Tag Archive for: plant

Oldsmar water plant intrusion occurred after code exposure: firm

/in


The incident “highlights the importance of controlling access to untrusted websites,” security company Dragos wrote.

OLDSMAR, Fla. — A person on the city of Oldsmar’s computer network went to a website that had been compromised with malicious code on the same day someone accessed its water system and changed chemical levels to poisonous levels, security company Dragos said in a blog post.

Although the code likely did not lead to the actual intrusion, the company in part said the threat “does represent an exposure risk to the water industry and highlights the importance of controlling access to untrusted websites.”

Pinellas County Sheriff Bob Gualtieri announced Monday, Feb. 8, that on the previous Friday, an operator at Oldsmar’s water treatment plant noticed the cursor on his computer screen moving around. It was during this instance that the person on the other end was making changes to the facility’s systems and controls.

RELATED: ‘This is dangerous stuff’: Hacker increased chemical level at Oldsmar’s city water system, sheriff says

Those adjustments, if they weren’t caught in time, could have poisoned the water supply for a city of about 15,000 people. The intruder changed levels of sodium hydroxide, or lye, from 100 parts per million to 11,100 parts per million. The chemical helps to control pH levels in the water but at such a high level, it is considered corrosive to any human tissue it touches.

Author Kent Backman with Dragos wrote the company in its investigation discovered the malicious computer code on the website of an unnamed Florida water utility contractor. The code was placed seemingly to target water utilities and, as Dragos found, had been accessed more than 1,000 times during the course of a 58-day window starting in December 2020.

Source…

Hackers used SonicWall zero-day flaw to plant ransomware

/in


Security

Image: Pixabay

Ransomware group UNC2447 used an SQL injection bug to attack US and European orgs

Print

PrintPrint

Pro

Read More: security SonicWall

Security researchers have discovered a new strain of ransomware designed to exploit a SonicWall VPN zero-day vulnerability before a patch was available.

According to researchers at Mandiant, the flaw exists in SonicWall’s SMA-100 series of VPN products. Hackers, who Mandiant dubbed UNC2447, targeted organizations in Europe and North America with a new ransomware known as FiveHands, a rewritten version of the DeathRansom ransomware.

Hackers deployed the malware as early as January this year along with Sombrat malware at multiple victims that were extorted. Researchers noted that in one of the ransomware intrusions, the same Warprism and Beacon malware samples previously attributed to UNC2447 were observed. Researchers are certain that the same hacking group used Ragnar Locker ransomware in the past.

 
advertisement


 

“Based on technical and temporal observations of HelloKitty and FiveHands deployments, Mandiant suspects that HelloKitty may have been used by an overall affiliate program from May 2020 through December 2020, and FiveHands since approximately January 2021,” the researchers said.

Researchers said FiveHands is…

Source…

Lessons Local Utilities Can Learn from the Oldsmar Water Plant Hack

/in


Anatomy of the Oldsmar Water Plant Attack

The FBI, the Department of Homeland Security, the U.S. Secret Service and the Pinellas County Sheriff’s Office are investigating the attack in Oldsmar, and it is unclear where the attack originated from and what the motivations of the attacker or attackers were.

According to a Massachusetts state advisory describing FBI findings on the attack, on Feb. 5, unidentified malicious actors “obtained unauthorized access, on two separate occasions, approximately five hours apart, to the supervisory control and data acquisition (SCADA) system” used at the plant.

They accessed the SCADA system “via remote access software, TeamViewer, which was installed on one of several computers the water treatment plant personnel used to conduct system status checks and to respond to alarms or any other issues that arose during the water treatment process.”

According to ProPublica, the city had actually stopped using TeamViewer six months earlier, but never disconnected the program.

LEARN MORE: What are the main security vulnerabilities in a smart city?

Alarmingly, according to the advisory, all computers used by personnel at the Oldsmar plant were connected to the SCADA system and used an outdated, 32-bit version of the Windows 7 operating system. Even more worrisome, the Massachusetts advisory states, “computers shared the same password for remote access and appeared to be connected directly to the Internet without any type of firewall protection installed.”

A plant operator noticed the first intrusion, according to ProPublica, but “didn’t think much of it” Pinellas County Sheriff Bob Gualtieri said at a news conference. It wasn’t until after the second intrusion, when the attacker took over a computer and changed the amount of sodium hydroxide in the water from 100 parts per million to 1,100 parts per million, that the plant worker alerted his boss. The worker lowered the levels of sodium hydroxide and the city called the county sheriff’s office three hours later, ProPublica reports.

“This is dangerous stuff,” Gualtieri said, according to The New York Times. “It’s a bad act. It’s a bad actor. It’s not just a little…

Source…

Oldsmar tightens up security following water plant hack | North County

/in


OLDSMAR — The city of Oldsmar became world renowned for all the wrong reasons after the North Pinellas community’s water treatment plant suffered a software breach over Super Bowl weekend.

The Feb. 5 hack, which investigators said involved an unknown party accessing the facility’s computer system and altering the chemical composition of the water supply, received international attention and shined a spotlight on the shortcomings of a critical component of the nation’s infrastructure system.

Officials said the breach attempted to raise the level of sodium hydroxide, commonly known as lye, in the water supply to dangerous levels. It was spotted by a plant worker, who notified a supervisor who subsequently called the Pinellas County Sheriff’s Office, leading some to praise the alert employee.

“I commend the vigilance of the staff to catch something like that,” said Josiah Cox, president and founder of Central States Water Resources, which operates more than 250 water treatment plants in five midwestern states. “Small systems actually a lot of times are harder to run than larger systems just because you don’t have the redundancies and larger staffs and the same resources. So, the fact that they were paying that close attention to what was going on was really awesome and shows how much they care.”

While the worker’s quick actions drew praise, the reason behind the breach, reportedly attributed to a combination of outdated software and lax screen-sharing practices, earned criticism from all corners of the globe. It has forced Oldsmar officials to reassess and upgrade the security measures at the facility.

“We have addressed the cyber-related deficiencies that were reported in several FBI bulletins,” City Manager Al Braithwaite said during a Feb. 16 City Council meeting. “There will be enhancements that I will recommend to council that we will make as a result of the investigation to ensure optimal cyber-security for all of Oldsmar’s critical assets.”

Mayor Eric Seidel thanked Braithwaite, Assistant City Manager Felicia Donnelly and Public Works staff “for all the hard work and extra effort that has gone in after the…

Source…