[Security Weekly] Hacker Modifies Chemical Content of Drinking Water to Dangerous Levels in U.S. City

2nd Week of February 2021

 

1. Hacker raises chemical content of drinking water to dangerous levels in U.S. city

City officials of Oldsmar, Florida disclosed a cybersecurity incident where an unknown hacker nearly poisoned the water supply for all city residents by modifying its chemical levels.

According to the disclosure, on February 5, a hacker gained remote access to the computer of the water treatment plant’s operator, and stayed in the system for up to five minutes. The operator immediately noticed its cursor moving on the screen, and saw the sodium hydroxide level being modified from 100 ppm to 11,100 ppm.

A small amount of sodium hydroxide, also called lye, is usually added to drinking water supply to control acidity and remove harmful metals. However, a high concentration can be dangerous to the human body as the chemical is a major ingredient found in liquid drain cleaners.

Fortunately, the operator was looking at the screen at the time of intrusion and immediately changed the figure back to normal. Thus city officials reassured its residents that their tap water is safe to use. They added that even if the intrusion had remained unnoticed, it would still have been detected by the water monitoring system before being finally sent off as tap water, a process that normally takes 24 hours.

The motive of the attack is not clear. Some speculate that it could be an attempt to target Super Bowl LV, which was held two days later in an adjacent city, Tampa. 

Sources: Global News, SC Media

 

2. Brazilian utility giants suffer ransomware attacks, crucial data exfiltrated

Two major Brazilian state-owned utility companies, Eletrobras and Copel, were hit by separate ransomware attacks that caused temporary operation suspensions and compromised highly sensitive data. Eletrobras is the largest utility company in South America and the fourth-largest renewable energy provider in the world, while Copel is the largest in the State of Parana.

Darkside ransomware claimed responsibility for the attack on Copel. The ransomware operators gained unauthorized access to the company’s cloud-based access management platform and exfiltrated 1,000 GB of data before encrypting them. The stolen data included plaintext passwords for all of the company’s IT infrastructure, maps and details of its IT network, as well as the personal information of employees and customers.

In terms of Eletrobras, the threat actor responsible for the attack has not yet been identified. The attack mainly affected the IT network of its subsidiary Eletronuclear, which operates two nuclear power plants. Fortunately, the OT network of the power plants was isolated from the IT network, hence the attack posed no direct threat to public safety.

Sources: Threatpost, Bleeping Computer

 

3. Video game developer CD Projekt attacked by HelloKitty ransomware

CD Projekt, a Polish video game developing firm, was hit by a ransomware attack that encrypted its systems and compromised sensitive files. The company is well known for popular games like The Witcher series and Cyberpunk 2077.

CD Projekt disclosed the incident on social media, saying that the ransomware operators gained access to its IT network on February 8, encrypting a number of systems. It claimed that a backup copy of all encrypted data remained safe in an isolated network, and that it was in the process of restoring the system.

The attackers were identified to be operators of lesser-known HelloKitty ransomware, according to Bleeping Computer. On the ransom note, the attackers claimed to have encrypted all the company’s servers and exfiltrated sensitive files “relating to accounting, administration, legal, HR, and IR”. The attackers further threatened that they would either sell or publish these stolen data online if the company refused to pay their demanded ransom. 

CD Projekt responded firmly that under no circumstances would they be paying the ransom, preparing for the data to be published. It reported the case to local authorities and said that the stolen files do not contain the personal data of its users.

Had CD Projekt encrypted its sensitive files, the ransomware operators would have had no leverage to start with. Thus Penta Security strongly recommends businesses to adopt a plugin-type database encryption solution like D’Amo to protect their sensitive data with easy-to-manage column level encryption.

Sources: ZDNet, Bleeping Computer

 

Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security