- #BREACHED PLANT EMPLOYEES USED SAME TEAMVIEWER SOFTWARE#
- #BREACHED PLANT EMPLOYEES USED SAME TEAMVIEWER PASSWORD#
- #BREACHED PLANT EMPLOYEES USED SAME TEAMVIEWER WINDOWS 7#
“Further investigation found that what the actor was actually advertising was access to a water treatment plant in Florida, via a virtual network computing (VNC) permission that granted system access to a ‘Groundwater Recovery & Treatment System,'” the company wrote. The cybersecurity firm Intel 471 on Friday said it had reexamined an incident from May of last year where likely Iranian hackers were attempting to sell access to a U.S. The attacker may have been a foreign hacker, Krebs added, but cautioned observers not to “jump to a conclusion that it’s a sophisticated” group. 10 congressional hearing that an insider, perhaps a disgruntled employee, was “very likely” the perpetrator. The identity of the hacker, and definitive information about how outsides accessed the water facility’s systems, remains a mystery.Ĭhris Krebs, the former director of CISA, suggested during a Feb.
However, some cybercriminal forum members had criticisms of the hacker who posted that data leak, saying that “files were corrupted, files were missing, the total number of credentials was smaller than advertised, and the data was of low quality,” said Ivan Righi, a cyber threat intelligence Analyst from Digital Shadows, which also track dark web activity.
#BREACHED PLANT EMPLOYEES USED SAME TEAMVIEWER PASSWORD#
If that username and password combination were accurate, and unchanged since 2015, attackers could have used those credentials to glean valuable information that could be helpful for accessing the facility’s system. The name of the city’s director of public works from 2011 to 2015 also appears to have been included in the data leak, CyberScoop has determined.
A spokesperson for the Massachusetts department said the department received the details from the EPA.Įmail addresses and passwords with the domains ci.oldsmar.fl.us and surfaced days before the breach in what’s being called the COMB data leak, for “Compilation of Many Breaches.” Credentials belonging to Oldsmar city employees were included in that leak as CyberNews first revealed and CyberScoop confirmed with Allan Liska, a senior security architect at Recorded Future who tracks dark web acitivity. “Further, all computers shared the same password for remote access and appeared to be connected directly to the Internet without any type of firewall protection installed,” the alert reads.
#BREACHED PLANT EMPLOYEES USED SAME TEAMVIEWER WINDOWS 7#
“All computers used by water plant personnel were connected to the SCADA system and used the 32-bit version of the Windows 7 operating system,” which Microsoft ended support for in January of last year. “The unidentified actors accessed the water treatment plant’s SCADA controls via remote access software, TeamViewer, which was installed on one of several computers the water treatment plant personnel used to conduct system status checks and to respond to alarms or any other issues that arose during the water treatment process,” the department wrote. “Early information indicates it is possible that a desktop sharing software, such as TeamViewer, may have been used to gain unauthorized access to the system.”Īn alert to public water suppliers that Massachusetts’ Department of Environmental Protection released earlier this week referenced another report from the FBI, DHS, Secret Service and the Pinellas County Sheriff’s Office which provided more detail that referenced the plant’s control systems, known as Supervisory Control and Data Acquisition ( SCADA) systems. “The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security, and an outdated operating system,” reads the alert from the FBI, Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, Environmental Protection Agency and Multi-State Information Sharing and Analysis Center.
#BREACHED PLANT EMPLOYEES USED SAME TEAMVIEWER SOFTWARE#
Initial clues suggest the incident, which was detected before it amounted to a threat to public drinking water, was made possible by lax data protection strategies and exploitation of a software tool. Three federal agencies teamed up with an organization that shares threat information between states to issue an alert late Thursday explaining how the breach, in which a hacker allegedly tried to raise sodium hydroxide levels to amounts that are harmful to humans, might have unfolded. A clearer picture of poor security practices in Oldsmar, Florida prior to the dangerous hack of its water treatment plant is beginning to emerge, even as an investigation into the matter continues one week after the incident.
0 kommentar(er)
