The attack against Oldsmar is far from the first cyberattack against US critical infrastructure. In combination, these factors made it trivial for an attacker to gain remote access to the water treatment plant and modify the chemical mixture of the town’s drinking water. The success of this attack indicates that MFA was not enabled in this case. TeamViewer supports multi-factor authentication (MFA), which makes it harder for compromised credentials to be used to access an account. While it is not proven that the TeamViewer credentials were included in COMB, it is likely that they are and that COMB’s publication inspired the attack.
#Teamviewer hacked 2018 password
This dramatically increases the probability of the password being compromised or easily guessable.Īnalysis after the attack revealed that eleven sets of credentials associated with the Oldsmar water treatment plant were compromised in a 2017 data breach, and thirteen were included in an aggregation of breaches (called COMB) revealed earlier this month.
#Teamviewer hacked 2018 software
The TeamViewer software used in the attack had a single password shared by all users. Gaining remote access to the water treatment plant required the attackers to gain access to a legitimate Teamviewer account.Ī number of different access control issues made this possible: The use of Teamviewer - while dangerous - is not enough to make this attack possible. If a firewall was deployed to block traffic on these ports to the water treatment plant employees’ computers from outside the internal network, then performing this attack would have been much more difficult. Teamviewer can use a custom port (5938) or HTTP-based tunneling for remote control. However, the lack of a firewall was crucial to the success of the Oldsmar attack.
#Teamviewer hacked 2018 windows 7
The use of Windows 7 is troubling but did not contribute to this attack. Additionally, these systems were not protected by a firewall, making it far easier to exploit them remotely. All computers used by the water treatment center’s personnel were running Windows 7, which has not been supported by Microsoft for over a year. While this simplifies management of the systems, it also introduces new cyber risks.Īnother major issue with the water treatment center’s security is that it was using outdated systems and not following basic cybersecurity best practices. Instead of “air gapping” critical systems - which used to be common practice - the control systems for the water treatment center were directly connected to the IT network, which is accessible from the public Internet. This use of remote access solutions for critical infrastructure contributed significantly to making this attack possible. However, he believed that the remote user was a supervisor remotely monitoring the system, which is common. The employee whose computer was used to change the settings on the water system detected access long before these settings were changed. The attacks against the Oldsmar water treatment center took advantage of the common use of Teamviewer for remote control of these systems. The hack of the Oldsmar water treatment plant was made possible by a number of security errors, many of which are commonplace in the industry. Critical infrastructure has suffered many intrusions in recent years, and the only difference between these and Oldsmar’s is that they were “proof of concept” rather than an attempt to do actual damage. The Oldsmar water treatment plant hack is horrifying but not surprising. The attack was only averted because an employee noticed the change and reverted it before it could cause any damage. Their attempt to increase the amount of sodium hydroxide in the water by 111x would have made the water dangerous to drink if successful. The attackers took advantage of remote access systems on the water treatment plant’s network to change the mix of chemicals entering the water.
In the first week of February 2021, the water treatment center for the city of Oldsmar Florida was the victim of a cyberattack.
0 kommentar(er)
