Link to article — https://www.theverge.com/2021/2/8/22273170/hackers-water-treatment-facility-florida-hacked-chemical-levels-changed
What happened exactly?
A water treatment facility in Florida was hacked. The attacker’s intention was unclear but it did try to modify the water makeup by adding sodium hydroxide. As noted in my previous posts. An attacker or threat is not always trying to break into the system to steal information. They would break into systems that may have a reputational, system, or service damages. In this case, the attacker was trying to damage either the consumers by possibly poisoning the water or the facility’s reputation by exploiting its security practices. There are not many details from when the article was released. The operator only noticed when someone took over the control of the mouse and changed the makeup of the water treatment over the software. From an educated guess this is a remote access trojan (RAT) attack. There is probably some malware installed by the attacker which lets them take over and monitor the system.
What can be done to prevent the incident from happening?
There are not many details from when the article was released. This tactic of prevention is a flaw in itself from what was mentioned in the article. What would happen the operator went to the restroom and didn’t notice what happened on the screen. This list isn’t complete but there need to be some controls that need to be implemented.
Vulnerability scanning — to see if anything is out of date or misconfigured
Anti-virus/malware software — to see if it was RAT malware or others
SIEM tools — for computer anomalies that may have detected and prevented the remote access by another party
IPS — might have prevented external control
IDS — for detection and reporting
Firewall — for monitoring and controlling incoming and outgoing network traffic based on predetermined security rules
Access controls — to limit who can access the software for water chemical configuration
Note: If anything is incorrect or unclear. I will update upon notifcation.