Tag Archive for: Oldsmar

Oldsmar water plant intrusion occurred after code exposure: firm

/in


The incident “highlights the importance of controlling access to untrusted websites,” security company Dragos wrote.

OLDSMAR, Fla. — A person on the city of Oldsmar’s computer network went to a website that had been compromised with malicious code on the same day someone accessed its water system and changed chemical levels to poisonous levels, security company Dragos said in a blog post.

Although the code likely did not lead to the actual intrusion, the company in part said the threat “does represent an exposure risk to the water industry and highlights the importance of controlling access to untrusted websites.”

Pinellas County Sheriff Bob Gualtieri announced Monday, Feb. 8, that on the previous Friday, an operator at Oldsmar’s water treatment plant noticed the cursor on his computer screen moving around. It was during this instance that the person on the other end was making changes to the facility’s systems and controls.

RELATED: ‘This is dangerous stuff’: Hacker increased chemical level at Oldsmar’s city water system, sheriff says

Those adjustments, if they weren’t caught in time, could have poisoned the water supply for a city of about 15,000 people. The intruder changed levels of sodium hydroxide, or lye, from 100 parts per million to 11,100 parts per million. The chemical helps to control pH levels in the water but at such a high level, it is considered corrosive to any human tissue it touches.

Author Kent Backman with Dragos wrote the company in its investigation discovered the malicious computer code on the website of an unnamed Florida water utility contractor. The code was placed seemingly to target water utilities and, as Dragos found, had been accessed more than 1,000 times during the course of a 58-day window starting in December 2020.

Source…

Oldsmar water hack came after city computer visited compromised website

/in


OLDSMAR, Fla. — An Oldsmar city computer reportedly visited a website hosting malicious code that targeted water utilities in the hours leading up to the city’s water treatment plan being hacked, a new report from the security firm Dragos said.

The Oldsmar water hack saw someone try to poison the water supply with lye, but it was discovered before any damage could be done. While the website ultimately didn’t play a role in the hack of the water supply system in Oldsmar, Dragos said the overall incident shined a light on IT security in the infrastructure in the United States.

The report, released Tuesday, found the website hosting the code was a Florida water utility contractor site. Dragos labeled the attack as a “watering hole attack.” According to the Computer Security Resource Center, a watering hole attack features an attacker “compromising a site likely to be visited by a particular group, rather than attacking the target group directly.”

In the case of the Oldsmar attack, Dragos found damaging code “inserted into the footer of a WordPress-based site associated with a Florida water infrastructure constructions company.” Dragos speculated the code was inserted through vulnerable WordPress plugins. Once the code was inserted into the legitimate site, the attackers began collecting information.

According to the Dragos report, the hack of the site started on December 20, 2020, and was on there until February 16, 2021. While the malicious code was live, the site interacted with “computers from municipal water utility customers, state and local government agencies, various water industry-related private companies, and normal internet bot and website crawler traffic.” Dragos said that over “1,000 end-user computers were profiled by the code” with most being in the U.S. and in the state of Florida.

For the Oldsmar attack, Dragos found a computer on a network belonging to the city went to the infected site at 9:49 a.m. on February 5, 2021. Dragos said the same network from the city was where an unknown actor, likely separate from the criminals who put the malicious code on the website, “reportedly compromised a water treatment control plant computer on the…

Source…

Lessons Local Utilities Can Learn from the Oldsmar Water Plant Hack

/in


Anatomy of the Oldsmar Water Plant Attack

The FBI, the Department of Homeland Security, the U.S. Secret Service and the Pinellas County Sheriff’s Office are investigating the attack in Oldsmar, and it is unclear where the attack originated from and what the motivations of the attacker or attackers were.

According to a Massachusetts state advisory describing FBI findings on the attack, on Feb. 5, unidentified malicious actors “obtained unauthorized access, on two separate occasions, approximately five hours apart, to the supervisory control and data acquisition (SCADA) system” used at the plant.

They accessed the SCADA system “via remote access software, TeamViewer, which was installed on one of several computers the water treatment plant personnel used to conduct system status checks and to respond to alarms or any other issues that arose during the water treatment process.”

According to ProPublica, the city had actually stopped using TeamViewer six months earlier, but never disconnected the program.

LEARN MORE: What are the main security vulnerabilities in a smart city?

Alarmingly, according to the advisory, all computers used by personnel at the Oldsmar plant were connected to the SCADA system and used an outdated, 32-bit version of the Windows 7 operating system. Even more worrisome, the Massachusetts advisory states, “computers shared the same password for remote access and appeared to be connected directly to the Internet without any type of firewall protection installed.”

A plant operator noticed the first intrusion, according to ProPublica, but “didn’t think much of it” Pinellas County Sheriff Bob Gualtieri said at a news conference. It wasn’t until after the second intrusion, when the attacker took over a computer and changed the amount of sodium hydroxide in the water from 100 parts per million to 1,100 parts per million, that the plant worker alerted his boss. The worker lowered the levels of sodium hydroxide and the city called the county sheriff’s office three hours later, ProPublica reports.

“This is dangerous stuff,” Gualtieri said, according to The New York Times. “It’s a bad act. It’s a bad actor. It’s not just a little…

Source…

Oldsmar tightens up security following water plant hack | North County

/in


OLDSMAR — The city of Oldsmar became world renowned for all the wrong reasons after the North Pinellas community’s water treatment plant suffered a software breach over Super Bowl weekend.

The Feb. 5 hack, which investigators said involved an unknown party accessing the facility’s computer system and altering the chemical composition of the water supply, received international attention and shined a spotlight on the shortcomings of a critical component of the nation’s infrastructure system.

Officials said the breach attempted to raise the level of sodium hydroxide, commonly known as lye, in the water supply to dangerous levels. It was spotted by a plant worker, who notified a supervisor who subsequently called the Pinellas County Sheriff’s Office, leading some to praise the alert employee.

“I commend the vigilance of the staff to catch something like that,” said Josiah Cox, president and founder of Central States Water Resources, which operates more than 250 water treatment plants in five midwestern states. “Small systems actually a lot of times are harder to run than larger systems just because you don’t have the redundancies and larger staffs and the same resources. So, the fact that they were paying that close attention to what was going on was really awesome and shows how much they care.”

While the worker’s quick actions drew praise, the reason behind the breach, reportedly attributed to a combination of outdated software and lax screen-sharing practices, earned criticism from all corners of the globe. It has forced Oldsmar officials to reassess and upgrade the security measures at the facility.

“We have addressed the cyber-related deficiencies that were reported in several FBI bulletins,” City Manager Al Braithwaite said during a Feb. 16 City Council meeting. “There will be enhancements that I will recommend to council that we will make as a result of the investigation to ensure optimal cyber-security for all of Oldsmar’s critical assets.”

Mayor Eric Seidel thanked Braithwaite, Assistant City Manager Felicia Donnelly and Public Works staff “for all the hard work and extra effort that has gone in after the…

Source…