- #Breached plant employees used same teamviewer software#
- #Breached plant employees used same teamviewer windows 7#
- #Breached plant employees used same teamviewer windows#
These folks often work for an environmental state agency charged with regulatory oversight of water and sewage treatment plants. The people with oversight on facilities like this are usually Engineers or Environmental Specialists that know a lot about water treatment plant design and operation but almost nothing about IT operations or security. Not ideal, but better than what they had here. Configure AD to permit who is allowed remote access and when.
#Breached plant employees used same teamviewer windows#
This is a lot more on the human side than on the tech side, really.Īlternatively, a VPN gateway and allow RDP to the Windows boxes through the tunnel. Why were they not enabled? Management wanted access and didn't want to be bothered? Teamviewer allegedly does have security features. It was normally enabled as default - you had to shut it off manually or by Group Policy if you wanted to go bare.
#Breached plant employees used same teamviewer windows 7#
Windows 7 had the same basic firewall functionality built in as everything from XP SP2 through 10. Instead of fighting for big government $$, just get the right thing done.
That for very low costs keeps our systems safe.
#Breached plant employees used same teamviewer software#
(I guarantee you this is a rampant problem in companies.)Īlternatively, I think major software companies should open “government & critical infrastructure” wing. Secure, stable, auditable remote access is just as necessary if we are really going to secure systems like this. Microsoft learned this with virus protection, that is couldn’t keep punting to 3rd parties.
“Premium” such as integration with AD, 2 factor, and easy patching / updates being locked away in $$ enterprise subscriptions may drive revenue, but also encourages hacking, workarounds, and vulnerabilities. And the resistance of it being a fundamental part of the OS means we end up with shoddy and cheap workarounds to get the needed functionality. Lots of non-tech people use / require it. Remote access SHOULD be a system level and common feature. We will continue to monitor cybersecurity issues affecting the water sector and provide additional updates on the blog as warranted.May not be a popular take hear, but I see this as part of a fundamental issue with Operating Systems. The advisory also includes general recommendations and TeamViewer software recommendations.”įor additional insight on the continued use of the unsupported Windows 7 operating systems, please also see the recent Utility Dive article “ Florida water utility hack reveals thousands of organizations vulnerable to Window 7 exposure.” It observes that these types of controls can be of particular benefit to smaller systems, such as the one involved in the recent incident, which may have limited cybersecurity capabilities. As the advisory notes, these are systems that physically prevent dangerous conditions from occurring if the control system is compromised by a threat actor. These threat overviews discuss how cyber actors have been observed exploiting these systems for malicious activities." "The advisory also includes a specific recommendations category for water and wastewater systems, which emphasizes the importance of installing independent cyber-physical safety systems.
Based on these findings and observations from other activity, the advisory includes threat overviews for desktop sharing software and Windows 7 end of life. Thanks to proactive staff action and system safeguards which were in place, the threat was averted and the public was never put at risk.Īccording to the Association of California Water Agencies (ACWA): “The advisory states cyber actors likely accessed the system by exploiting cybersecurity weaknesses, such as an outdated operating system (Windows 7), and that it is possible a desktop sharing software (TeamViewer) may have been used to gain access to the system.
On February 5 th, a hacker gained access to the plant and increased the sodium hydroxide (commonly known as lye) in the water to a dangerous level, altering it from 100 parts per million to 11,100 ppm. Cybersecurity & Infrastructure Agency and the Multi-State Information & Analysis Center, part of the nonprofit Center for Internet Security-comes on the heels of a cyberattack on the Oldsmar, Florida water treatment plant. The Advisory-jointly authored by the FBI, U.S. Following up on our December 2020 post regarding the SolarWinds cybersecurity breach, we wanted to provide a link to the Februjoint Cybersecurity Advisory issued by the federal government.
0 kommentar(er)
