WHAT NEXT AFTER THE WATER SUPPLY ATTACK?
The attack against the water supply in Florida, lands worry about the potential for future and copycat attacks against other lightly defended water treatment systems in small towns worldwide and what can be done to stem such incursions.
Last year, we saw water supply falling victims of similar attack in Israel and now in Florida - In the Florida case, criminals used remote access tools to gain a foothold and change chemical levels in the water supply, ramping them up to potentially hazardous levels.
That’s worrisome, including because hackers would normally have to gain specific knowledge of water treatment management systems, a very specific target demographic. That’s not a “spray and pray†attack; it’s targeted and takes some time to craft and deploy.
According to media reports, TeamViewer had been replaced as the remote access solution in use at this water treatment plant, yet it was still running, exposing the plant to the internet through a non-required interface.
And while this incident wasn’t a super stealthy zero-day attack, chances are that somebody was interested in the target for some time.
WHAT CAN OTHER WATERSUPPLY DO?
They should:-
1. Add/enforcing 2FA.
2. Patch systems.
3. Implement good change control processes.
4. Train staff on cyberhygiene.
5. Implement IDS and install reputable AV.
6. Do Vulnerability assessment regularly.
Thank you for sharing Yusuph