11 February 2021

Florida water treatment facility was left open to hack due to poor password management


Florida water treatment facility was left open to hack due to poor password management

New information emerged regarding the recent Florida water treatment facility hack that sheds light on some details that made the intrusion possible. It turns out that the water treatment plant itself opened the door to attackers by failing to implement adequate security measures needed to secure critical control systems.

The breach at the City of Oldsmar’s water treatment plant occurred last Friday. The attackers attempted to increase the levels of sodium hydroxide (NaOH) in the water to a dangerous level, but their effort was thwarted by the system's plant operator, who detected the intrusion and quickly acted to reverse the command, leading to minimal impact.

According an advisory released by the state of Massachusetts, the attackers gained access to the water treatment plant’s SCADA controls using TeamViewer, a remote access tool, which was installed on one of the computers used to perform system status checks and to respond to alarms or any other issues that arose during the water treatment process.

Furthermore, all the computers used by water plant personnel were connected to the SCADA system and used the 32-bit version of the Windows 7 operating system (which reached EOL on January 14, 2020), they also shared the same password for remote access and appeared to be connected directly to the Internet without any type of firewall protection installed.

Ironically, the water treatment facility did not even use the TeamViewer software anymore, as per Pinellas County Sheriff Bob Gualtieri, the plant stopped using TeamViewer six months ago, but still left it installed.

Back to the list

Latest Posts

Researchers discover connection between SunCrypt and QNAPCrypt ransomware

Researchers discover connection between SunCrypt and QNAPCrypt ransomware

SunCrypt may be an updated version of the QNAPCrypt ransomware.
4 March 2021
Cybersecurity firm Qualys appears to be the latest victim of Accellion FTA zero-day attacks

Cybersecurity firm Qualys appears to be the latest victim of Accellion FTA zero-day attacks

The cybercriminals behind the Clop ransomware operation have posted screenshots of files allegedly stolen from Qualys on their leak site.
4 March 2021
CISA orders federal agencies to ‘immediately’ patch Exchange flaws exploited by hackers

CISA orders federal agencies to ‘immediately’ patch Exchange flaws exploited by hackers

Several APT groups are exploiting "at least" the CVE-2021-26855 Microsoft Exchange Server vulnerability as part of ongoing attacks, ESET says.
4 March 2021