Cyber Actors Compromise US Water Treatment Facility

On 5 February 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a US water treatment plant.

The unidentified actors accessed the SCADA system’s software and increased the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the drinking water treatment process. Water treatment plant personnel immediately noticed the change in dosing amounts and corrected the issue before the SCADA system’s software detected the manipulation and alarmed due to the unauthorized change.

As a result, the water treatment process remained unaffected and continued to operate as normal. The cyber actors likely accessed the system by exploiting cyber security weaknesses including poor password security, and an outdated Windows 7 operating system to compromise software used to remotely manage water treatment.

The actor also likely used the desktop sharing software TeamViewer to gain unauthorized access to the system.

The FBI has observed cyber actors targeting and exploiting desktop sharing software and computer networks running operating systems with end of life status to gain unauthorized access to systems.

Desktop sharing software has multiple legitimate uses such as enabling telework, remote technical support, and file transfers, but can also be exploited through malicious actors’ use of social engineering tactics and other illicit measures. Windows 7 became more susceptible to exploitation due to a lack of security updates and well known vulnerabilities discovered. Microsoft, the FBI, and other industry professionals strongly recommend upgrading computer systems to an actively supported operating system.

Continuing to use any operating system within an enterprise beyond the end of life status presents vulnerabilities for cyber actors to exploit.

Copyright 2017 Content TiNYg RWT All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list