London Daily

Focus on the big picture.

Cybercriminals are selling access to water treatment plants like the one hacked in Florida — here's why experts think the problem could get worse

Cybercriminals are selling access to water treatment plants like the one hacked in Florida — here's why experts think the problem could get worse

Experts expect that "we'll see more news of attack scenarios and how those attacks can be monetized" because of ongoing security vulnerabilities.
Cybercriminals in underground forums have offered to sell access to hacked systems that control US power plants and water treatment systems, according to a new report from the threat intelligence firm Intel 471. Hackers likely took advantage of common security vulnerabilities in these systems, experts say — and they fear that such attacks could become more common as bad actors find ways to monetize the hacks.

The systems that cybercriminals offered access to bore a striking resemblance to the Oldsmar, Florida water treatment plant that was compromised by a hacker last week. Law enforcement officials said an unknown intruder gained access to software used by plant managers to remotely control its systems and attempted to raise the amount of sodium hydroxide — also known as lye — in the drinking water to dangerous levels.

Intel 471 researchers were careful to note that they don't have hard evidence proving that the cybercriminals offering access to hacked industrial systems are the same ones who hacked the Oldsmar plant. But their findings illustrate broader cyber vulnerabilities in US systems that control infrastructure. For years, experts have sounded alarm bells about potential issues with these so-called Supervisory Control and Data Acquisition systems (or SCADA systems), which monitor and control machines in the field.

"Attacks on SCADA systems are not new," an Intel 471 spokesperson said in response to emailed questions from Insider following the report. "It is often easy for non-sophisticated threat actors to identify internet-facing SCADA systems and gain access with very little effort."

In one instance logged by Intel 471, a cybercriminal in a Telegram channel popular with hackers offered in May 2020 to sell access to a "Groundwater Recovery & Treatment System" located in Florida. The hacker claimed to have broken into software used by administrators to remotely control the system, and included a screenshot that showed levels of sodium hydroxide in the water.

The person who posted the screenshots in the Telegram channel was likely an Iranian actor, Intel 471 researchers said. The Telegram channel in question was also tied to a 2020 hack of an Israeli water reservoir. There's no evidence to suggest that this person was motivated by anything other than monetary gain and notoriety, the spokesperson said.

The researchers' findings illustrate broader weaknesses in the cyber defenses of US critical infrastructure. Many industrial control systems can be easily located using online directories like Shodan, which logs internet-connected devices. From there, experts say even low-level hackers can scour out stolen or default login credentials to try to break into the software that controls the systems.

"SCADA systems are notorious for using weak default admin credentials, non-standard ports, and other technical identifiers," the spokesperson told Insider.

Too much critical infrastructure is connected to the public internet with lax security protections, in part because of egregiously low cybersecurity budgets.

Industrial systems are a growing target for profit-driven hackers across the board. In the past year, researchers have tracked cybercriminals probing computers connected to critical infrastructure and reselling access to those computers to more sophisticated hacking groups, according to the security firm Kaspersky.

"We believe the malicious actors have had, for quite a while, access to not only industrial organizations but also lots of information on their technological processes," Evgeny Goncharov, Kaspersky's head of Industrial Control Systems Cyber Emergency Response Team, said in a webinar Thursday. "Probably in the near future we'll see more news of attack scenarios and how those attacks can be monetized."

The FBI published a joint advisory with the Cybersecurity and Infrastructure Security Agency on Thursday advising critical infrastructure agencies to install the latest version of Windows and urging them to be on the lookout for suspicious logins to their remote access software.
Newsletter

