Mistakes in SaaS governance leads to major consequences.
A city in Florida has unwittingly come under cyber-attack due to inadequate SaaS governance.
The attack happened through misconfiguration of the TeamViewer cloud application.
The City of Oldsmar used TeamViewer for remote access to computers at a water treatment plant.
According to the FBI, an unknown cyber-attacker used TeamViewer to gain access to the plant. The same attacker then attempted to increase the level of a dangerous chemical in the city’s drinking water.
Fortunately, an operator at the plant spotted the attacker making the changes. The operator was able to intervene to correct the problem.
Staff alerted local law enforcement, and the City officials held a press conference to disclose the attack. The City officials advised that no tainted water was allowed to harm local residents. However, there is no doubt that this is a very embarrassing situation for the City.
How did it happen?
It appears that TeamViewer security had not been configured correctly, which left the computers at the plant open to attack.
The TeamViewer cloud app provides powerful features for remote control of computers across the Internet. Unfortunately, the same features mean that if the wrong people get access, the potential for malicious activities is significant.
In this case, it was somewhat lucky that attacker used TeamViewer twice. This allowed a plant operator to spot a mouse pointer moving unaided. This exposed the second incursion. Had the operator not spotted this movement; the attack could well have gone unnoticed until much later. This could have led to much more severe consequences.
Could it happen again?
This is an example of the risk from inadvertent misconfiguration of cloud applications. This is a particular problem where cloud applications contain corporate data or allow access to corporate systems.
Every organisation must be aware that cloud applications offering such powerful features are in use within their electronic borders. This would allow the organisation to monitor points of attack more effectively. This would mean relying less on the luck that an operator would spot an attack resulting from such a mistake.
This is where a well-defined approach to SaaS governance is key.
Mitigating risk through governance of saas cloud applications
Using the Ampliphae SaaSGuard platform, the City of Oldsmar could have introduced formal monitoring of cloud applications.
Ampliphae SaaSGuard would have allowed the City IT and Governance teams to:
- Be aware that TeamViewer was in use by staff. This is of particular importance in a high security facility such as the water treatment plant
- Understand that TeamViewer is an app with powerful and potentially dangerous features. Such features can leave an organisation open to attack
- Understand why TeamViewer was being used and implement a policy that ensured its use was justified.
The above would have ensured that the City’s use of a cloud application with a higher risk profile would have been under greater control.
By applying such policies, the City could ensure that TeamViewer was only used according to well-defined procedures. As a result, SaaSGuard could have intervened when non-approved users attempted to use TeamViewer. SaaSGuard could also have advised on more appropriate alternatives.
Find out more
If you would like to learn more about the issues related to SaaS Governance, please consider downloading our free eBook – Taming the Monster. Get it here.