Hackers breach San Francisco water treatment plant
A successful attack could have poisoned the well
A hacker accessed systems belonging to a water treatment plant in the San Francisco Bay area and deleted applications the plant used to treat drinking water.
The incident happened in January but only came to light this week. According to reports by NBC News, the hackers used the username and password from a former employee's TeamViewer account to gain access to the plant and delete programs.
There is no indication who the hacker was or what their motivations were, according to a private report compiled by the Northern California Regional Intelligence Center in February.
The breach went undetected until the next day. Once plant staff noticed the breach, it reinstalled all the deleted programs and reset all employee passwords.
"No failures were reported as a result of this incident, and no individuals in the city reported illness from water-related failures," the report said.
According to some reports, the hacker "tried to poison" the area's water, but Michael Sena, executive director of the Northern California Regional Intelligence Center, told the San Francisco Chronicle there was no attempt to poison the water supply.
“No one tried to poison any of our water,” he told the newspaper. “That is not accurate”.
“It takes a lot to influence a water supply chain,” he said. “For a large impact, there has to be a large change in the chemicals in the system. The amount of chemicals it would take to cause harm to people...the numbers are astronomical.”
Joseph Carson, chief security scientist at ThycoticCentrify, told IT Pro that this highlights and reminds us how bad password hygiene is getting and how important it is for organizations to priorities password security and management.
“Organizations must help employees move passwords into the background, so they do not have to choose, remember or store passwords, using privileged access security solutions helps organizations reduces the risk of weak passwords which is a common cause of many security incidents and data breaches moving passwords into the background at the same time reducing cyber fatigue,” Carson said.
Carson added that organizations must have a solid provisioning and deprovisioning process for privileged access, especially for employees with remote access to sensitive systems.
“Companies should demand multi-factor authentication by default and integrate it into privileged access management security solutions, as this breach shows the importance of not letting a password be your only security control,” he said.
How virtual desktop infrastructure enables digital transformation
Challenges and benefits of VDIFree download
The Okta digital trust index
Exploring the human edge of trustFree download
Optimising workload placement in your hybrid cloud
Deliver increased IT agility with the cloudFree Download
Modernise endpoint protection and leave your legacy challenges behind
The risk of keeping your legacy endpoint security toolsDownload now