In the second week of February 2021, the U.S. government revealed that unknown hackers had gained remote access to systems at a water plant in Florida City. The hackers attempted to raise the levels of certain chemicals to an extent where members of the public would run the risk of being poisoned.
The water supply targeted was in Oldsmar, Florida, and hack was noticed by a staff at the plant who quickly took action before damage could occur.
The Hacker took advantage of the TeamViewer used to remotely monitor systems and respond to the water treatment process. In addition, the computers which were running on Window 7 were accessed remotely with the same password, and they were unprotected by firewalls, thereby exposing them to hackers.
Comments by professionals on this breach
Daniel Kapellmann Zafra: Speaking, Daniel Kapellmann Zafra, the manager of analysis at Mandiant Threat Intelligence, said, “We have noticed an increase in cyber incidents by those looking to access and learn about remotely accessible industrial systems. The victims look to have been selected at random, and actions like manipulation of variables from physical processes were taken by the hackers. None of the attacks has led to any damages.”
Joe Slowik: Senior security researcher at Domain Tools, Joe Slowik, said “the attack was unsuccessful because the attackers didn’t implement a mechanism to hide their actions from the staff or a way to prevent changes from being made to the operating parameters.” According to Joe, the hackers only took advantage of mechanisms that are accessed remotely and not properly secured, but this raises the alarm for possible and more harmful attacks.
Ron Brash: Director of Cybersecurity insights at Verve Industrial, Ron Brash, said, “Negligence of cybersecurity on the part of the facility managers played a part, but luckily someone was there to prevent the disaster. There is a call for facilities to beef up security. Water and utility digitization presents problems more often.”
Grant Gerey: The chief Product officer at Claroty said, “Water and wastewater infrastructure is one of the most at-risk infrastructure sectors today, this is due to the depreciation of equipment and technology obsolescence, security vulnerabilities commonly occur.”
Karl Sigler: Senior security research manager at SpiderLabs Trustwave, Karl Sigler also states that systems used for critical networks should have limited internet access. He opines that onsite authentication and TeamViewer credentials should be changed frequently, and multi-factor authentication must be enabled.
Saryu Nayyar: CEO of Gurucul, Saryu Nayyar, said “this attack should be a wake-up call to what cybersecurity professionals have been pointing to for years as potential threats. A more skilled attacker could carry out a deadly hack, and those tasked with protecting and operating these facilities should take the most secure measures.”
