Lessons learned from the Oldsmar water supply cyberattack
Hacked: The water treatment facility in Oldsmar, FL
According to a cybersecurity advisory issued jointly last Thursday (2/11) by the FBI, CISA, UEPA and the Multi State ISAC, unidentified cyber actors had obtained unauthorized access to the supervisory control and data acquisition (SCADA) of a U.S. drinking water treatment plant, later identified as the water plant servicing Oldsmar FL (Pop 15,000).
The hackers used the SCADA system’s software to increase the amount of sodium hydroxide, a lethal caustic chemical, as part of the water treatment process. Alert personnel had noticed the unauthorized change in dosing amounts and were able to correct the issue in time. Luckily, the water treatment process remained unaffected and continued to operate as normal.
The attackers were able to gain remote control, apparently by using TeamViewer software, exploiting the use of weak passwords of facility employees, as well as exploiting the use of windows 7 operating system and known vulnerabilities.
The EPA, CISA, FBI, and MS-ISAC observed corrupt insiders and outside cyber actors using desktop sharing software to victimize targets in a range of organizations, including those in the critical infrastructure sectors. Beyond its legitimate uses, TeamViewer allows cyber actors to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs).
The implementation of a system-wide, server-based file-transfer monitoring and disinfecting mechanism that is constantly working in the background and applying rigorous file sanitization to every incoming file – is a significant mitigation measure for this type of threat. In a policy-based setup, as seen in by best-of-breed file sanitization tools such as GateScanner Dome CDR, users cannot override these network protection measures, and so regardless whether the malicious actor is located within the organization or only appears to be – he/she cannot overcome the organizational network defenses and inject malware-harboring files into the network.
GateScanner suite of multi-AV, anti-malware tools implementing Content Disarm and Reconstruction (CDR) technology, provide complete coverage of all content channels streaming files into the network via email, web downloads, app to app transfers, cloud transfers, portable devices and computing devices.
Contact us for a demo and secure your network today!
Keywords: SCADA, Cybersecurity, Infrastructure Security, Teamviewer vulnerability, File-based attacks, Remote Access Trojans (RATs)