Oldsmar Water Treatment Incident UPDATE: FBI Issues Alert and Provides 9 Cybersecurity Tips
The Federal Bureau of Investigation (FBI), issued an alert to inform companies about the use of out-of-date Windows 7 systems, dangers that come with the desktop sharing software TeamViewer, and the importance of having strong passwords.
The latest warning was in response to the Oldsmar incident in which an attacker managed to gain access to a water treatment plant’s network and (as shocking as it may sound) managed to modified chemical dosages to dangerous levels.
Receive weekly UPDATES with Cybersecurity Insights, practical security awareness advice, and MUCH MORE!
The FBI’s investigation identified TeamViewer as the attacker’s entry point into the Oldsmar water treatment plant’s network. This was determined after they confirmed that the attacker connected to a computer in the plant’s network via TeamViewer on several occasions.
Regarding TeamViewer, the FBI’s exact advisory was:
“Beyond its legitimate uses, TeamViewer allows cyber actors to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs),” the FBI said.
“TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to typical RATs.”
Issues with Windows 7
Guess which operating system they were using the Oldsmar water treatment plan? If you guessed Windows 7 you are correct!
Last year the FBI advised US companies about the dangers of using Windows 7, after it reached end-of-life, on January 14, 2020. While the investigation is still ongoing, the FBI says that continuing to use any unsupported operating system exposes networks to attacks and other vulnerabilities that can compromise security.
Here 9 basic security best practices that the FBI recommends:
- Use multi-factor authentication;
MFA helps protect you by adding an additional layer of security, making it harder for bad guys to log in as if they were you. Your information is safer because thieves would need to steal both your password and your phone.
- Use strong passwords to protect Remote Desktop Protocol (RDP) credentials;
One way of initiating security for your remote desktop connection is by generating a strong password. This will serve as the first line of defense of your organization’s RDP against any unwanted attacks and threats. Pro tip: Your password must contain at least one numeric character and one special character in it.
Tips 3-6 are mainly for IT & Cybersecurity Professionals but you should still consider them...
3. Ensure virus, spam filters, and firewalls are up to date, properly configured, and secure.
4. Audit network configurations and isolate computer systems that cannot be updated;
5. Audit your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts;
6. Audit logs for all remote connection protocols;
7. Train users to identify and report attempts at social engineering;
Employees are your biggest vulnerability—at least until they are prepared to recognize and report phishing attempts. Phishing and related social engineering campaigns are today’s number one attack vector. Over 90,000 unique phishing campaigns are launched every month. Surveys show that phishing is seen more than any other type of threat, and that phishing and social engineering attacks are the number one concern of security professionals.
Watch VIDEO on how to Phish Your Users in Under a Minute…
8. Identify and suspend access of users exhibiting unusual activity;
Your organization should have a strong cybersecurity awareness program that covers how to report unusual activity. When in doubt, the FBI encourages victims to report information concerning suspicious or criminal activity to their local field office.
9. Keep software updated.
If the Oldsmar water treatment incident taught us anything it was that we must ensure that our software are up to date. So instead of procrastinating about software updates, see those updates as one of the most essential steps you can take when it comes to protecting your information.
The bottom line is that Oldsmar water treatment attack reminded us that in order for organizations to operate safely in the Age of Information they must value cybersecurity and adopt a proactive mindset.