Threat actors penetrate Australian Sunwater water supply systems

One of Australia leading water supply platforms confirmed that its systems were compromised by threat actors for nine long months. Apparently, threat actors left malicious files on a web server to redirect legitimate traffic to a video platform as early as 2020.

Sunwater acknowledged the computer intrusion after filing a notification with local authorities, who had already reported the attack without mentioning which organization it had been targeted at.

Shortly after, a Sunwater spokesperson mentioned that the incident does not involve the leak of sensitive financial or personal information, as the timely detection of malicious activity allowed the implementation of appropriate security measures.

Local authorities mention that the intrusion persisted between August 2020 and May 2021, involving unauthorized access to the implementation’s web server that stores customer information. Apparently, the compromise was successful because the attackers targeted an undated implementation.

As mentioned above, the affected web server contained suspicious files that increased visitor traffic to an online video platform. Weaknesses in the system allowed threat actors to remain on the affected server for nearly a year undetected.

The report examined six water authorities, including Seqwater, Sunwater, Urban Utilities, Unitywater, Gladstone Area Water Board and Mount Isa Water. Deficiencies in internal controls, which simply make the hackers’ work easier, were also highlighted.

The report is very specific when it comes to the absence of some internal security controls, even pointing to the detection of 24 critical security errors. These related to access to electronic funds transfer payment information, security of supplier and employee information, among other errors. In one specific case, one of the water plants was found to have serious deficiencies related to account management and user access.

So far, the identity of the attackers behind this incident is unknown, as well as their motivations. So far there is no evidence of malicious use of the compromised information.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.