HQ/EMEAFind out how we can help your business
Recently, according to the Queensland Audit Office’s annual financial audit report, the Queensland water supplier has been breached by hackers and stayed inside the system for nine months without being detected.
The hackers remained hidden for as long as nine consecutive months on a server in charge of customer information inside the water supply, implying that the government should take up their game in terms of cybersecurity for public infrastructures. This Australian government-owned water supplier manages 19 dams, 1600-mile-long pipelines, and 80 pumping stations.
Authorities found that the breaching incident happened between August 2020 and May 2021. They also believed that the malicious threat actors gained access to the webserver utilised to keep consumer information by the water supplier. Moreover, the authorities seem to have noticed that the hackers were not interested in stealing sensitive information. They only placed malware to increase visitor traffic to an online video website.
On a later report, there is no evidence that the hackers stole any financial, employee, or consumer information, and the vulnerability inside the water supply system is now patched. The report elaborated that the hackers took advantage of the older and unsecured version of the system that is why it is not detected by the new and more secured web servers.
The government-owned water supplier Queensland is being criticised due to the lack of proper and conservative account security methods, such as providing users minimum access to perform their tasks.
The auditors studied the internal controls of multiple water authorities across Australia and found three undisclosed deficiencies to avoid potential exploitations. Due to the absence of anti-fraud systems in the water supplier’s system that would help secure financial transactions from potential threat actors, auditors are skeptical about the future of these sectors.
In addition, they also identified numerous vulnerabilities in the sector’s IT systems. Governments should keep up with the changes in the IT world.
The auditors pointed out that they continue to discover numerous deficiencies relating to IT systems. They added that cyberattacks are gradually evolving, which is why government and private sectors should always look for possible attacks that might hit them. They also specified that losing monetary funds due to cyberattacks is not nearly as threatening as losing lives if an essential part of the government is hacked.
