Major Water Supplier Suffers Nine-Month Long Breach
One of Australia’s largest regional water suppliers was allegedly breached for several months before detecting unauthorized access to systems. For security professionals, this marks another worrying sign of weakness in critical infrastructure security, an ongoing issue in Australia. The water supplier, which has not been named, suffered from the breach between August 2020 and May of 2021, resulting in unauthorized access to a web server. There has been speculation that the company suffering from the breach is Sunwater, although these claims have not been verified. The Queensland Audit Office’s annual report on the water industry mentioned the breach and stated that the office continued to witness significant control weaknesses in the security of systems across the country.
The threat actors allegedly targeted an older and more vulnerable version of the system. If the provider had taken corrective measures such as patching and more robust password practices, the attack may have been caught sooner. The breach appears to have been financially motivated, with no impact on customers. The time frame for the attack is alarming as more utility providers are being targeted by sophisticated attacks designed to cause service disruption and sometimes harm citizens.