to go to the isolated non-internet connected PC to see the pretty dashboard, they want to see that dashboard from their office PC.

    3. Anonymous Coward
      Anonymous Coward

      Re: I don't think they've really fixed the problem

      Because the mission critical control systems are old, with no investment and still rely on SMB v1?

  4. Pascal Monett Silver badge

    I note one thing

    The attack was contained, did not do any damage, and the company did not trot out the red flag that is "security is our top priority" - because they didn't need to.

    1. veti Silver badge

      Re: I note one thing

      Why do you think the company itself is bragging about it? They got this one right.

      Let's hope they haven't missed any others.

    2. Anonymous Coward
      Anonymous Coward

      Re: I note one thing

      Well thanks for pouring cold water on it

  5. John Brown (no body) Silver badge

    REdcar & Cleveland Council

    I'm surprised El Reg hasn't picked up on Redcar & Cleveland councils ransomeware attack. It's been all over the mainstream news for over a week now with much of their systems down. I thought we might have had an in depth report by now since it's a far more serious and impacting incident than this Southern Water one even if less pun inspiring.

    1. Anonymous Coward
      Anonymous Coward

      Re: REdcar & Cleveland Council

      Seems to have been quite a few stories hitting the mainstream press that the Reg has missed.

      1. Aristotles slow and dimwitted horse Silver badge

        Re: REdcar & Cleveland Council

        Yes, but let's be grateful that there is a space on the interweb where we can come to totally avoid "news" on Twat Island or I'm a D list celebutard, put me out of my misery with a blunt axe.

  6. Anonymous Coward
    Anonymous Coward

    Fix that leak.

    Is there a plumber in the house?

  7. 0laf Silver badge

    As always it gets harder.

    Genuine emails generated from Office 365 look more like phishing emails than many phishing emails.

    Then you have partner organisation who get compromised then you get phishin emails from people you know, on subjects you are expecting, mixed in with the general obfuscation caused by 365s spammy looking links.

    I'm sure thre is an app for that in E5

  8. adam payne Silver badge

    After all the years of anti phishing education and testing that education there are still people clicking on things.

    People make mistakes, people get distracted and there are those certain people who just like clicking on things.

  9. Anonymous Coward
    Anonymous Coward

    Free money and sex!

    Click here

  10. Steve Davies 3 Silver badge
    Thumb Down

    Another SCADA attack

    You might have thought that given the well documented history of attacks on SCADA that businesses would have air gapped them by now.

    But no... they haven't.

    We need to know why. Ofwat are you listening?

    Don't forget to update your pals in Ofcom and Ofgem.

    1. mikepren

      Re: Another SCADA attack

      Nisr imposes legal responsibility on the utilities, around their critical infrastructure. SCADA controlling the fresh water systems certainly fits that definition. I imagine ofwat is very closely examining this

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020