Florida’s water supply under attack: Poisonous water?

Did a cyberattack in Florida nearly put thousands of people’s lives at risk? Find out what happened to Florida’s water supply.

In previous posts, we have talked about how through digital transformation we have been able to apply updated technologies that change and lighten work processes that for years have been maintained in a particular way. The application of these technologies has made many things easier for us, from the automatic manufacturing of almost any type of consumable product to the use of software to control a variety of complex computer systems; including water supply.

However, the development of these technologies does not seek to substitute or replace the human; not even artificial intelligence has reached that point. The use of all these resources must always go hand in hand with a human presence that controls and knows how to operate them. In companies there are many processes of data traffic, software management, and security that require the intervention of entire teams of people; demonstrating that our presence is always necessary; especially when defending these systems.

We emphasize defending these systems because they are all vulnerable and there is always someone whose only interest is to harm. As mentioned in the title of the post; a water treatment facility located in Oldsmar, Florida was the victim of a recent cyberattack aimed at poisoning the town’s water supply. The events alarmed authorities and cybersecurity experts alike, raising concerns for the state. Read on to find out the details!

water supply
water supply

The attack – how can a cybercriminal poison a water supply?

Last year (2020) marked a significant increase in the number of cyberattacks. Large and medium-sized companies, cryptocurrency accounts, and medical records are several examples of those affected by hackers; a trend that is not stopping and continues this year; seeming to even have more scope because of the quality of things these criminals can do; a sample of which is the small town mentioned.

Many industrial facilities today are controlled remotely through software; which is restricted to high-level employees and members of the plant’s management so that they can access the water supply system at any time. In this case, the plant uses remote access software called TeamViewer; which allows them to remotely connect to other computers in the system to share and control the desktop; hold online meetings, conduct video conferences and transfer files between devices.

The problem is that this software had not been used at Oldsmar’s water provider for more than 6 months; indicating that the vulnerability risks due to the lack of use of the system were higher than usual. The attack occurred when an employee realized that someone was monitoring his device, which is normal since TeamViewer allows this; but he then noticed that several programs were open and the level of a chemical compound called “bleach” was changing.

The increase of bleach (sodium hydroxide) in the water represented the main problem in this attack; as the perpetrator increased the amount of this compound in the water 100 times above normal; the consumption of which would result in the death by poisoning of all those who consumed it. Fortunately, the operators were able to reverse the attack in time because the plant’s security systems were activated when they detected dangerous levels of chemicals in the water supply.

How did the hackers manage to penetrate the system?

Following the attack, authorities and cybersecurity teams began investigating how the hackers managed to penetrate the system. According to a Massachusetts security advisory; the attack occurred due to the following flaws cited below:

“All computers used by water plant personnel were connected to the SCADA system and used the 32-bit version of the Windows 7 operating system. In addition, all computers shared the same password for remote access and appeared to be connected directly to the Internet without any type of firewall protection installed.”

In addition to connecting through SCADA; which is a software to control industrial processes remotely, there are also signs that the criminals involved possessed leaked credentials of the system. Apparently, a group of hackers was able to retrieve these credentials due to a breach leaked on the internet in 2017; and in a COMB data collection, which is also a database of stolen credentials gathered over the years.

These collections have millions of emails and passwords and continue to be fed by vulnerabilities in systems. Having been pulled from COMB; the possibility that it was an insider attack would be ruled out; also because the authorities initially had the idea that the attack could have been internal.

What is the cybersecurity response? What must be done?

Because the attack was quickly detected, maybe the people at Oldsmar were never close to the danger; nonetheless, it is worrying how the cybercriminals opted for generating real, physical damage. This is a clear indicator that appropriate cybersecurity measures must always be taken if you want to protect a system; because unlike an attack on a bank or an email account, this one is directly life-threatening.

We recommend that companies always have an infrastructure and equipment suitable for cybersecurity. Many companies and facilities of this type rely on outdated security systems; which increase the risk of hacking due to vulnerabilities, as these are systems that hackers can easily penetrate.

At the same time, safety in the industrial area must be increased. Power plants, chemical plants, factories, etc. These types of attacks; in addition to putting large populations at risk, can also affect the lives of employees and anyone close to the facilities, turning technology into a security hazard when it is at our service.

Besides, cybersecurity teams must perform constant, in-depth monitoring. By using more modern systems, the industrial control process could be managed with artificial intelligence and more modern software to detect any kind of anomalies and monitor the systems. So, an environment focused on cybersecurity can be created in a way that instead of being reactive to threats, be proactive against them avoiding risks to the lives of hundreds of people.

Interesting related articles: Why are low-rating vulnerabilities important?

Other articles that may interest you: Know the banking trojans and their dangers.