A hacker accessed systems belonging to a water treatment plant in the San Francisco Bay area and deleted applications the plant used to treat drinking water.
The incident happened in January but only came to light this week. According to reports by NBC News, the hackers used the username and password from a former employee's TeamViewer account to gain access to the plant and delete programs.
There is no indication who the hacker was or what their motivations were, according to a private report compiled by the Northern California Regional Intelligence Center in February.
The breach went undetected until the next day. Once plant staff noticed the breach, it reinstalled all the deleted programs and reset all employee passwords.
"No failures were reported as a result of this incident, and no individuals in the city reported illness from water-related failures," the report said.
According to some reports, the hacker "tried to poison" the area's water, but Michael Sena, executive director of the Northern California Regional Intelligence Center, told the San Francisco Chronicle there was no attempt to poison the water supply.
“No one tried to poison any of our water,” he told the newspaper. “That is not accurate”.
“It takes a lot to influence a water supply chain,” he said. “For a large impact, there has to be a large change in the chemicals in the system. The amount of chemicals it would take to cause harm to people...the numbers are astronomical.”
Joseph Carson, chief security scientist at ThycoticCentrify, told IT Pro that this highlights and reminds us how bad password hygiene is getting and how important it is for organizations to priorities password security and management.
“Organizations must help employees move passwords into the background, so they do not have to choose, remember or store passwords, using privileged access security solutions helps organizations reduces the risk of weak passwords which is a common cause of many security incidents and data breaches moving passwords into the background at the same time reducing cyber fatigue,” Carson said.
Carson added that organizations must have a solid provisioning and deprovisioning process for privileged access, especially for employees with remote access to sensitive systems.
“Companies should demand multi-factor authentication by default and integrate it into privileged access management security solutions, as this breach shows the importance of not letting a password be your only security control,” he said.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Three ways to evolve your security operationsWhitepaper Why current approaches aren’t working
-
Beat cyber criminals at their own gameWhitepaper A guide to winning the vulnerability race and protection your organization
-
Quantifying the public vulnerability market: 2022 editionWhitepaper An analysis of vulnerability disclosures, impact severity, and product analysis
-
Same cyberthreat, different storyWhitepaper How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
-
Business value of ServiceNow security operationsWhitepaper Experience transformational gains from automating workflows and data-sharing among IT, security, and risk teams to rapidly remediate threats
-
Cybercriminals are resilient. How about you?Whitepaper Stay ahead of those agile bad actors
-
Threat Intelligence: Critical in the fight against cyber attacks, but tough to masterWhitepaper Discover why many claim Threat Intelligence is extremely important in protecting their company and data
-
State of ransomware readiness 2022Whitepaper Reducing the personal and business cost
