Late on Monday night, reports emerged of an attempted attack on a city in Florida’s water supply. It is the latest in an increasing number of attacks on critical national infrastructure across the globe. Here at Siker Cyber, we specialise in working with organisations and governments, training their teams on how to identify and mitigate some of the circumstances that can lead to such attacks, this latest attempt demonstrates the significant risks that bad actors can pose.
Reports in Florida detailed how an (unknown at the time of writing) hacker gained access to the city of Oldsmar’s water system. On Friday morning the hacker(s) remotely accessed a computer controlling the city’s water supply. An Oldsmar water plant operator noticed the attempt to access the computer but assumed it was his supervisor.
Later on, Friday afternoon, the hacker increased the amount of sodium hydroxide in the city’s water treatment system for a brief period of time, before a worker noticed the change and fixed the issue. Sodium hydroxide is commonly found in liquid drain cleaner and ingestion of the chemical could lead to severe illness.
Stuart Harwood, Siker’s Global Assessments Lead says that: “We are now hearing more details about the Florida – Oldsmar hack on Friday, the reports we have seen are that the adversaries have used a version of TeamViewer to gain access to an element of the ICS system
Once in the system the adversaries have adjusted the sodium hydroxide to a dangerous level. This action was reportedly only caught because an operator has observed the sodium hydroxide levels being manipulated live on screen.
We fully recommend that a software asset list is created for all critical systems and kept up to date on a regular basis. This may add a lot of overhead to operator workload but is necessary when talking about security in this manner. We also would recommend that operators do not download and use connectivity software in the manner on critical systems. There are other methods for achieving remote access on ICS systems, if you would like to talk about methods to achieve this, please do not hesitate to contact us.”
As with the Florida attack, it is often workers on the front line of a country, state, or city’s infrastructure system who are best placed to notice such an incident. Additionally, these employees are most likely to inadvertently leave an infrastructure system open to attack.
With incidents similar to Friday’s attack in Florida on the rise, organisations involved in managing critical national infrastructure must ensure their workforce are aware of the security risks posed by outdated systems and poor practice. Often, it’s small and seemingly inconsequential oversights, such as a plant worker assuming a remote access attempt had been made by a supervisor, that can lead to the escalation of an attack.
We offer a series of courses and workshops along with diagnostics, advisory, and assurance services to mitigate the likelihood of such an attack. For more information, get in touch with us via our website at sikercyber.com