Hacked Florida water plant was still using Windows 7

Start Menu
(Image credit: Microsoft)

More details have emerged about the recent cyberattack on a water treatment utility in the city of Oldsmar, Florida, with the facility involved apparently still using outdated Windows 7 PCs.

Reports quote investigators as saying that “the cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security and an outdated Windows 7 operating system to compromise software used to remotely manage water treatment.” 

The hack, which could have caused a major catastrophe had it not been for an alert supervisor, has once again brought the spotlight on the threat to operational technology in civil infrastructure.

Poorly configured systems

Microsoft ended mainstream support for Windows 7 on January 13, 2015, though it continued to receive security updates. However, Windows 7 finally reached end-of-life over a year ago on January 14, 2020 when Microsoft ceased to provide any update for the operating system, urging users to switch to Windows 10.

Despite this millions of users still haven’t updated from Windows 7. As it turns out, the Oldsmar county’s water treatment plant is one of them.

Dubbing the attack as “relatively unsophisticated”, the investigators shared that the attacker likely used the TeamViewer remote desktop sharing software to make his way into the system.

Speaking to TechRadar Pro, Eddie Habibi, Founder of PAS, which provides software solutions to prevent exploitation of operational technology, agreed, adding that “while much of the coverage of the cyber risk to critical infrastructure to date has focused on the age of many industrial control systems and the fact that they were not designed and deployed with security in mind, in this case, the attack vector appears to have been the increased level of remote access enabled by the Florida county.”

Via: Engadget

TOPICS
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Latest in Pro
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Racks of servers inside a data center.
Modernizing data centers: an efficient path forward
Dr. Peter Zhou, President of Huawei Data Storage Product Line
Why AI commonization is so important for business intelligent transformation and what Huawei’s data storage has to offer
Wix automation
The world's leading website builder aims to save businesses time with new tool
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Latest in News
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock