An unidentified attacker accessed the computer systems of a water treatment facility in the US, altering sodium hydroxide levels in the potable water supply. With attacks on critical infrastructure increasingly common, this incident should not come as a surprise. Basic cyber-security hygiene could have lessened the likelihood of accessing the systems, but the network of the facility was not adequately secured. Simple attack techniques took advantage of the plant’s security weaknesses, including poor passwords shared across the plant, and widespread use of end-of-life software. These problems are very likely present in other water treatment plants, as well as other critical facilities. This incident casts a spotlight on the need to appropriately secure critical infrastructure systems, which may be mistakenly thought of as well guarded.

×
Want these
Threat Intelligence reports sent straight to your inbox?
Subscribe below!
Thank you!
Error - something went wrong!
Most Recent Flipbooks
Weekly Intelligence Summary 21 October
Main story: Ransom Cartel and REvil: Partners in cybercrime?
Weekly Intelligence Summary 14 Oct
Main story: Hacktivists fan flames of Iranian anti-regime protests
Weekly Intelligence Summary 07 Oct
Main story: ProxyNotShell spells déjà vu for MS Exchange Server defenders
Weekly Intelligence Summary 30 Sept
Main story: Rogue ex-developer leaks LockBit 3.0 builder
Weekly Intelligence Summary 23 Sept
Main story: Uber compromised by Lapsus$'s resurgence
Weekly Intelligence Summary 16 Sept
Main story: Cyber attacks shock the Italian energy sector
Weekly Intelligence Summary 09 Sept
Main story: Back to school for students and ransomware groups