The "Compilation of Many Breaches" or COMB was discovered by cybersecurity researchers via the Florida Water System Breach that has taken place last week and sees a massive 3.27 billion credentials in cleartext. The attack is one of the most horrendous breaches this year, as it contains various information that is sensitive and threatening.
In the initial leaks of the COMB, there was an unknown hacker who used some of these login credentials for the Oldsmar Water Facility which tried to poison the residents by strengthening lye concentration 100 times. Luckily for its users, lye concentration percentage was immediately discovered and prevented the massive damage it could cause.
According to a blog post by Cyber News, government officials are still investigating the attack and determining how the hack occurred, but has already deduced Oldsmar Water Facility to be the source as old features allow. The facility's plant administrators and heads are allowed to manage and access the system remotely via the plant's technology.
Florida Water System Breach: Cleartext Login Credentials are Discovered
On the other hand, cybersecurity researchers have discovered new leads regarding the case and have highlighted that a 2017 list of old login credentials were released under COMB, before the attack. Moreover, this information was released on RaidForums, a website that hosts a cybercrime forum, for hackers to utilize.
According to Threat Post's report, 3.27 billion unique combinations of the login credentials were leaked with the combination of many breaches, primarily focusing on the Oldsmar Water Facility in Florida. These login credentials are in clear text, meaning that regular people and the public would be able to understand, and would not need to decode it first.
In the cybersecurity researcher's report, there are 11 credential pairs (email and password) that were discovered to be dating back to the 2017 breach compilation from the hackers. However, recent breaches' login credentials discover 13 pairs of credentials to be part of the COMB released by the hackers in the cybercrime community.
Officials Have Not Yet Connected the Oldsmar Water Facility Hack and Breach
Despite the cybersecurity researcher's report and discovery, the officials who are investigating the matter have still not connected the Oldsmar Water Facility Hack which occurred recently in Florida. The leaked credentials are believed to be the source of the attack which began a domino effect on the Florida Water System Breach and Attack, as per CyberNews.
On the other hand, Massachusetts' report suggests that these hackers were able to enter the system via a remote computer software called "TeamViewer" to access its systems and change the lye concentration. TeamViewer can essentially put the user in the plant's system and control the different functions in the company computer in the plant.
These types of "industrial control systems" (ICS) are considered to be unsecure, especially when controlling publicly-used facilities like the Florida Water System Breach with Oldsmar.
This article is owned by Tech Times
Written by Isaiah Alonzo