Southern Water not such a phisherman’s phriend, hauls itself offline to tackle email lure

British utility biz Southern Water was the victim of a phishing attack on Wednesday, resulting in a hurried shutdown of some of the company’s systems.

An industry insider told The Register that Southern Water’s networks, including the system responsible for Supervision, Control, and Data Acquisition (SCADA) were hit. The source, who asked to remain anonymous, added the cause was an employee inadvertently opening an attachment in an email purporting to be from the company’s CEO with a subject of “Coronavirus”.

Customers may have noted a slight wobble in services on 26 February as the company’s social media orifice noted that things had dropped offline due to “essential maintenance”.

A little later, things were back up and running. No harm done. Nothing to see here.

Behind the scenes, however, the tech team were a tad busier as a spokesperson confirmed in response to a question from The Register sent on 27 February:

The Register understands that Southern Water is actually rather chuffed with the way its teams handled the incident. It’s just a shame that it happened in the first place.

Phishing, as all Register readers are all too aware, is an attack where users are tricked into doing what the UK’s National Cyber Security Centre (NCSC) delicately calls “the wrong thing”.

In this case, the phishing was via email and the use of the CEO as the sender will have made it look genuine to the recipient. Stir in some COVID-19 hysteria and we can see how an ordinary user could be persuaded to open something they might regret that slithered past the usual filters.

Southern Water has outsourced chunks of its processes over the years. It renewed a managed service contract with outsourcing giant Capita back in 2018 for a cool £30m. The agreement saw Capita taking care of front and back-office duties for an initial five-year term with an option to extend for a further three years.

Perhaps fortunately for Southern Water, The Register understands Capita’s involvement with the utility is more to do with printing than external email. That said, Capita does have form with email snafus (as its Education Services tentacle will attest), so things might have turned out differently. ®

Sponsored: Detecting cyber attacks as a small to medium business

READ MORE HERE