Hacked Florida water plant was still using Windows 7

Investigators call attack on Oldsmar water supply system “unsophisticated”

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

More details have emerged about the recentcyberattack on a water treatment utilityin the city of Oldsmar, Florida, with the facility involved apparently still using outdatedWindows 7PCs.

Reports quote investigators as saying that “the cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poorpassword securityand an outdatedWindows 7operating systemto compromise software used to remotely manage water treatment.”

The hack, which could have caused a major catastrophe had it not been for an alert supervisor, has once again brought the spotlight on the threat to operational technology in civil infrastructure.

Poorly configured systems

Microsoftended mainstream support for Windows 7 on January 13, 2015, though it continued to receive security updates. However,Windows 7 finally reached end-of-lifeover a year ago on January 14, 2020 when Microsoft ceased to provide any update for the operating system, urging users to switch toWindows 10.

Despite thismillions of users still haven’t updatedfrom Windows 7. As it turns out, the Oldsmar county’s water treatment plant is one of them.

Dubbing the attack as “relatively unsophisticated”, the investigators shared that the attacker likely used the TeamViewerremote desktop sharing softwareto make his way into the system.

Speaking toTechRadar Pro, Eddie Habibi, Founder of PAS, which provides software solutions to prevent exploitation of operational technology, agreed, adding that “while much of the coverage of the cyber risk to critical infrastructure to date has focused on the age of many industrial control systems and the fact that they were not designed and deployed with security in mind, in this case, the attack vector appears to have been the increased level of remote access enabled by the Florida county.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via:Engadget

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

iStorage Group acquires Kanguru Solutions as it looks to expand security offering

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

Professionals are facing “tech overload” as they try to juggle multiple devices in the workplace