Hacker Attempts to Poison Florida City's Water Supply

[Chewy_fox]

The important thing is to put everybody on notice," he continued. "And I think that's really the purpose of today is to make sure that everyone realizes these kinds of bad actors are out there. It's happening. So take a really hard look at what you have in place."

The incident is currently being investigated by the sheriff's office, FBI and Secret Service.

TeamViewer Targeted

In staging the attack, the threat actor used TeamViewer, a popular remote control program that was being used by the water administration team to control the chemical mix of the water, explained Chris Risley, CEO of Bastille, in San Francisco, a provider of protection from mobile and wireless threats.

"The attacker compromised TeamViewer, perhaps by hacking the passwords, and took over the mouse to reset the chemical balance," he told TechNewsWorld.

"It comes down to the notion that people think that as long as they have a password on something, they can secure it," observed Rick Moy, vice president of sales and marketing at Tempered Networks, an identity-based micro-segmentation provider in Seattle.

"That's not true," he told TechNewsWorld. "People can guess passwords. There are hacker tools out there to do that."

Amateur Actor

Although details about who mounted the attack are unknown, their modus operandi reveals something about them.

"We can reasonably speculate this was an amateur," noted Bryson Bort, CEO of Scythe, a computer and network security company in Arlington, Va.

"It shows in their timing -- during the day when they could be seen -- and the use of the tool without obfuscating what they were doing," he told TechNewsWorld.

Moy agreed that an experienced hacker would have entered the system in a more clandestine manner. "It was a pretty low-tech attack," he added.

Since the intruder grabbed control of the operator's workstation while the operator was sitting in front of it, it's possible the threat actor wanted to be caught in the act of sabotaging the chemical mix of the water, maintained Saryu Nayyar, CEO of Gurucul, a threat intelligence company in El Segundo, Calif.

"There is a very slim possibility that the attacker did it when and how they did as a wakeup call to the operator," she told TechNewsWorld.

"So-called White Hat Hackers have been known to execute an exploit to prove a point when someone has ignored their repeated warnings about a vulnerability," she explained.

"That would be the very unlikely 'best case' scenario here," she added.

Inside Job?

The length of time the intruder was on the system -- once in the morning and again in the afternoon, both for very short periods of time -- may also add something to their profile.

"The attacker knew what they were after," said Israel Barak, CISO of Cybereason, an endpoint security and response company in Boston.

"If that's the case, it suggests that the attack was done by someone who knew the system well," he told TechNewsWorld. "They may have even had the password for the remote supervisory system."

Since the attack lacked sophistication, it's unlikely a nation-state was behind it, Risley asserted. "It might have been from overseas," he said, "but it doesn't show the depth, precision or persistence of a nation-state attack."

"Honestly, a nation-state attack might have worked," he added.

When we think about industrial control systems attacks, there's a misconception about what the adversary profile is, Barak explained.

"It's common to think these attacks are nation-state operations," he said. "While these facilities are attractive to nation-state groups, they're also targeted on an ongoing basis by a lot of different cybercrime threat actors."

"A lot of times they're targeted because they're low hanging fruit.," he continued. "In a broad network scan, a threat actor will find a remote supervisory interface, the password might be easy to guess, and they'll get into the system looking for a quick payday with a ransomware attack."

More Attacks Coming

Mayor Seidel appears to have had a good reason to raise the alarm about bad actors targeting municipal infrastructure.

"We can expect more of these attacks," Risley said. "There are dozens, or hundreds, of published vulnerabilities and municipalities are not great at keeping up with the latest security patches on their computer equipment. So, there are many opportunities for hackers to execute these kinds of attacks."

"Given the pandemic time we are in, remote tools and software are becoming ubiquitous for all types of industries and verticals," added Krishnan Subramanian, a security researcher at Menlo Security, a cybersecurity company in Mountain View, Calif.

"This could mean more room for attackers to take advantage of weaknesses in such tools," he told TechNewsWorld.

Chloé Messdaghi, vice president of strategy at Point3 Security, a provider of training and analytic tools to the security industry in Baltimore also warned that municipalities should expect more attacks.

"Attackers know that people aren't communicating with their colleagues and IT staff like they used to, and they know many people aren't even physically on site," she told TechNewsWorld.

"Picture a thief walking around a dark parking lot checking car doors," she said. "The chances he comes across an unlocked door are good.

[Silent Watcher]

Avoid unnecessary posts such as 'Thank you', 'Welcome', etc. Such posts will be deleted and user will be warned if it happens again. If caught spamming, the following actions are applicable -

• First time - Warning
• Second time - 5000 Points will be deducted
• Third time - Ban for 7 days
• Fourth time - Permanent Ban

If the post helped you, reward the user by reacting to the post like this -