Cyber criminals have been targeting US water infrastructure with alarming frequency, breaching two water plants in rapid succession at the start of this year. In January, an attacker compromised a water plant serving part of the San Francisco Bay area. A few weeks later, bad actors gained access to the water treatment plant for Oldsmar, Florida and even managed to adjust the levels of lye in the drinking water before being detected.
Fortunately, no one was harmed in either of these attacks. People in these communities could have quickly fallen ill had these bad actors succeeded in altering the water supply, however. Here's a look behind the scenes of a water supply hack, why these kinds of attacks are increasing and how businesses can protect themselves from similar threats.
What's behind the rise in water supply hacks
Cyber attackers have laid siege to US infrastructure with increasing intensity in recent years, causing the Biden administration to respond with an order addressing the growing national security threat. Not content to pillage lucrative data or demand hefty ransoms, these attackers are also looking to destabilize US infrastructure and institutions on a larger scale. As NBC News reports, small and rural water plants are especially vulnerable because they lack robust cybersecurity programs. Like many businesses, they now often support remote workforces. This means their attack surfaces have grown, giving malicious actors even more opportunities to find a way in the door.
How hackers are gaining access to water supply infrastructure
Cyber attackers have had a relatively easy time gaining access to water supply infrastructure. They have been spotted buying and selling former water plant employees' usernames and passwords on the dark web. With those credentials in hand, they were able to log into key systems. In some cases, they were even able to use employees' TeamViewer accounts to gain remote access to critical water supply systems. In fact, this is how the water supply hack in Oldsmar was spotted. A water plant employee noticed a cursor on his screen navigating over to critical settings and making changes, which caused him to notify his colleagues that he had detected suspicious activity.
The water plants could have improved their defenses by using a password manager to teach employees best practices for password hygiene, such as using a unique password for each account. This way, even if cyber attackers got their hands on old employee passwords via the dark web, they could not have used those same passwords to try and gain access to additional systems. Multi-factor authentication (MFA) would have given the water plants a crucial heads up about a potentially suspicious login attempt, enabling them to act before the attackers got to the point of actually adjusting water treatment settings.
How businesses can protect themselves from similar attacks
Many businesses and organizations are vulnerable to the same kinds of attacks as these water plants. Ransomware attacks in healthcare spiked during the pandemic, for example, disrupting patient care at a moment when it could not have been more critical. The good news is that you can better protect your business from similar attacks by following a few best practices.
A business password manager can teach employees proper password hygiene, ensuring that they use only strong passwords and alerting them when they attempt to re-use the same password for multiple accounts. It can also alert employees when their credentials have appeared on the dark web, allowing them to change their passwords before malicious actors begin knocking on the company's digital door. Security for remote IT that features IP restrictions and two-factor authentication (2FA) can help the business make sure that login attempts are from authorized users and, if a suspicious login attempt occurs, the company knows about it in time to take action.
The recent uptick in water supply hacks offers us a lesson about the value of cybersecurity. Businesses that take proactive steps to safeguard critical systems and data now will have a much better chance of warding off similar attacks when cyber attackers come calling.
Learn how LastPass' adaptive multi-factor authentication protects your business while simplifying the employee experience.