Oldsmar Water Treatment Facility Used Windows 7, Had No Firewall and Shared Single TeamViewer Password Among Employees

Anne Neuberger tapped to oversee the government's response to SolarWinds, CD Projekt Red hacker leaks files online, Tenable to buy Alsid for $98 million, New Chinese APT Bendy Bear discovered, more

Do you like Metacurity? We offer 50% discounts to organizations that deliver the latest cybersecurity news and insight, along with our premium content, for as little as $2.50 per employee per month. Check out our special offer below.

Government officials say the Oldsmar, Florida water treatment facility that was hacked, with the intruder attempting to alter the levels of a deadly chemical in the water supply, used an unsupported version of Windows with no firewall and shared the same TeamViewer password among its employees.

An advisory from the State of Massachusetts, as well as a private industry notification from the FBI, said that the Oldsmar facility was using Windows 7 to access SCADA controls remotely, lacked a firewall, and permitted all employees to use the same TeamViewer password. Separately, in a hearing before the House Homeland Security Committee, the former head of the Cybersecurity and Infrastructure Security Agency Chris Krebs said that the Oldsmar breach was “very likel…