Similar to the Oldsmar water treatment attack in Florida, the threat actor used legitimate credentials to break into remote access tool TeamViewer. After logging in, they deleted programs that the plant used to treat drinking water.
The unidentified criminal used a former plant employee’s username and password to gain entry to the unidentified Bay Area water treatment facility on Jan. 15.
“The consequences of a data breach can vary greatly depending on the intention of the adversary. Some hackers simply aim to cause disruption. Others extract valuable PII to sell on the Dark Web, while others look to extort money due to ransomware. When a cyberattack is attempted against critical infrastructures such as hospitals, electrical grids, or water systems, the potential repercussions can affect thousands of individuals like you and me. It can be devastating — or even deadly. In fact, the 2020 Global State of Industrial Cybersecurity report found that 74% of IT security professionals are more concerned about a cyberattack on critical infrastructure than an enterprise data breach.” – Bill O’Neall, VP – ThycoticCentrify
“Working smarter with automation technologies in managing large volumes of data streams, analyzing them for anomalies and reporting risk in real time, is the only way forward for CNI protection. This, in partnership with continued user education in being diligent and applying critical thinking analysis to system activity reports, is critical.” – Sam Humphries, Exabeam