Verizon Investigation: Water Treatment Plant Hacked
By John Atienza on March 29, 2016
Resources:
- http://news.softpedia.com/news/hackers-modify-water-treatment-parameters-by-accident-502043.shtml
- http://westoahu.hawaii.edu/cyber/index.php/hackers-on-the-high-seas-and-in-plumbing-too-verizons-data-breach-digest-report/
- http://www.theregister.co.uk/2016/03/24/water_utility_hacked/
More details arise from Verizon’s data breach digest where their RISK team was asked to come investigate a breach. Hacktivists were responsible for the hacking of a water treatment plan that I mentioned in an older post. Portions of the facility were actually directly exposed to the internet. The company used an AS/400 that was hacked using a combination of SQL Injection (SQLi) and spear phishing. The attackers were able to access the flow control and chemical treatment of water, but it did not seem like they had the required knowledge or intent to do any major harm. Luckily secondary security controls were in place to detect the changes made to flow and chemical treatment. Verizon’s RISK team still concluded that the security of the systems needed to be redesigned in a defense in depth (DID) layered approach to detect and stop future security breaches.
-
Cybersecurity Incident Costing Energy Service Provider Tens of Millions
Cybersecurity Incident Costing Energy Service Provider Tens of Millions
11/18/2024 -
New Functionality Revealed for Palo Alto Networks OT Cybersecurity Solutions
New Functionality Revealed for Palo Alto Networks OT Cybersecurity Solutions
11/8/2024 -
Critical Vulnerabilities Found in Industrial Routers
Critical Vulnerabilities Found in Industrial Routers
11/6/2024