Guest post from the ICS cyber security blog:
Watering hole attacks against Florida water utilities
May 22, 2021.
The attack on the ICS system of the Oldsmar water utility in Florida has caused quite a stir (I wrote about it), and now Dragos has published an interesting analysis, in which they write that the investigation of the Oldsmar incident has uncovered traces of an attacker who(s? ) used the website of a company that provides services to water utility companies in Florida to carry out a series of watering hole attacks, in which the attackers collected user data mainly, but not exclusively, from Florida organizations. Telemetry data collected during the investigation revealed that, in addition to employees of many other organisations, an employee of the Oldsmar water utility company downloaded the website prepared by the attackers with malicious code on the same day as the attack. (Someone, somewhere once told me that they don’t like coincidences, they require too much organisation…)
A detailed analysis of the investigation is available on Dragos’ blog, I was prompted to post this incident to try to highlight it: it is advisable to be wary of jumping to hasty conclusions in the case of current cyber-attacks, and in particular ICS/OT cyber-attacks, and in such cases it is advisable to have the company that suffered the incident carry out as thorough an analysis as possible, with the involvement of the appropriate forensics experts, and those (like me) who write about such incidents from the shoreline should wait for more detailed information on the case before jumping to conclusions.
The original guest post was published on the ICS cyber security blog.
Translated by DeepL.