Cyberattacks on water infrastructure are on the rise in the US, with two attacks recently taking place within just weeks of each other. In January, an attacker tried to poison a water treatment plant that served part of the San Francisco Bay area. Then, in early February, malicious actors remotely accessed the water treatment plant serving Oldsmar, Florida and changed the levels of lye in the drinking water before being detected. 

Although neither of these attacks was ultimately successful, a water supply hack could cause widespread illness or even death if not halted in time. Here's why water supply attacks are on the rise and how hackers are accessing water supply infrastructure. We'll also share best practices businesses can follow to protect their systems from similar attacks.

Why water supply attacks are on the rise

As the Colonial pipeline and Solar Winds attacks made clear, US infrastructure, businesses and government agencies are vulnerable to incursions from Russian and Chinese hacking groups as well as other cyber criminals. President Biden recently signed an executive order aimed at addressing this national security threat. According to NBC News, water plants are especially at risk because they often lack robust cybersecurity operations, particularly if they are small in size or located in rural areas. 

US water infrastructure is not centralized, which fortunately means it would be difficult for cyber attackers to execute a coordinated attack across an entire region, let alone the country as a whole. However, this decentralization also makes it challenging to identify industry-level trends in water plant cybersecurity preparedness or issue guidelines on preventing a water supply hack.

How malicious actors are accessing water supply infrastructure

Bad actors are using former water plant employees' login credentials and passwords to access water supply infrastructure. In some cases, they are using the ex-employees' TeamViewer software accounts to gain remote access to these systems. During the water supply attack in Oldsmar, a water plant employee actually saw a cursor moving on his screen and became alarmed when he saw the changes it was making in real time. 

Just like organizations in other sectors, water plants' attack surfaces have expanded in recent years. Water plants have distributed workforces logging into mission-critical systems from remote locations. Some water plant employees could even be accessing these systems using their own devices as part of Bring Your Own Device (BYOD) programs. Unfortunately, as the NBC News report confirms, water plant employees' usernames and passwords are being bought and sold on the dark web. 

How businesses can protect themselves from similar attacks

Businesses can protect themselves from attacks like these by using security for remote IT that features IP restrictions and two-factor authentication (2FA), both of which would have helped the water plants in California and Florida reduce the likelihood of a water supply hack. IP restrictions make it easier to confirm that logins are coming from authorized devices, while 2FA often gives users a heads up when a suspicious login attempt may be underway. Businesses can also prevent an attack by using a business password manager to improve employees' password hygiene and alert users when their login credentials have appeared on the dark web. With these best practices in place, businesses can increase their chances of deterring a cyber attack.

Discover how Rescue's secure remote support software keeps your business and users safe.