Hackers Gain Access to Florida Water Treatment Plant – Can They Gain Access to Your Organization?

Last week a town in Florida made headlines when they experienced one of the biggest threats to public safety through a cyber attack. Hackers gained remote access and threatened the town of Oldsmar’s water supply by increasing the amount of sodium hydroxide, or Lye, to a deadly amount. Luckily the city’s water supply was not damaged, but the same cannot be said for the town’s reputation.

What Happened?

Many city water treatment plants use remote access software to allow administrators and members of management to access the water supply system at any time from anywhere. In Oldsmar’s case, the remote access software being used was TeamViewer. Teamviewer is a software application for remote control, desktop sharing, online meetings, web conferencing and file transfer between computers. Employees at this water plant were using a computer that is running Windows 7, which reached its end of life in January 2020. Outdated hardware and network operating systems are common amongst utility departments due to budget issues and legacy software compatibility problems.

Oldsmar’s water plant was fortunate in this event as the attacker directly took over the desktop and mouse of the station that the water plant operator was stationed at. He was able to observe the hacker scrolling through menus and adjusting the water chemical levels in real-time. This is rarely the case in a cyber attack.

How Do I Prevent Hackers From Infiltrating My Business?

The cyber threat to critical infrastructure has been increasing steadily as hackers or lone individuals better understand how to exploit operational technology in addition to IT systems. As demonstrated by this attack, foundational security activities may have mitigated this risk. The attack has shined light on the importance of maintaining a secure infrastructure.

A few recommendations on securing your infrastructure are:

  • Using Strong passwords to protect remote access tools.
  • Using Multiple Factor Authentication (MFA)
  • Ensure anti-virus, spam filters, and firewalls are up to date, properly configured and secure.
  • Train employees on the importance of cybersecurity by using Security Awareness Training, your employees can be your biggest strength and weakness when it comes to a cyber-attack.
  • Audit network configurations and isolate computer systems that can no longer be updated.
  • Keep all software and operating systems updated.

Detection is the key to prevention. Every business leader is responsible for the cybersecurity of their organization. Partnering with a cybersecurity provider like Corsica gives you access to 24/7 systems monitoring and maintenance and a team of cyber experts. If you are interested in learning more about our Cybersecurity services, please schedule a call with one of our experts here.

Corsica Technologies
Corsica provides personalized service and a virtual CIO (vCIO) who serves as a strategic advisor. When it comes to the complex integration of solutions for IT and cybersecurity, the whole is greater than the sum of its parts. We offer cybersecurity solutions, managed services, digital transformation, resale services, and one-off technology projects. Corsica unifies any combination of these services into a complete, seamless solution.

Related Reads

MDM vs. MAM: Which one is right for you? - Corsica Technologies

MDM vs. MAM: Which One Is Right For You?

How should you handle mobile devices that have access to company data and systems? This is a crucial question for today’s on-the-go, hybrid workforce. Maybe you give your team company-owned mobile devices. Or perhaps your employees find it more convenient

Read more
Managed Network Services - Everything You Need to Know - Corsica Technologies

Managed Network Services: Everything You Need To Know

For overworked IT teams, managed network services are a lifesaver. Rather than monitoring network logs, troubleshooting switches, and working overtime to mitigate vulnerabilities, you can engage a trusted partner to manage your network for you. But not all providers are

Read more

Sign Up For Our Newsletter

Stay up-to-date on the Managed Services and Cybersecurity landscape, and be the first to find out about events and special offers.