As various intelligence services report, a potentially highly dangerous cyber attack on the water supply in Florida was discovered. Attackers gained access to an internal ICS (Industrial Control System) platform and tried to change chemical values in the water treatment plant in such a way that the water was no longer safe to consume.
Such attacks on OT systems (operational technology) are classified by experts as increasingly critical.
Marty Edwards, Vice President of Operational Technology Security bei Tenable kommentiert:
“The attack on the Oldsmar City Water Treatment Plant is what OT nightmares are made of. Had the attack been successful, the damage would have been catastrophic. This story shows how quickly and covertly a subtle and potentially fatal change can be made. It is precisely for this reason that the security community has been warning of the increasing threats to OT for more than a decade.
The days of isolated OT networks are long gone. It has been replaced by a highly dynamic and complex environment made up of intelligent OT technology, modern IT and everything in between. Attackers take advantage of these convergent networks to move sideways from one system to another. This makes compromising even a single device even more dangerous.
Fortunately, the plant operators were able to spot the unauthorized changes to the sodium hydroxide levels immediately. Had they not acted quickly, this story could have turned out very differently.
All critical infrastructure operators – like water supply – need to invest in the people, processes, and technology that are required to keep these systems secure. This was not the first attack of its kind and it will certainly not be the last. “
At the same time, Tuesday is the international “Safer Internet Day”. Adam Palmer, Chief Cybersecurity Strategist at Tenable, notes:
“Safer Internet Day is perhaps more important than ever this year. In the past twelve months, the way we work or access education has changed beyond recognition. Companies have opened their networks so employees can work remotely. Students use applications and services normally reserved for the corporate world to take virtual classes. Many of these cloud-based tools and services are accessed by users with personal devices that are unprotected or beyond the control of the IT or security team. The increased attack surface provided by these services is an attractive target for attackers. They often target personal devices in order not only to steal data on the device itself, but they also try to move sideways through networks and cause further damage.
Tenable’s Security Response Team conducted a study examining the details of 730 publicly known data breaches in 2020. It turned out that threat actors rely on unpatched security holes in their attacks. These ‘broken windows’ are primarily used to gain initial access to a target network. From there, the attackers exploit serious vulnerabilities such as Zerologon to increase their privileges and thus gain access to domain controllers in the network.
Most of these attacks can be prevented with basic security measures. Good security awareness and basic cyber hygiene prevent mistakes that can cause serious harm. At the same time, it is important that users take responsibility for updating and protecting their devices in order to fill these gaps. With technology now an integral part of modern life, we all have a role to play in protecting the devices we use. “