Single reused password for remote access to all computers.TeamViewer Remote Access Application that was not being used.For the Oldsmar Water Treatment Facility there were a number of factors that led to the increased exposure: As was discussed in our previous blog on remote access , the increase in the use of remote access during the COVID-19 pandemic, the prevalence of legacy Windows systems in IACS applications, and the weak or often unconfigured security features in remote access application are all factors that increase the cybersecurity exposure.
The exposure of remote access becomes even more serious. If authorized users can legitimately establish access remotely, there exists a potential for threat agents to as well. A 2019 study found that 70% of all IACS now require some type of remote access 6. The need for cybersecurity protection of critical infrastructure has become more pronounced as the cybersecurity exposure continues to rise. In 2016, another attack led to the successful modification of chemical flows for the Kemuri Water Company (pseudonym used for the incident as the utility was not announced) by a group of politically motivated hackers with ties to Syria 5.Īlthough these incidents have demonstrated the susceptibility of water systems and other critical infrastructure to cybersecurity attacks, many Industrial Automation and Control System (IACS) still lack essential cybersecurity functions. With the most severe single incident leading to the pollution of the Maroochy river with 264,000 gallons of raw sewage and causing “significant harm” to the environment 4. First back in 2000 the Maroochy Shire wastewater treatment facility was compromised resulting in a total of 750,000 gallons of raw sewage being spilled 4. This is not the first time that a Water system has been infiltrated by attackers. Fortunately, the operator saw the mouse moving across the screen and was able to reset the sodium hydroxide to the proper level 3. This much higher concentration had the potential to cause illness to the public and lead to significant corrosion and piping damage 2. The attackers successfully gained access to the system were able to modify the concentration of water treatment chemicals and increased the amount of sodium hydroxide (lye) by a factor of 100 2.
Additionally, each computer used to monitor the system remotely had a single password. The TeamViewer was originally installed to allow for status checks and troubleshooting of alarms or other issues, but it had not been used in around six months 1. Hackers took advantage of the TeamViewer application that was still installed on the water facilities network to gain remote access 1. The Oldsmar Water Treatment Facility in Pinellas County Florida was compromised by hackers on February 5th.
0 kommentar(er)
