Major Water Supplier Suffers Nine-Month Long Breach

  • One of Australia’s largest regional water suppliers was breached for several months before detecting the unauthorized access, another worrying sign of weaknesses in critical infrastructure security.

    A Queensland Audit Office annual report on the water industry did not mention the provider by name but said it continues to see “significant control weaknesses in the security of information systems” across the industry.

    The breach in question occurred between August 2020 and May 2021, resulting in unauthorized access to a web server.

    “Threat actors targeted an older and more vulnerable version of the system. The web server that stores customer information contained suspicious files that increased visitor traffic to an online video platform,” the report explained.

    “As entities use more cloud-based services (which provide remote access to systems), cyber risk vulnerabilities and exposures must be continuously assessed. Entities need to make sure their users are aware of their responsibilities in managing cyber risks.”

    A local report identified the provider as Sunwater, one of the state’s largest regional providers.

    The auditor explained that it had taken corrective measures, including patching, more robust password practices, and network monitoring.

    Although this breach appears to have been caused by financially motivated cyber-criminals, with no impact on customers, utility providers are increasingly being targeted by more concerning attacks designed to cause service disruption and even harm citizens.

    In 2019 a former employee at a Kansas plant accessed and shut down some of the key processes used to disinfect water. Earlier this year, in the Florida city of Oldsmar, an actor tried to change the water supply’s chemical balance by remotely logging into a SCADA system.

    Last month, the US authorities issued an alert warning of ongoing malicious cyber-activity targeting the country’s water and wastewater systems (WWS) sector.

    Spear-phishing, compromise of Remote Desktop Protocol (RDP) systems, and exploitation of unpatched or outdated software were the key threat vectors highlighted in the report.