The attack on the water treatment system in the small town of Oldsmar, Fla., lacked technical sophistication, showed no insider knowledge of the system, and had all the hallmarks of a hacker joyride through a critical system.
Yet the fact that an unsophisticated attacker compromised a system, changed the chemical mix for treating the water, and could have potentially harmed people will likely have a ripple effect and attract more attackers to test the cybersecurity of municipal water systems, says Padraic O'Reilly, co-founder and chief of product for CyberSaint, an IT risk management firm.
"We don't care whether it is a joy ride or not because now people know it's possible," he says. "It does not matter whether it's a nation-state, because that is just guessing at this point. But what you are signaling to bad actors is that this is possible and maybe too easy to do."
Cyberattackers tend to go where there are demonstrated vulnerabilities, researchers say. In 2017, for example, independent research groups identified significant vulnerabilities in the Intel processor, dubbed Meltdown and Spectre. Over the next two years, researchers found numerous variations of the vulnerability class in processors from Intel and other chipmakers.
Previous attack trends have also demonstrated a link between successful exploitation of vulnerabilities and attacker interest. Vulnerabilities ..
Support the originator by clicking the read the rest link below.
