Skip to content

Remote hackers attempt to poison Florida city after breaching water treatment facility

  • A hacker gained access to the water treatment system for the city of Oldsmar, Florida, through TeamViewer, a remote desktop software, and attempted to increase the chemical levels, to extremely dangerous levels.
  • Reports say that this wasn’t a sophisticated attack and that these incidents involving less skilled actors trying to access industrial control systems have increased since last year. Remote access software greatly increases the attack surface.
  • For a more sophisticated attacker the 3 to 5 minutes of unauthorized access could’ve led to some significant org. Organizations moving towards Zero Trust need to incorporate continuous authentication.

An attacker gained access to a water treatment system in Oldsmar, Florida, and attempted to poison the water plant by increasing the concentration of sodium hydroxide (NaOH) to extremely dangerous levels. The attacker gained access through TeamViewer, a remote desktop software, that allows authorized users to troubleshoot system problems remotely. They were reported to have spent between three and five minutes inside the system changing the NaOH level from 100 parts per million to 11,100 parts per million. Luckily a plant operator was present at the time and noticed that someone took control of the mouse and was using it to make changes and cutoff remote access.

While the water treatment system is set up with redundancies that would have sounded an alarm if the water’s chemical levels became too dangerous, this is not the first attack (nor will it be the last) on water treatment facilities. According to reports, this was not a sophisticated attack and the number of incidents involving less skilled actors trying to access industrial control systems remotely have increased since last year. Remote access, while especially convenient for teams working from home, greatly increases the attack surface of an organization.

Although the attack this time was mitigated, a more sophisticated attacker may have caused a lot more damage. The 3 to 5 minutes of unauthorized access within a system is dangerous enough and was only detected because a plant operator was present at the time and witnessed the attack in real time. A sophisticated attacker could’ve easily launched a more stealthy attack and waited for an opportune time to do something significantly more dangerous. While remote access software is typically protected by something like a VPN or MFA, if bypassed there is no way to tell if an unauthorized user is accessing systems. This is why organizations that are moving towards Zero Trust Architecture, need to incorporate continuous authentication. With continuous authentication, an unauthorized user would’ve been detected and prevented from getting unauthorized access and causing further harm.

Twosense provides continuous authentication that is able to catch over 95% of users within seconds. If you’re interested in seeing how you can incorporate continuous authentication into your organization, reach out to Twosense today.

More from the Blog

April 21, 2020

During this epidemic, continuous authentication is so important that it’s free

COVID-19 has forced organizations to go remote overnight, creating a cybersecurity crisis, which must now be fixed. The...
March 30, 2020

Breaking down how Coronavirus increases cybersecurity risks for remote workers

Coronavirus/COVID-19 is having a huge impact on society and for organizations still in operation, the workplace....
August 21, 2020

Former Uber Security Chief charged for covering up 2016 hack, CISOs may now be thrusted into spotlight after an inevitable breach

Federal prosecutors have charged Uber’s former security chief Joseph Sullivan with obstruction of justice for...

Sign Up for our Blog

We will never share your email address with third parties.