New information emerged regarding the recent Florida water treatment facility hack that sheds light on some details that made the intrusion possible. It turns out that the water treatment plant itself opened the door to attackers by failing to implement adequate security measures needed to secure critical control systems.
The breach at the City of Oldsmar’s water treatment plant occurred last Friday. The attackers attempted to increase the levels of sodium hydroxide (NaOH) in the water to a dangerous level, but their effort was thwarted by the system's plant operator, who detected the intrusion and quickly acted to reverse the command, leading to minimal impact.
According an advisory released by the state of Massachusetts, the attackers gained access to the water treatment plant’s SCADA controls using TeamViewer, a remote access tool, which was installed on one of the computers used to perform system status checks and to respond to alarms or any other issues that arose during the water treatment process.
Furthermore, all the computers used by water plant personnel were connected to the SCADA system and used the 32-bit version of the Windows 7 operating system (which reached EOL on January 14, 2020), they also shared the same password for remote access and appeared to be connected directly to the Internet without any type of firewall protection installed.
Ironically, the water treatment facility did not even use the TeamViewer software anymore, as per Pinellas County Sheriff Bob Gualtieri, the plant stopped using TeamViewer six months ago, but still left it installed.