A hacker tried to poison the water supply in Oldsmar, Florida by dumping caustic soda into the water by adjusting the SCADA system in control of the water treatment plant.
On Friday 5th February, an operator at the water plant noticed the mouse on his screen moving and accessing the control system software for the water plant. Over several minutes the attacker navigated through various subsystems before adjusting the levels of sodium hydroxide added to the water from 100 parts per million to 11,100 parts per million and then disconnected. The operator quickly changed the levels back to the right amount and alerted the authorities.
The industrial control system for the water processing plant had TeamViewer installed and exposed to the public internet according to Reuters.
How to Protect remote access systems
With more staff working remotely during the pandemic, network administrators need to ensure that remote access to critical systems is protected by:
- Never publish remote access (TeamView, Remote Desktop or similar) directly onto the internet, instead use a VPN
- Enable multi-factor authentication to prevent brute force or stolen credentials from allowing access
- Segment your network so incoming VPN traffic can only access the intended system and not the whole network
- If possible, leave remote access disabled – or the logins used disabled – and only enable them as and when needed. This can be effective for accounts used by third parties and suppliers who need occasional access under controlled circumstances.
