Weekly Intelligence Summary 19 February

February 19, 2021

An unidentified attacker accessed the computer systems of a water treatment facility in the US, altering sodium hydroxide levels in the potable water supply. With attacks on critical infrastructure increasingly common, this incident should not come as a surprise. Basic cyber-security hygiene could have lessened the likelihood of accessing the systems, but the network of the facility was not adequately secured. Simple attack techniques took advantage of the plant’s security weaknesses, including poor passwords shared across the plant, and widespread use of end-of-life software. These problems are very likely present in other water treatment plants, as well as other critical facilities. This incident casts a spotlight on the need to appropriately secure critical infrastructure systems, which may be mistakenly thought of as well guarded.

Previous Report
Initial Access Brokers Report
Initial Access Brokers Report

Initial access brokers are benefitting from a rise in adoption of remote access software. This Initial Acce...

Next Report
Weekly Intelligence Summary 12 February
Weekly Intelligence Summary 12 February

Following the disclosure of the SolarWinds supply-chain compromise in December 2020, details continue to em...

Want To Try Our Digital Risk Protection Tool?

Get Started Free