Oldsmar is a small town in Florida that became the center of the cyber world this week when a hacker broke into its drinking water supply and tried to poison it.
It’s the nightmare scenario that the security community has warned for years, one that could kill thousands by targeting the critical infrastructure that we all rely on. The hacker gained access to a computer at the water facility used for running remote control software TeamViewer, according to Reuters, and jacked up the levels of sodium hydroxide, aka lye, which would have made the water highly toxic to drink.
It’s not known what security was in place to prevent unauthorized users from gaining access to the critical system. Sheriff Bob Gualtieri said in a press conference that there were fail-safes and alarms in place to prevent tainted water from reaching residents, and as a result there was little risk to the population of some 15,000 residents.
But suffice to say, running remote control software in a facility that controls the local water supply is a disaster waiting to happen. These networks are supposed to be isolated from the internet to prevent this exact scenario. But you can look for clues in this Reuters report: The water facility is a public utility owned by the town and has its own internal IT staff.
Gualtieri, in his remarks, said: “The important thing is to put everyone on notice.” He’s not kidding; it’s a similar picture to a lot of small-town America, where much of these facilities are under-resourced and underfunded. Robert Lee, founder and chief executive at industrial security startup Dragos, set the context:
The FBI confirmed it has been called in to investigate. But what’s unlikely to change any time soon is that small towns are underfunded and don’t get the resources that other critical infrastructure gets. In the end, a TeamViewer subscription will be cheaper than a person’s salary, and there is no greater incentive to cut costs than during a pandemic.
On with the rest of Decrypted.
THE BIG PICTURE
Hackers post stolen health data after hospital ransomware attacks
As COVID-19 vaccines begin to roll out, ransomware actors are hitting back. NBC News this week revealed two hospitals that were hit by data-stealing ransomware. After the hospitals refused to pay the ransom, the hackers started to publish highly sensitive health and medical data stolen from the hospital networks.
It comes after a moratorium by ransomware actors at the height of the pandemic last year, with many groups saying they would not target healthcare facilities until the pandemic draws to a close. But not all pledged to do the same, and September saw the most attacks targeting hospitals than at any point during the rest of last year.
GrayKey police unlocking tech now unlocks some Android devices
Grayshift, the Atlanta-based mobile forensics startup known for its iPhone unlocking tech, can now unlock some Samsung Android devices, the company announced last week. The company says its technology is faster than its rivals and can unlock encrypted devices often in less than an hour. The startup says its technology is used by over 1,000 agencies across more than 25 countries, including the U.S.
Grayshift secured $47 million in funding last year as demand by law enforcement for phone unlocking tech increased.
MOVERS AND SHAKERS
Alejandro Mayorkas is the new secretary of Homeland Security, a role that oversees some of the federal government’s biggest powerhouses in cybersecurity, including CISA. Mayorkas is the first Senate-confirmed secretary to lead the department since Kirstjen Nielsen, who departed office in April 2019. (There have been four acting heads since.) And breathe a sigh of relief — he gets the cyber.
Cyberscoop noted last year that he was a “quick study” on cybersecurity, according to Gregory Touhill, former federal CISO under the Obama administration. Cyber will be more important than ever under this administration as the government continues to evaluate the scope of the SolarWinds breach of several federal agencies — attributed to Russia’s foreign intelligence service. The Biden administration has asked Congress for close to $700 million for CISA.
$ECURITY $TARTUPS
Controversial facial recognition startup Clearview AI has been ruled “illegal” by Canada’s privacy commission. The country’s watchdog said Clearview collected photos of Canadians without their knowledge or permission.
BeyondID has raised $9 million at Series A to help cloud customers roll out identity controls. Taking aim at identity behemoth Okta, BeyondID says its revenues have grown by 300% in the past couple of years and has 250 customers, including FedEx and Major League Baseball.
And, late-stage security startup SentinelOne has acquired Scalyr, a high-speed logging startup, for $155 million in a mix of stock and cash. By merging the tech, SentinelOne hopes it will make it easier for customers to understand their security posture by allowing fast and efficient access to logging data.
Send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop. Learn more.