A hacker venturing to poison the Florida water system by tampering with the chemical levels. Fortunately nobody was harmed by the Oldsmar water treatment facility hack, due to the changes being spotted in time. The attempt, however, is a reminder to all organisations that their networks must be sufficiently secured against cyberattacks. This is especially important for systems that manage physical capabilities and can be remotely accessed.
“What we can learn from this from a defender and an operator perspective as the utility is making sure that we’re securing credentials and, wherever possible, limiting the exposure of authentication portals to external entities and implementing multi-factor authentication wherever possible to really minimize the impact of credential guessing,” says Joe Slowik, senior security researcher at DomainTools.
On top of this, multi-factor authentication can provide an additional barrier to any attacker trying to gain access. Slowik emphasises the need for knowing what’s on your network and being able to identify unexpected or unusual activity: “First and foremost, it’s just understanding your own attack surface; what do we have exposed? What are the possibilities for third parties or unwanted entities for accessing our environments. Knowing what those avenues are and, after they’ve been identified, securing them. So, that combination of understanding our own networks, hardening our networks, where possible, and then looking for attempts to subvert or break into these environments. It sounds fairly basic but that’s, at least where we need to get started for defending these environments.”