Not all hackers are interested in emptying your bank account: some launch attacks on a much larger scale. In Florida, perpetrators tried to poison a water plant supplying 15,000 people. While the attack was detected in its early stages and nobody was hurt, it's not the first time hackers targeted critical infrastructure. So what happened in Florida, and how worried should you be?
Unidentified hackers managed to remotely access the computer system of Oldsmar water treatment plant and increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million. Officials said that such an increase is very dangerous and could have seriously sickened the residents.
The attack was detected by an employee who noticed that somebody was controlling his computer remotely. Luckily, the hack was stopped before any harm was done.
Experts say that hackers accessed a remote water management system by using credentials stolen through phishing or social engineering attacks. In light of the recent hack, the Oldsmar Water Department has stopped using a program called Team Viewer, which allows remote access to its systems.
It’s still unclear who the perpetrator behind the Oldsmar attack was. Investigators speculate that it could be anybody from bored teenagers to state actors. However, this is not the first time hackers targeted critical infrastructure.
In 2015, a cyberattack cut the power for 225,000 people in Western Ukraine for 6 hours. The hack was conducted in the middle of winter, when temperatures in the country are typically below 0 degrees Celsius (32 degrees Fahrenheit). Hackers used spear phishing and social engineering to steal credentials and access the network. Experts suspect that the Russian government was behind the attack, as they were seeking ways to destabilize the country at the time.
Throughout history, wars were fought on physical battlefields, but that's not the case in the 21st century. Cyber espionage became a common practice with state hackers targeting government institutions and companies in foreign countries.
While a data breach might cause sensitive information to be stolen, attacks against power grids or water supplies can do much more damage. If a city is left without electricity, even for an hour, it could have lethal consequences. Every minute matters when a person in critical condition is waiting for an operation at a local hospital.
The recent events of the water treatment plant in Oldsmar illustrate that sometimes we could be in real danger without even knowing it. Infrastructure attacks are no longer an anomaly; this is the new reality we have to face.
For more cybersecurity news, sign up to our newsletter below!