An unidentified attacker accessed the computer systems of a water treatment facility in the US, altering sodium hydroxide levels in the potable water supply. With attacks on critical infrastructure increasingly common, this incident should not come as a surprise. Basic cyber-security hygiene could have lessened the likelihood of accessing the systems, but the network of the facility was not adequately secured. Simple attack techniques took advantage of the plant’s security weaknesses, including poor passwords shared across the plant, and widespread use of end-of-life software. These problems are very likely present in other water treatment plants, as well as other critical facilities. This incident casts a spotlight on the need to appropriately secure critical infrastructure systems, which may be mistakenly thought of as well guarded.
Want To Try Our Digital Risk Protection Tool?
Get Started FreeOther content in this Stream
Weekly Intelligence Summary 17 June 2022
Main story: Attackers seize Microsoft zero-day for malware dissemination, espionage
Weekly Intelligence Summary 29th Apr
Main story: Russian cyber attacks on Ukraine: Where’s the boom?
Weekly Intelligence Summary 22nd Apr
Main story: Karakurt Hacking Team moonlights as Conti side business
Weekly Intelligence Summary 14th Apr
RaidForums takedown sends cybercriminals scrambling
Weekly Intelligence Summary 25th Mar
Maverick extortionist group Lapsus$ goes after big tech
Weekly Intelligence Summary 18th Mar
US executive order pushes for responsible cryptocurrency use
Weekly Intelligence Summary 11th Mar
The Russia-Ukraine war has triggered a resurgence of hacktivism around the world
Weekly Intelligence Summary 4th Mar
The US government has issued an alert about the Iran-linked "MuddyWater" advanced persistent threat group
Weekly Intelligence Summary 25th Feb
Conti ransomware group aims to ascend with new tools, structure
Weekly Intelligence Summary 18th Feb
US DoJ arrests shine light on ease and impact of cryptocurrency laundering