The Cybersecurity & Infrastructure Security Agency recently released the attached summary outlining findings from its Cyber Hygiene (CyHy) vulnerability scanning and cybersecurity assessments services. Identified trends are based on information collected from 44 water and wastewater services (WWS) entities in fiscal year 2021.
The agency found that:
• 34.7% of scanned WWS sector entities used a potentially exposed risky service, such as remote desktop protocol, on internet-accessible hosts, which can provide initial access and communication channels for command and control, and data exfiltration.• 16.3% of the scanned WWS sector entities ran unsupported Windows operating systems on at least one internet-accessible host by the end
