Sunwater confirmed that the corporation was the victim of a nine-month-long cyber attack, following findings from Queensland’s Auditor-General.
Sunwater, one of Queensland’s largest water suppliers, confirmed to the ABC today that the company fell victim to a nine-month-long cyber security attack.
Analysts believe that the cyber criminals placed files on the organisation’s web server to drive traffic to an alternative website.
The confirmation of the attack came as Queensland’s Auditor-General released a report detailing the vulnerabilities of the state’s water infrastructure to potential cyber attacks.
“We continue to identify significant control weaknesses in the security of information systems. All entities must have strong security practices to protect against fraud or error and significant reputational damage,” the report read.
Speaking to an ABC reporter, a Sunwater spokesperson confirmed that no personal data had been taken and that the organisation was in the process of improving their security protocols.
"Sunwater takes cyber security very seriously and acknowledges the findings in the Queensland Audit Office report,'' the ABC reported.
The penetration into the corporation's network is thought to have taken place between August 2020 and May 2021. The ABC reported that while Sunwater confirms that no private information was compromised, the threat actors accessed the corporation’s web server that did host customer information.
The penetration lasted for some nine months before being detected.
The cyber attack came as threat actors around the world continue to target critical civilian infrastructure.
Just last month, Secretary of the US Department of Homeland Security Alejandro Mayorkas warned that cyber attacks, designed to cripple critical civilian infrastructure and potentially cause physical harm, are likely to increase in frequency.
Speaking to USA Today this week, Secretary Mayorkas raised red flags over the growing risk of “killware” tactics – whereby cyber criminals attack critical civilian infrastructure, resulting in potentially fatal outcomes.
Mayorkas made specific mention of the February hack on the Oldsmar, Florida water treatment plant, where cyber criminals are thought to have leveraged outdated Windows 7 operating systems, unsecured facility networks and old passwords to gain access into the facility.
The cyber criminals were then accused of manipulating the amount of chemicals present in the water supply, with media outlet Dark Trace suggesting that the criminals increased the level of sodium hydroxide in the water before being caught.
“The attempted hack of this water treatment facility in February 2021 demonstrated the grave risks that malicious cyber activity poses to public health and safety,” Mayorkas said in an interview with USA Today.
“The attacks are increasing in frequency and gravity and cyber security must be a priority for all of us.”