New subtleties have arisen about the remote PC interruption at a Florida water treatment plant, featuring an absence of satisfactory safety efforts necessary to make the critical framework conditions impenetrable.
The attack/breach which took place last Friday included an ineffective endeavor with respect to an enemy to escalate sodium hydroxide levels in the water supply to perilous levels by remotely approaching the SCADA framework at the water treatment facility. The framework’s administrator at the plant, who detected the intrusion, immediately found a way to turn around the commands taking place, prompting negligible effect.
Presently, as indicated by a warning distributed on Wednesday by the state of Massachusetts, anonymous cyber threat actors somehow managed to get to the supervisory control and data accusation (SCADA) framework by means of TeamViewer, a software which was installed on a lot of computers of the plant which were associated with the control system.
Not exclusively these PCs were running 32-bit variants of the Windows 7 operating system but the machines likewise had a similar password for remote access and are being considered to be presented straightforwardly to the Internet with no firewall security installed. It was quite important and clear that Microsoft Windows 7 arrived at end-of-life starting a year ago, on January 14, 2020.
The authorities said, “The unidentified actors accessed the water treatment plant’s SCADA controls via remote access software, TeamViewer, which was installed on one of several computers the water treatment plant personnel used to conduct system status checks and to respond to alarms or any other issues that arose during the water treatment process. All computers used by water plant personnel were connected to the SCADA system and used the 32-bit version of the Windows 7 operating system. Further, all computers shared the same password for remote access and appeared to be connected directly to the Internet without any type of firewall protection installed.”
Adding to the burdens, usually, numerous little open utilities are burdened with maturing foundations, and the IT offices will, in general, be under-resourced, ailing in financial plan and aptitude to overhaul their security stance and address weaknesses in a convenient style.
Massachusetts state authorities said that “Restrict all remote connections to SCADA systems, specifically those that allow physical control and manipulation of devices within the SCADA network. One-way unidirectional monitoring devices are recommended to monitor SCADA systems remotely.”
“Keep computers, devices, and applications, including SCADA/industrial control systems (ICS) software, patched and up-to-date, use two-factor authentication with strong passwords, and Only use secure networks and consider installing a virtual private network (VPN).”
Authorities concluded by stating, “Implement an update- and patch-management cycle. Patch all systems for critical vulnerabilities, prioritizing timely patching of Internet-connected systems for known vulnerabilities and software processing Internet data, such as Web browsers, browser plugins, and document readers.”