Verizon Investigation: Water Treatment Plant Hacked
By John Atienza on March 29, 2016
Resources:
- http://news.softpedia.com/news/hackers-modify-water-treatment-parameters-by-accident-502043.shtml
- http://westoahu.hawaii.edu/cyber/index.php/hackers-on-the-high-seas-and-in-plumbing-too-verizons-data-breach-digest-report/
- http://www.theregister.co.uk/2016/03/24/water_utility_hacked/
More details arise from Verizon’s data breach digest where their RISK team was asked to come investigate a breach. Hacktivists were responsible for the hacking of a water treatment plan that I mentioned in an older post. Portions of the facility were actually directly exposed to the internet. The company used an AS/400 that was hacked using a combination of SQL Injection (SQLi) and spear phishing. The attackers were able to access the flow control and chemical treatment of water, but it did not seem like they had the required knowledge or intent to do any major harm. Luckily secondary security controls were in place to detect the changes made to flow and chemical treatment. Verizon’s RISK team still concluded that the security of the systems needed to be redesigned in a defense in depth (DID) layered approach to detect and stop future security breaches.
-
New Cybersecurity Regulations Pose Major Shifts for ICS Operators
New Cybersecurity Regulations Pose Major Shifts for ICS Operators
4/4/2025 -
New Threats in Familiar Code: Open-Source Risks in ICS
New Threats in Familiar Code: Open-Source Risks in ICS
4/4/2025 -
The MOVEit Data Breach: Understanding the Risks and Mitigation Strategies
The MOVEit Data Breach: Understanding the Risks and Mitigation Strategies
3/14/2025