Related Articles

London Daily
0:00
0:00
Close
Unelected PM of the UK holds an emergency meeting because a candidate got voted in… which he says is a threat to democracy…
You Are So Beautiful
Rob Schneider explains California reparations legislation.
Postmodern Jukebox European Tour Version
Who knew badminton could get so intense?
An old French tune (by Georges Brassens) Pomplamoose ft. John Schroeder
Farmers break through police barriers in Brussels.
Sattahip Motor Show 20
London's Iconic British Telecom Tower Sold To Become Hotel
SONATE AU CLAIR DE LUNE - Moonlight sonata
Ukraine Arrests Father-Son Duo In Lockbit Cybercrime Bust
A kiss to build a dream on
US Offers $15 Million For Info On Leaders Of Cybercrime Group Lockbit
Wonderful Tonight - Eric Clapton (Boyce Avenue acoustic cover)
Russia Claims UK Cultural Agency Spied for Ukraine
Mean Blues
Apple warns against drying iPhones with rice
La Chansonnette
Alexei Navalny: UK sanctions Russian prison chiefs after activist's death
Pattaya Addicts
German economy is in 'troubled waters' - ministry
Franz Liszt - Liebestraum - Love Dream
In a recent High Court hearing, the U.S. argued that Julian Assange endangered lives by releasing classified information.
Dream a little dream of me
New video
Unchained Melody sung like you've NEVER heard!
Tucker Carlson says Boris Johnson wants "a million dollars, in Bitcoin or cash, from Tucker Carlson to talk about Ukraine.
Dave Brubeck - Take Five
Russia is rebuilding capacity to destabilize European countries, new UK report warns
Édith Piaf - Non, Je Ne Regrette Rien (Sofie)
EU Commission wants anti-drone defenses at Brussels HQ
Rondo Alla Turca
Von der Leyen’s 2nd-term pitch: More military might, less climate talk
Kiss of fire
Global Law Enforcement Dismantles Lockbit Ransomware Operation
Tom Jones - I´ll Never Fall In Love Again 1967, 1989, 2001
Prince William Urges End to Gaza Conflict
Israel Cachao López - Guajira Clásica
UK court to hear Assange's final appeal against extradition to the US, where he faces charges related to his journalistic work—the publication of a classified video in 2010 that exposed US war crimes against humanity.
Edward Maya - Stereo Love (feat. Vika Jigulina) (Extended Mix)
About 50-60% kids either chose to be YouTuber or influencer
Strauss - Radetzky March - Karajan
A viral video of Nationals MP Barnaby Joyce lying on a Canberra footpath is celebrated by his media mates.
La vie en rose
European Countries React to Navalny's Death by Summoning Russian Diplomats
The Temptations - My Girl (Smokey Robinson Tribute) 2006 Kennedy Cent
Israel has gone ‘beyond self-defence’ in Gaza, says Labour’s Streeting
Orlando Cachaito Lopez Redencion
English farmers to be offered ‘largest ever’ grant scheme amid food security concerns
Edith Piaf - NON, JE NE REGRETTE RIEN
Cameron government knew Post Office ditched Horizon IT investigation
RADETZKY MARCH-2008-Wien, New Year Concert
EU Calls for Immediate Ceasefire in Gaza Conflict
Only you (And you alone)
EU Vows To Hold Putin "Accountable" After Meeting Alexei Navalny's Wife
Strangers In The Night
EU Launches Probe Into TikTok Over Child Protection Under Digital Content Law
Charles Aznavour - La Boheme
The EU Initiates Naval Mission to Defend Red Sea Trade Routes
Summer time
EU and UK Announce Joint Effort on Migration
Sting and Stevie Wonder - Fragile (from Sting's 60th birthday concert)
Brazil's Lula Likens Gaza Operation to Holocaust, Israel Says "Red Line" Crossed
Aux Champs Elysees
Ministers Confirm Proposal to Prohibit Mobile Phone Usage in English Schools
Stand By Me - Ben E. King (Boyce Avenue acoustic cover)
