09. Februar 2021, 13:49 Uhr | Heinz Arnold
Hackers penetrated a water company's computer system to contaminate water for 15,000 people.
Hackers have penetrated the computer system of a water company in order to contaminate the water for 15000 people.
The cyberattack took place in the town of Oldsmar near Tampa, Florida, Reuters reports.
"The attack on the city of Oldsmar's water treatment plant is what OT nightmares are made of. In the event of a successful attack, the damage would have been catastrophic," said Marty Edwards, vice president of operational technology security for Tenable. The company has developed a cyber exposure platform to help organizations understand and mitigate cybersecurity risks.
The hackers had used TeamViewer to gain access to the computer of an employee at the water utility in the city of Oldsmar, 17 miles east of Tampa, and took control, according to Reuters. The employee could see the hackers controlling the cursor, opening programs and attempting to manipulate the system by increasing the amount of caustic soda supplied. Normally, small amounts of caustic soda are added to reduce the acidity of the water. In high amounts, the caustic has a toxic effect. About 15,000 people live in Oldsmar, where contaminated water would have flowed from the tap.
But the employee immediately informed the police and the waterworks was able to quickly reset the manipulations, there was minimal impact. According to the waterworks, it has further safety precautions in place, so that the dangerously rising proportion of lye in the water would have been noticed and stopped very quickly. There would have been no immediate danger to the public. The FBI and Secret Service have taken over the investigation.
The cyberattack demonstrates that attackers can gain access to internal industrial control system (ICS) platforms and alter the chemical levels in a water treatment plant so that the water is no longer safe to consume. "Fortunately, plant operators were able to immediately detect the unauthorized changes to sodium hydroxide levels. Had they not acted quickly, this story could have had a very different outcome," reads a statement from Tenebel about the incident. "All critical infrastructure operators - like water utilities - must invest in the people, processes and technologies necessary to keep these systems safe. This was not the first attack of its kind and it certainly won't be the last," said Tenable's Marty Edwards.
How the cyberattacks play out
Many of these cloud-based tools and services are accessed by users on personal devices that are unprotected or outside the purview of the IT or security team. The expanded attack surface provided by these services presents an attractive target for attackers. They often target personal devices to not only steal data on the device itself, but they also attempt to move laterally through networks and do further damage.
Tenable's Security Response Team conducted a study to examine the details of 730 publicly disclosed data breaches in 2020. It found that threat actors rely on unpatched vulnerabilities in their attacks. These "Broken Windows" are primarily used to gain initial access into a target network. From there, attackers exploit serious vulnerabilities such as Zerologon to elevate their privileges and gain access to domain controllers on the network. From there, attackers exploit serious vulnerabilities like Zerologon to elevate their privileges to gain access to domain controllers on the network.
Most of these attacks are preventable with basic security measures, according to Adam Palmer, Tenable's chief cybersecurity strategist: "Good security awareness and basic cyber hygiene prevent mistakes that can cause serious damage. At the same time, it's important that users take responsibility for updating and protecting their devices to close these gaps. With technology now an integral part of modern life, we all have a role to play in protecting the devices we use."