A hacker remotely accessed a water treatment plant in Florida and tried to poison the water supply, according to local police. The intrusion occurred at a water treatment plant in Oldsmar, Florida, which is home to about 15,000 people, according to Pinellas County Sheriff Bob Gualtieri. Last Friday, an operator at the facility noticed some suspicious activity: an unknown user had remotely gained access to a computer system that controls chemical processes at the plant. The mysterious culprit spent three to five minutes accessing various functions on the computer, including one that controls how much sodium hydroxide, also known as lye, is added to the water.
Experts Comments
In 2020 we saw a dramatic increase in Nation State actors attempting attacks on critical infrastructure like power and utility companies. The number of warnings, and specifically where they originate, insinuate that the level of activity has been elevated. Moreover, we are now witnessing these Nation State actors attempting to gain a foothold into utilities in order to build proactive attack capabilities - and they are trying to manipulate them with deadly consequences.
The change is partly
.....Read MoreThis event reinforces the increasing need to authenticate not only users but the devices and machine identities that are authorized to connect to an organization's network. If your only line of protection is user authentication, it will be compromised. It's not necessarily about who connects to the system, but what that user can access once they're inside. If the network could have authenticated the validity of the device connecting to the network, the connection would've failed because hackers
.....Read MoreThe incident at the Oldsmar, Florida water treatment plant is a reminder that our nation’s critical infrastructure is continually at risk; not only from nation-state attackers but also from malicious actors with unknown motives and goals. Our dependency on critical infrastructure – power grids, utilities, water supplies, communications, financial services, emergency services, etc. – on a daily basis emphasizes the need to ensure the systems are defended against any adversary. Proactive
.....Read MoreThe issue of hackers remotely gaining access to the network through TeamViewer highlights the increasingly complex nature of critical infrastructure. Making sure basic security controls are implemented can help mitigate the risk of CNI attacks. Organizations, particularly those in CNI must detect the first signs of a cyberattack immediately, not after the damage is done.
The thing we need to understand is that you don’t have to be a highly skilled attacker to be able to successfully breach a system like this. Although alarms would’ve been triggered before any dangerous water reached anyone’s taps, this plant was very lucky that the worker noticed his mouse moving and was able to address it quickly. Water plants are not known for their security resources, and between budget cuts and COVID keeping people working remotely, they’re even more vulnerable.
.....Read MoreThe news that a hacker infiltrated a water treatment facility in Florida and changed a configuration setting to increase the volume of a dangerous chemical (lye) has rightly been greeted with concern by the media and cybersecurity community. The cyber threat to critical infrastructure has been increasing steadily as hackers, whether nation-state actors, criminal enterprises, or lone individuals better understand how to exploit operational technology (OT) in addition to IT systems. While much of
.....Read MoreYesterday's hack of the Oldsmar, Florida water treatment plant again highlights the importance of maintaining critical infrastructure with a virtual air-gap (being off the network) from remote access. These systems should not be reachable by unauthorized attackers because of the sophistication of modern penetration tools and the complexity of these systems to make them completely free of vulnerabilities. Traditional firewalls and other remote access or VPN solutions are proving inadequate
.....Read MoreOne of the best ways to run a company network is to constantly think like a hacker. Connecting systems to the internet that have the potential to cause critical changes with relative ease is asking for trouble. Luckily, they had redundancies in place that would have made a fatal outcome unlikely.
However, whenever anything is connected to the internet there is a level of vulnerability, especially if remote tools such as Teamviewer are set up. Segregating networks for maximum security is
.....Read MoreSince last year, Mandiant Threat Intelligence has observed an increase in cyber incidents by novice hackers seeking to access and learn about remotely accessible industrial systems. Many of the victims appear to have been selected arbitrarily, such as small critical infrastructure asset owners and operators who serve small populations. Through remote interaction with these systems, actors have engaged in limited-impact operations but none of these cases has resulted in damage to people or
.....Read MoreThe attack against Oldsmar's water supply is precisely the kind of assault on critical national infrastructure (CNI) that cybersecurity experts have been fearing for years. It is frightening to think what might have happened if it was not for the vigilance of one of the plant's operators.
COVID-19 has already placed enormous strain on UK infrastructure. As the government and NHS wrestle with the pandemic, it's hard to imagine how the country could cope at this time if there was any major
.....Read MoreCritical infrastructure, such as water treatment plants, need to be treated as such. Normally, critical systems, such as this water treatment system, do not allow remote access. Risk is the impact if something bad happens times the likelihood of it happening. In this case, the impact (poisoning, possible death) to the population using the water from this facility is quite severe. The overall risk is normally manageable though because controls, such as disallowing remote access, are put in place
.....Read MoreTeamViewer is a common remote desktop protocol (RDP) solution in ICS and the water attack was most likely simple access with stolen credentials. Using the software means everything is visible to the user (hence, the operator saw the mouse move and settings changed). Who and why is still the question.
The cyberattack against the water supply in Oldsmar, Florida, last week should come as a wakeup call. Cybersecurity professionals have been talking about infrastructure vulnerabilities for years, detailing the potential for attacks like this, and this is a near perfect example of what we have been warning about. Though this attack was not successful, there is little doubt a skilled attacker could execute a similar infrastructure attack with more destructive results. Organizations tasked
.....Read MoreWith so much emphasis recently placed on hacks for the health care and financial services industry, an infrastructure hack such as this tends to hit much closer to home as it regards our physical safety.
As this is the case, it is critical to consistently review and monitor such critical administrative accounts that control such systems. Alarms and logs for critical infrastructure systems should be reviewed and attended to constantly, and if such a hack or changes in set tolerances were to
.....Read MoreWith the U.S. Secret Service and FBI involved in trying to determine the cyber culprits poisoning the Pinellas County, Florida water supply, this is another reminder that cyber threats against critical infrastructure networks are real. For nearly one year since the beginning of COVID-19 pandemic, threat actors have carried numerous acts of war against research companies, hospitals and other first responders. These attacks are brazen, shocking and downright maniacal. While this attack wasn’t
.....Read MoreA similar attack was reported by Verizon in 2016. Back then it was a water filtration plant in Syria, during the civil war.
The underlying security issue is one of SCADA vulnerabilities. Supervisory Control and Data Acquisition networks are relied upon to manage critical infrastructure across the globe but they are predominantly reliant upon older, legacy systems which were not designed to be integrated or connected to the internet. Pre-digital design was based on ‘air gapping’ the
.....Read MoreDot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Terry Olaes, Technical Director, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Organizations must move beyond detection and response and adopt more proactive and preventative security strategies for critical infrastructure...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/hacker-breached-florida-treatment-plant-to-poison-the-water-supply
Facebook Message
@Terry Olaes, Technical Director, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Organizations must move beyond detection and response and adopt more proactive and preventative security strategies for critical infrastructure...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/hacker-breached-florida-treatment-plant-to-poison-the-water-supply