The water treatment facility of Oldsmar was accessed remotely by a hacker who raised the levels of sodium hydroxide in the water supply.
The plant’s operators saw a brief intrusion two days before NFL’s Super Bowl. The computer systems were accessed remotely, an action which merely went undetected, as many supervisors use the remote access functionality to monitor systems. However, during the second intrusion which lasted almost five minutes, hackers raised the sodium hydroxide in the water from 100 ppm to 11,100 ppm, which made the water poisonous.
Water treatment facilities use sodium hydroxide to control the water’s acidity and remove metals from the drinking water.
The unauthorized intrusion was quickly detected and the hacker’s actions were remediated. But even if the plant’s operators hadn’t acted quickly, it would have taken up to 36 hours for the tainted water to hit the water supply. Redundancy systems would have tested it and caught the high levels of chemicals in the water.
Even though the public was never in any real danger, the incident should be a wake-up call for the potentially catastrophic effect an attack on critical infrastructure can have on public safety.
Check the source.
- H0lyGh0st Ransomware After Small and Midsize BusinessesMicrosoft has linked H0lyGh0st, a cyberthreat that emerged in June 2021 and targets small-to-midsized businesses, to North Korean state-sponsored […]
- Popular NFT Marketplace Ravaged by $540M Phishing SchemeIn March, a North Korean APT netted $540 million thanks to a massive phishing operation carried out on the […]
- Massive $59M Facebook Phishing Campaign Steals Nearly 400M CredentialsThreat actors have managed to net a staggering $59 million and steal hundreds of millions of credentials in a […]
- Human Error is a Top Security Risk in 2022, New Report ShowsA new report from Verizon warns about the human error as being one of the most frequent causes of […]
- Paying The Ransom – An Open Invitation For A Second Attack, 2022 Report WarnsWhether the unlucky victim of a ransomware attack ends up paying the ransom or not, they are still susceptible […]