Microsoft-backed OpenAI valued at $80bn after company completes deal
La Mer (Beyond the Sea) – Avalon Jazz Band
‘Alexei would want to tell Russia not to give up fighting’
She
Rwandan Footballer's Dismissal Sparks Concerns Over UK Asylum Plan
Nathalie Song by Enzo Petrachi Stjepan Hauser Cello
Whisky Challenges China's Baijiu Market During New Year Celebrations
Shape of My Heart - Sting (Boyce Avenue acoustic cover)
Avdiivka - Symbol Of Ukrainian Resistance Now In Control Of Russian Troops
Radiohead - Creep
Putin Critic Alexei Navalny's "Killers" Refusing To Hand Over Body, Say Allies
Quizás,Quizás,Quizás - Andrea Bocelli - Jennifer Lopez
"Historic Step": Zelensky Signs Security Pact With Germany
Perhaps, Perhaps, Perhaps - Multi-Couples
"Historic Step": Zelensky Signs Security Pact With Germany
Pentatonix Havana
20 Tech Giants Sign Effort To Fight AI Election Interference Across Globe
Paula Cole - Autumn Leaves
Joe Biden Accuses Putin of Causing Navalny's Death
Oscar Benton Bensonhurst Blues
Russian opposition leader Alexey Navalny has died at the Arctic prison colony
OH NANANA vs ABUSADAMENTE
Tucker Carlson grocery shopping in Russia. This is so interesting.
Nina Simone - ”I Put A Spell On You”. Vezi aici cum cântă Jeremy Ragsd
Julian Assange's Wife Warns of His Death if Extradited to US
NIGHTWISH - The Phantom Of The Opera
‘A lot higher than we expected’: Russian arms production worries Europe’s war planners
Motorshow 2016 Tanjay Negros Oriental
Greece Legalizes Same-Sex Marriage and Adoption Rights
Monica Bellucci - Ti Amo
Hungarian Foreign Minister: Europeans will lose Europe, the Union's policy must change drastically
Michael Jackson - Billie Jean Milena The Voice France 2018
In Britain Homeowners are receiving CPO’s (Compulsory Purchase Orders) so their homes can be redistributed to migrants
Michael Buble (Help Me Make It Through The Night) feat Loren Allred
Memories Canon In D - Maroon 5 (Boyce Avenue piano acoustic cover)
Matteo Simoni - Marina
Maroon 5 - One More Night
Maroon 5 - Memories
Mark Knopfler - Brothers In Arms (Berlin 2007 Live)
Mark Knopfler & Emmylou Harris - Romeo And Juliet (Real Live Roadrunni
Marina, Marina - The LUCKY DUCKIES intimist live concert at Guimarães
Major Lazer & DJ Snake – Lean On Mauranne The Voice France 2016
Love Theme from Romeo and Juliet - Joslin - Henri Mancini, Nino Rota
LoLa & Hauser - Love Story
Linkin Park Jay-Z - Numb Encore (Live 8 2005)
Hallelujah Mennel Ibtissem, The Voice France Leonard Cohen
Leonard Cohen - Dance Me to the End of Love
Leonard Cohen & Natasha Rostova - Dance me to the end of love
La casa de papel - Bella Ciao
La Camisa Negra
L'italiano (Toto Cutugno) - The Gypsy Queens
Juanes - La Camisa Negra
Jonathan and Charlotte - Britain's Got Talent 2012 Live Semi Final - U
John Powell - Assassin's Tango
Joe Cocker - You Can Leave Your Hat On (LIVE in Dortmund)
Joe Cocker - Unchain My Heart 2002 Live
Joe Cocker - A Whiter Shade Of Pale
Jay Z & Alicia Keys - Empire State of Mind LIVE
Jason Mraz - Im Yours (live)
Jarrod Radnich - Bohemian Rhapsody - Virtuosic Piano Solo
James Blunt - You're Beautiful
James Blunt - You're Beautiful & Bonfire Heart (Live at The Nobel Peac)
If You Go Away - Helen Merrill & Stan Getz (Tribute to Virna Lisi)
I'LL BE MISSING YOU
I Say a Little Prayer
Hotel California ( Eagles ) 1994 Live
Historia de un amor - Luz Casal. Vezi interpretarea Biancăi Sumanariu
Here Comes The Sun - The Beatles (Boyce Avenue acoustic cover) on Spot
Heart - Stairway to Heaven Led Zeppelin - Kennedy Center Honors
HAVANA by Camila Cabello Zumba Pre Cooldown TML Crew Kramer Pastra
HAUSER and Señorita - I Will Always Love You
HAUSER - Waka Waka
