Following the Oldsmar, Florida attack where an attacker gained remote access to a water treatment plant computer and modified one of the chemical additives to dangerous levels, the FBI has sent out an alert that raises attention to three possible security issues that contributed to the plant’s security incident. The alert, called a Private Industry Notification or FBI PIN, warns about the use of poor passwords, out-of-date Windows 7 operating systems, and the desktop sharing software TeamViewer. The alert urges companies and governmental agencies to review internal networks and access policies. The FBI PIN named TeamViewer as the entry point for the attack in the Oldsmar water treatment plant’s network. The attacker was successfully able to access a water treatment control computer, take control of the mouse, moved it on the screen, and made changes on to the sodium hydroxide (lye) levels that were being added to the drinking water level. Luckily the plant operator was able to reverse the changes almost immediately. TeamViewer has been criticized by several well-known security experts who have called it insecure and inadequate for managing sensitive resources. While the FBI PIN alert does not take a critical stance on TeamViewer, it would like all organizations to consider remote access app configuration, including using Multi-Factor Authentication and strong passwords.
In addition, the FBI alert warns of the use of Windows 7, which reached its end-of-life on Jan 14th, 2020. Due to the end-of-life, this version will no longer receive security updates or stability updates from Microsoft. This warning was issued due to the water treatment plant still using Windows 7 on its network.