SunWater Data Breach: Queensland’s Water Supplier Targeted by Hackers for Nine Months
The Server of the Largest Regional Water Supplier from Queensland Targeted By Cybercriminals in a 9 Month Security Breach.
Last updated on November 12, 2021
According to an audit report that the Queensland Audit Office released on the 10th of November, it seems that the Queensland water supplier has been targeted by hackers for a period of nine months during which the threat actors hid on a server where information related to the mentioned supplier could be found.
In the report, the name of the entity is not specified directly, however, it was confirmed by ABC Australia, a publication that later asked the water authority about this topic, that the report points out to SunWater, which is the water supplier owned by the Australian government. The SunWater data breach let hackers remain undetected.
Sunwater takes cyber security very seriously and acknowledges the findings in the Queensland Audit Office report.
According to BleepingComputer, the time when the breach appeared was between 2020 and 2021, more specifically between August 2020 and May this year. The cybercriminals achieved access to a web server used by the water supplier to keep there their customer data.
It seems that the hackers’ goal was not data exfiltration. What they did with that access was to install a custom malware that had the role to help with the visitor traffic on an online video platform.
In the same audit report mentioned above, it is specified that there was no evidence found regarding customer or financial data theft, and the system flaw that permitted the access of the hackers was remediated. It also seems that the hackers preferred older system versions and hence easier to be exploited than modern ones.
The report underlines also an issue with accounts privileges which might have led to the security breach.
Many Australian Water Authorities Seem to Have Issues
The audit report did not focus only on one water supplier, but on six water authorities from Australia. Deficiencies were identified in 3 of them. The researchers observed that public entities have already implemented some security measures following the recommendations given last year, however, there are still security aspects that need to be covered. For instance, reporting systems and security threat detection should be implemented, every external system where the public has access should have MFA enabled, the minimum eight-character password length requirement should be applied.
The experts also noticed that there is a need for security awareness pieces of training and the implementation of processes that have the role to identify critical security vulnerabilities.
We continue to identify weaknesses in the information systems water entities use to prepare financial statements. These weaknesses allowed a cyber breach to occur at one entity and remain undetected for nine months. Entities need to establish stronger processes for monitoring access to systems.
Data breaches are very common nowadays and system vulnerabilities usually facilitate hackers’ infiltration. That is why a system should be always updated and have the latest patches applied. But what do you do if you cannot keep always track of what patches need to be applied? You use an automated Patch Management Solution.
Heimdal™ has this solution and it’s very efficient because it really saves you time. You will always have control over your software inventory, enabling patch management from anywhere in the world. What’s even cooler is the vendor to end-user waiting time, this means that in less than 4 hours the released patches, tested and repackaged, are available in your Heimdal cloud for deployment. Find more on our website!
Hi! My name is Andra and I am a passionate writer interested in a variety of topics. I am curious about the cybersecurity world and what I want to achieve through what I write is to keep you curious too!