Hackers Fail To Contaminate Florida Water

Uploaded on 2021-02-19 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Production-Utilities

Hackers broke into the computer system of a facility that treats water for about 15,000 people near Tampa, Florida and sought to add a dangerous level of additive to the water supply, the Pinellas County Sheriff saysThe criminals infiltrated a treatment plant and boosted Sodium Hydroxide to dangerous levels. The attack occurred 20 miles from the site of the Super Bowl, two days before the game was to be played.

The initial attempt was thwarted. The hackers remotely gained access to a software program, named TeamViewer, on the computer of an employee at the facility for the town of Oldsmar to gain control of other systems. The affected water treatment facility is a public utility owned by the town of Oldsmar (15,000 inhabitants) which has its own internal IT team. 

The incident took place over the course of the day, with hackers first infiltrating the Oldsmar water treatment plant. The hackers then increased the amount of sodium hydroxide being distributed into the water supply. The chemical is typically used in small amounts to control the acidity of water, but at higher levels is dangerous to consume. 

TeamViewer is a widely used software application that allows easy access to machines remotely from anywhere, and is often used for remote IT troubleshooting  and technical assistance. “The guy was sitting there monitoring the computer as he’s supposed to and all of a sudden he sees a window pop up that the computer has been accessed... The next thing you know someone is dragging the mouse and clicking around and opening programs and manipulating the system.” said the Sheriff. Team Viewer  has been installed on 2.5 billion devices worldwide, enables remote technical support among other applications.

The plant employee alerted his employer, who called the Sheriff and the water treatment facility was able to quickly reverse the command, leading to minimal impact.

The leading cybersecurity firm Fireweed attributed an increase in hacking attempts it has seen in the last year mostly to novices seeking to learn about remotely accessible industrial systems.Many victims appear to have been selected arbitrarily and no serious damage was caused in any of the cases – in part because of safety mechanisms and professional monitoring, Fireweed analyst Daniel Appellant Zara said in a statement. “While the (Oldsmar) incident does not appear to be particularly complex, it highlights the need to strengthen the cybersecurity capabilities across the water and wastewater industry,” he said.

It is not known if the hack was done from within the US and  his latest attack in Florida will do nothing to calm cyber security experts who've been warning for years that critical national infrastructure facilities are being targeted. Water, electricity, nuclear plants and transport are being probed for weaknesses all the time not just because of the potential for mass disruption but also because they are often running on obsolete and vulnerable IT systems.  

Reuters:       Al Jazeera:         CNet:      USNews:           BBC:         ITPro:        

You Might Also Read: 

Iran Fingered For Attack On Israeli Water Infrastructure:

 

« France Responds To Cyber Attacks
Cyber Security Insights For Executives »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

GovCERT.CZ

GovCERT.CZ

GovCERT.CZ is the Government Computer Emergency Response Team of the Czech Republic.

Security Network Munich

Security Network Munich

Security Network Munich brings together leading players in the field of information and cyber security through joint research and innovation projects.

Shieldfy

Shieldfy

Shieldfy is a cloud-based security shield for your website to protect it from cyber attacks and malwares.

Kippeo Technologies

Kippeo Technologies

Kippeo is a security systems integrator providing innovative solutions that look at all the parameters and connect all the dots.

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS) is a state-owned commercial enterprise providing confidential communication, trust services and services in the field of information protection.

NSR

NSR

NSR provide trusted solutions that deliver positive business outcomes for our clients in cybersecurity and data protection challenges.

ADVA Optical Networking

ADVA Optical Networking

ADVA is a company founded on innovation and focused on helping our customers succeed. Our technology forms the building blocks of a shared digital future and empowers networks across the globe.

Oivan

Oivan

Oivan harnesses the strengths of the web, mobile, cloud, cybersecurity, and blockchain technologies to help our clients to launch transformative digital services.

CloudWave

CloudWave

CloudWave, the expert in healthcare data security, provides cloud, cybersecurity, and managed services to healthcare organizations.

CXI Solutions

CXI Solutions

CXI Solutions: Your trusted partner in cybersecurity. We offer a full range of cybersecurity solutions to protect your business from digital attacks and virtual threats.

Methods

Methods

Methods is the leading digital transformation partner for the UK public sector. We care deeply about making our public services better and have been doing this for over 28 years.

View

View

View is the leader in smart building technologies including OT cybersecurity to securely connect buildings to the cloud and manage building networks and OT devices.

Tech Data

Tech Data

Tech Data, a TD Synnex company, is a leading global distributor and solutions aggregator for the IT ecosystem.

Tranchulus

Tranchulus

Tranchulus are a global provider of offensive and defensive cyber solutions, information security assessment, compliance and managed security services.

TekStream Solutions

TekStream Solutions

TekStream accelerates clients’ digital transformation by navigating complex technology environments with a combination of technical expertise and staffing solutions.

Ory Corp

Ory Corp

Ory's IAM/CIAM solutions are designed to empower businesses with the tools they need to protect their users, services and things, and maintain compliance.