- I use this cheap Android tablet more than my iPad Pro - and don't regret it
- Change these 10 iOS settings right now to instantly get better iPhone battery life
- How to clear the cache on your Windows 11 PC (and why you shouldn't wait to do it)
- These Sony headphones deliver premium sound and comfort - without the premium price
- The LG soundbar I prefer for my home theater slaps with immersive audio - and it's not the newest model
Major Water Supplier Suffers Nine-Month Long Breach
One of Australia’s largest regional water suppliers was breached for several months before detecting the unauthorized access, another worrying sign of weaknesses in critical infrastructure security.
A Queensland Audit Office annual report on the water industry did not mention the provider by name but said it continues to see “significant control weaknesses in the security of information systems” across the industry.
The breach in question occurred between August 2020 and May 2021, resulting in unauthorized access to a web server.
“Threat actors targeted an older and more vulnerable version of the system. The web server that stores customer information contained suspicious files that increased visitor traffic to an online video platform,” the report explained.
“As entities use more cloud-based services (which provide remote access to systems), cyber risk vulnerabilities and exposures must be continuously assessed. Entities need to make sure their users are aware of their responsibilities in managing cyber risks.”
A local report identified the provider as Sunwater, one of the state’s largest regional providers.
The auditor explained that it had taken corrective measures, including patching, more robust password practices, and network monitoring.
Although this breach appears to have been caused by financially motivated cyber-criminals, with no impact on customers, utility providers are increasingly being targeted by more concerning attacks designed to cause service disruption and even harm citizens.
In 2019 a former employee at a Kansas plant accessed and shut down some of the key processes used to disinfect water. Earlier this year, in the Florida city of Oldsmar, an actor tried to change the water supply’s chemical balance by remotely logging into a SCADA system.
Last month, the US authorities issued an alert warning of ongoing malicious cyber-activity targeting the country’s water and wastewater systems (WWS) sector.
Spear-phishing, compromise of Remote Desktop Protocol (RDP) systems, and exploitation of unpatched or outdated software were the key threat vectors highlighted in the report.
