A watering hole attack was carried out a few months ago on the Oldsmar water plant in Florida. An infrastructure contractor placed malware on the water treatment company’s website to poison the plant’s water. In this article at the Hacker News, Ravie Lakshmanan shares more details on how the Florida water plant system was hacked.
How Did It Happen?
In a watering hole attack, cybercriminals single out a website where numerous users of their target organization visit. In this particular case, the hacker had access to the visitors’ systems through an injected malware in the target website. The malicious code collected visitor data like operating system, CPU, browser, plugins, input methods, camera, microphone, time zone, location, and so on. This data was then uploaded on an app database named Heroku (bdatac.herokuapp[.]com). Dragos, a cybersecurity firm, believes a WordPress plugin has also been compromised to hack the Florida water plant system’s website.
The D-Day Steps
The hacker laid the trap open from December 20, 2020, to February 16, 2021. In those 58 days, nearly 1,000 end-users visited the hacked website. Dragos researcher Kent Backman states, “Those who interacted with the malicious code included computers from municipal water utility customers, state and local government agencies, various water industry-related private companies, and normal internet bot and website crawler traffic.”
The telemetry data from the Florida water plant revealed that one of the users’ computers that visited the website on February 5, 2021, was from the City of Oldsmar. On the same day, an unidentified computer also accessed the SCADA system of the water treatment plant through TeamViewer. The hacker tried to poison the supply by increasing the sodium hydroxide level in its water. However, it was blocked when an operator detected real-time system manipulation and stopped it in time.
The Florida water plant and Colonial Pipeline ransomware attacks had made the U.S. government sit up. As a result, they plan to increase protection for federal networks and make information transfer between the private sector and the government more secure.
To view the original article in full, visit the following link: https://thehackernews.com/2021/05/watering-hole-attack-was-used-to-target.html