Hacked Florida water plant was still using Windows 7

Far more particulars have emerged about the current cyberattack on a drinking water procedure utility in the metropolis of Oldsmar, Florida, with the facility involved seemingly even now applying outdated Home windows seven PCs.

Stories quotation investigators as stating that “the cyber actors probable accessed the system by exploiting cybersecurity weaknesses, such as very poor password safety and an outdated Home windows seven operating system to compromise software program applied to remotely handle drinking water procedure.” 

The hack, which could have prompted a significant disaster had it not been for an alert supervisor, has when yet again brought the highlight on the menace to operational technological know-how in civil infrastructure.

Inadequately configured units

Microsoft finished mainstream support for Home windows seven on January 13, 2015, nevertheless it continued to receive safety updates. Nevertheless, Home windows seven last but not least attained close-of-lifestyle above a yr back on January fourteen, 2020 when Microsoft ceased to present any update for the operating system, urging users to switch to Home windows 10.

Regardless of this millions of users even now haven’t up to date from Home windows seven. As it turns out, the Oldsmar county’s drinking water procedure plant is just one of them.

Dubbing the attack as “relatively unsophisticated”, the investigators shared that the attacker probable applied the TeamViewer remote desktop sharing software program to make his way into the system.

Speaking to TechRadar Professional, Eddie Habibi, Founder of PAS, which gives software program solutions to stop exploitation of operational technological know-how, agreed, including that “while a lot of the coverage of the cyber hazard to crucial infrastructure to date has centered on the age of quite a few industrial regulate units and the truth that they have been not intended and deployed with safety in head, in this situation, the attack vector appears to have been the greater stage of remote obtain enabled by the Florida county.”

By way of: Engadget