Earlier this month, a Florida wastewater treatment plant’s computer system was compromised by an unknown threat actor. This hacker was able to remotely gain access via an employee’s login credentials and attempted to alter the chemical composition of the public water supply to dangerous levels. Thankfully, a plant operator was watching this all unfold and quickly reversed any changes made to the water supply before they went into effect.
How did we get here?
Experts believe the hacker gained remote access to the water treatment plant’s system by stealing employee login credentials. These credentials were then used to access software on the system known as TeamViewer. TeamViewer is a relatively common application for many industries making the switch to remote work. This app allows the user to access a computer system remotely and operate as if they were there operating the system manually. Normally, TeamViewer is used for a variety of tasks from troubleshooting common IT problems to making remote network changes. In this instance, the hacker gained access to Oldsmar, Florida’s water treatment center through TeamViewer and attempted to modify the levels of Sodium Hydroxide, or lye in the city’s water supply. The change in the water levels took the lye levels from 100 parts per million to 11,100 parts per million which would have contaminated the water to a drinking level that would have been poisonous. An operator at the water treatment facility noticed someone attempting to gain access remotely to the system earlier in the day and thought it suspicious. When the same activity occurred later that afternoon and the lye levels were raised, he quickly reverted the changes and notified his supervisors that a breach had occurred.
What does this mean?
While attacks like this are growing more and more common, businesses and government entities need to prioritize cybersecurity. The growing shift in remote work has created a litany of potentials threats for IT Teams to worry about. This shift has also led to the reliance in some third-party applications and tools that when paired with compromised employee credentials can be detrimental to an organization. Another issue that has arisen is that the digitalization of the utility industry and their push to make remote work more accessible has made them more susceptible to outside attacks. While larger facilities, such as those outside of major metropolitan areas already have more complex security measures, many of these smaller centers do not have the same level of security.
What is the Solution?
No matter how safe an organization thinks they are, emerging threat actors are continuously looking for new ways to exploit any vulnerability in systems, people, and processes. Companies and government organizations, if they have not done so already, need to move cybersecurity to the absolute forefront of their strategic planning in 2021. Additionally, local governments need to reassess how secure many of their utility facilities are and what is the likelihood of an outside breach. This reassessment coupled with round-the-clock monitoring, network segmentation, and routine assessments are a great step forward to help prevent these attacks in the future and mitigate the damage if they are successful.
Looking past this, a culture centered around basic cyber hygiene will go a long way towards preventing these attacks. Starting at the ground level, companies and government organizations should look to implement cybersecurity training when employees first get onboarded. Additionally, Netizen protects critical IT infrastructure for companies large and small. Companies are able to leverage our proven cyber expertise, advanced tools, and 24/7/365 Security Operations Center (SOC) monitoring at an affordable cost. We also offer a suite of tools, named Overwatch, that continuously scans networks, systems and applications to uncover and track risks and compliance issues.
Questions or Concerns? As always, feel free to reach out to us anytime at https://www.netizen.net/contact