Major Water Supplier Suffers Nine-Month Long Breach
One of Australia's largest regional water suppliers was breached for several months before detecting the unauthorized access, another worrying sign of weaknesses in critical infrastructure security.
A Queensland Audit Office annual report on the water industry did not mention the provider by name but said it continues to see "significant control weaknesses in the security of information systems" across the industry.
The breach in question occurred between August 2020 and May 2021, resulting in unauthorized access to a web server.
"Threat actors targeted an older and more vulnerable version of the system. The web server that stores customer information contained suspicious files that increased visitor traffic to an online video platform," the report explained.
"As entities use more cloud-based services (which provide remote access to systems), cyber risk vulnerabilities and exposures must be continuously assessed. Entities need to make sure their users are aware of their responsibilities in managing cyber risks."
A local report identified the provider as Sunwater, one of the state's largest regional providers.
The auditor explained that it had taken corrective measures, including patching, more robust password practices, and network monitoring.
Although this breach appears to have been