HAUSER - Sway
HAUSER - Lambada
HAUSER - Historia de un Amor
HAUSER - Despacito
Great Pretender
Georgia May Foote & Giovanni Pernice Samba to 'Volare' - Strictly Come
Gary Moore - Still Got The Blues
GIPSY KINGS VOLARE Penelope Cruz
Fugees - Killing Me Softly With His Song
French Latino - Historia de un Amor
For A Few Dollars More The Danish National Symphony Orchestra (Live)
Flashdance • What a Feeling • Irene Cara
Filip Rudan - “Someone You Loved” Audicija 4 The Voice Hrvatska Sez
Eric Clapton - Wonderful Tonight
Enya - Only Time
Enrique Iglesias - Bailando (English Version) ft. Sean Paul
Enrique Iglesias - Bailamos
Elena Yerevan Historia de un amor
Ed Sheeran - Shape of You (Official Music Video)
Ed Sheeran - Perfect Symphony [with Andrea Bocelli]
Ed Sheeran - Perfect (Official Music Video)
Easy On Me - Adele (Boyce Avenue 90’s style piano acoustic cover) on S
ERA - Ameno
ELENA YEREVAN- Cancion Del Mariachi-IN STUDIO-2017 DPR
Dust In The Wind - Kansas (Boyce Avenue acoustic cover)
Don't Let Me Be Misunderstood
Despacito x Shape Of You - Pentatonix
Deep Purple - Child In Time - Live (1970)
David Foster When A Man Loves A WomanIt's A Mans World (SealMichael Bo
Dance me to the end of Love ( Pi-Air Design )
Coolio - Gangsta's Paradise (feat. L.V.) [Official Music Video]
Conquest Of Paradise (Vangelis), played on Böhm Emporio organ
Cielito Lindo
Chico & The Gypsies - Bamboleo
Canción Del Mariachi - Antonio Banderas, Los Lobos • Desperado
Camila Cabello - Havana (Audio) ft. Young Thug
Camila Cabello - Havana ( cover by J.Fla )
California Dreamin' - The Mamas & The Papas José Feliciano (Boyce Ave
Buster Benton - Money Is The Name of The Game
Hallelujah Pentatonix
Bobby McFerrin - Don't Worry Be Happy (Official Music Video)
Bob Dylan - Knockin' On Heaven's Door Emilia The Voice Kids France
Besame Mucho - Cesaria Evora
Ben E. King - Stand by Me Sax Cover Alexandra Ilieva Thomann
Bella Ciao
Bella Ciao - INSTRUMENTAL
Beautiful in White x Canon in D (Piano Cover by Riyandi Kusuma)
Bad Romance - Vintage 1920's Gatsby Style Lady Gaga Cover ft. Ariana Savalas & Sarah Reich(1)
BELLA CIAO 2020 - KARAOKE ITALIANO
BAMBOLEO - Gipsy Kings • Antonio Banderas, Katya Virshilas
BAILANDO (original)
Awesome Ukrainian yodeler - SOFIA SHKIDCHENKO (with English subtitles)
Avicii - The Nights
Atom - The Great Gig in the Sky
Aretha Franklin - (You Make Me Feel Like) A Natural Woman (Official Ly
Antonio Banderas - Cancion del Mariachi (Desperado)
André Rieu - Zorba's Dance (Sirtaki)
André Rieu - Can't Help Falling In Love
André Rieu & Mirusia - Ave Maria
Andrew Reyes Elton John - Don't Let The Sun Go Down The Voice 2020 (
Andreas Kümmert Whiter Shade Of Pale The Voice of Germany 2013 Showd
And I Love You So
All About That Bass - Postmodern Jukebox European Tour Version
Alan Walker - Faded (Piano Cover)
Ain't No Sunshine -- Bill Withers (cover by Canen 12 y.o.)
African music
Adriana Vidović - “Creep” Audicija 4 The Voice Hrvatska Sezona 3
Adriana Vidović - “Believer” Nokaut 3 The Voice Hrvatska Sezona 3
A Fistful of Dollars - The Danish National Symphony Orchestra and Tuva
4 Beautiful Soundtracks Relaxing Piano [10min]
2CELLOS - Whole Lotta Love vs. Beethoven 5th Symphony [OFFICIAL VIDEO]
2CELLOS - Smooth Criminal (Live at Suntory Hall, Tokyo)
2CELLOS - Smells Like Teen Spirit [Live at Sydney Opera House]
2CELLOS - Despacito [OFFICIAL VIDEO]
13 Year Old Girl Playing Il Silenzio (The Silence) - André Rieu
094.All About That Bass
00 - SADNESS PART 1
(Ghost) Riders In the Sky (American Outlaws Live at Nassau Coliseum, 1
(Everything I Do) I Do It For You - Bryan Adams (Boyce Avenue ft. Conn
What a wonderful world
Moon river
×