How a Cyber Attacker Almost Contaminated a Town's Water Supply

On Friday, February 8, an unknown cyber attacker was able to use a common remote control and viewing software called TeamViewer to modify the sodium hydroxide (aka lye) levels for the water treatment system serving Oldsmar, Florida.

The Super Bowl was being played two days later in Raymond James Stadium in Tampa Bay, only 13 miles away from Oldsmar. Now a paranoid cybersecurity person might immediately think this is the work of a sophisticated terrorist organization or state-sponsored attacker. The water system at the stadium will be compromised and all the unsuspecting people attending the game will be in peril. But the cybersecurity savvy might have a different opinion. It turns out the Oldsmar water treatment facility does not service the stadium in any way and the cyber-attack hardly looks to be sophisticated or well-planned.

However, it still could have been catastrophic for the 15,000 people who live in Oldsmar. Thankfully, the attacker modified the sodium hydroxide levels during the day, right in front of an observant operator and secondary controls were in place to stop the process before the water supply was contaminated.

The cyber-attack looks like an opportunistic attack for an insecure or weakly protected TeamViewer account. The sodium hydroxide level was changed from an acceptable level of 100 parts per million up to 11,100 parts per million – the simple addition of two numerals making the modification excessive. The attacker did not alter the operator’s view of the system, which would lead the operator to believe everything is okay when it’s not. And it took place at 1:00 pm EST, right in the middle of the day. While not all the details have been released and the investigation is ongoing, it looks to be the work of a technically unsophisticated adversary.

Even so, this should be another wake-up call for businesses. This attack was attempted and could have succeeded. It underscores that even opportunistic and simple attacks can have disastrous effects. It illustrates how quickly and easily an attacker could secure your password and use your own tools against you.

Are you aware of your internet security posture? Is TeamViewer running in your environment (or others as there are dozens of remote access programs)? What could a simple attack do to your infrastructure or business? Don’t delay, use this example as motivation to get started on your company’s cybersecurity.

UHY Consulting’s Cybersecurity specialists address cybersecurity as an enterprise business risk. We take a facilitated approach to determine the optimal assessment type, and we tailor each cybersecurity assessment engagement to the individual needs of our clients. Simply put, we translate IT risks into business risks and provide meaningful insight to your stakeholders – from the boardroom to the security engineer.

It is time to learn more about your current security posture. Please contact us at 630-288-6992 or cyber@uhy-us.com.