Cyber Attack on Water Treatment Plant a Wake-Up Call to Harden Remote Access Security

Last Friday, a cyber threat actor audaciously cracked into the systems of a Florida water treatment plant leveraging the TeamViewer remote access tool, and ordered the system to increase the amount of lye in the water to extremely dangerous levels. This should serve as a blunt reminder and wake-up call that using consumer-grade remote access tools in both Operational Technology (OT) and Information Technology (IT) environments can introduce risk.

Fortunately, an employee monitoring the system noticed the threat actor’s activity in real-time and took the initiative to alert others and escalate a defensive response to prevent significant damage. But had the attacker been a bit savvier, the attack could easily have slipped further under the radar. In fact, one of the scariest things about this attack is how unsophisticated the attacker seemed to be, yet was still able to compromise critical infrastructure by leveraging an unsecured remote access tool.

With OT systems, such as systems control and data acquisition (SCADA) systems and industrial control systems (ICS), increasingly exposed to the Internet and often easily discoverable by tools like Shodan, it’s imperative that the pathways into the environment be properly locked down. Time and time again, exploits such as this one demonstrate that basic or unsecured remote access tools absolutely do not cut it in any environment where security is an important consideration.

BeyondTrust provides the only Secure Remote Access solutions that meet the rigorous requirements of Federal Information Processing Standards Publication (FIPS) 140-2 Level 1. Our Privileged Remote Access and Remote Support products are designed with security at the forefront, with a unique architecture and features that make them secure and easy-to-use in any environment.

BeyondTrust secures remote access for customers across the world’s most complex and demanding environments. Our Secure Remote Access solutions provide:

• Remote connection security: Every remote connection is outbound through Port 443, requiring no firewall changes. You can define permissions for every session, whether for attended or unattended access. Our solution also provides the ability to proxy access to RDP, SSH, cloud instances, and Windows/Unix/Linux applications.
• Simple authentication: Centrally manages users with existing account directories, such as LDAPS, Kerberos, Smart Card, RADIUS, for simple and secure user management. Password management and two-factor authentication are built-in, and credentials are injected into sessions without ever exposing them to the end user or system.
• Secure architecture. Our architecture provides each customer with a unique configuration and military-grade security. Your data is never co-mingled with data from any other customer.
• Robust session management, auditing, & reporting. Everything that happens during remote sessions is logged and recorded. And reports are stored in a tamper-proof way.
• Seamlessly integrates with other solutions: Seamlessly integrates with ITSM, SIEM, MFA, IAM, and other solutions to help you unlock synergies across your entire IT/security ecosystem.

Next Steps: Hardening Remote Access for Your Critical Infrastructure & Sensitive Assets

Government agencies and enterprises throughout the world have an immense responsibility to keep citizens and customers safe, and their data secure—at all times. Unfortunately, the use of consumer-grade remote access tools is rampant, and frequently inadequate, inappropriate, and out of compliance, for the use cases to which it is applied.

As federal and state agencies continue to be the target for threat actors, it’s incumbent upon IT and security teams to harden remote access to protect critical infrastructure and sensitive data to the level it demands and the public expects.