Incident Hub

Legal disclaimer


Total attacks recorded on the database


Incident hub Release


firs attack registred in the database



Explore our critical infrastructure cyberattack database.

Attack record ID

Attack date and year

Attack vector used

Detailed attack description

Country where the attack occurred

Attack severity score

IDDateYearSource DatabaseOriginAttack vectorAttack DescriptionCountryIndustry TypeSubcategoryAttack DetailsTI Safe ScoreCIRASCIDMARK ScoreSCID idImpactLink at the InternetMalware NameMITRE ATT&CK Software ID [if exists]DurationRansom Value (USD)Paid (Y/N)Suggested security initiative
wdt_IDwdt_created_bywdt_created_atwdt_last_edited_bywdt_last_edited_atIDDateYearSource DatabaseOriginAttack vectorAttack DescriptionCountryIndustry TypeSubcategoryAttack DetailsTI Safe ScoreCIRASCIDMARK ScoreSCID idImpactLink at the InternetMalware NameMITRE ATT&CK Software ID [if exists]DurationRansom Value (USD)Paid (Y/N)Suggested security initiative
1marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM101/06/19821982RISIExternalMalware infection[1] Trojan Attack.RussiaChemical and Farmaceutic industry sectorOil and GasThomas Reed, senior US national security official, claims in his book “At The Abyss” that the United States allowed the USSR to steal pipeline control software from a Canadian company. This software included a Trojan Horse that caused a major explosion of5The software sabotage had two effects, explains Reed. The first was economic. By creating an explosion with the power of a three kiloton nuclear weapon, the US disrupted supplies of gas and consequential foreign currency earnings. But the project also had
2marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM212/08/19851985RISIAccidentErrors, omissions or misuse(Union Carbide Chemical Leak West Virginia.) [1] Interruption of services.United StatesChemical and Farmaceutic industry sectorChemicalThe Institute facility leaked methylene chloride and aldicarb oxime, chemicals used to manufacture the pesticide Temik. The leak resulted from a computer program that was not yet programmed to recognize aldicarb oxime, compounded by human error when the o5One hundred and thirty four people were were sent to the hospital, six of whom where Union Carbide employees. Thirty people filed two lawsuits seeking $88 million in damages, but hundreds of people marched in support of the company. OSHA proposed fines
3marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM301/01/19891989RISIAccidentErrors, omissions or misuse(Oil Company SCADA System Impacted by RF Interference.)United StatesChemical and Farmaceutic industry sectorOil and GasIn 1989 a SCADA sytem was being prepared for an oil company in Houston Texas. All the remote telemetry units were communicating with the master station computer via low power Johnson radios. The dummy loads on all of the antennae were used to cut down the3
4marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM401/01/19911991RISIAccidentErrors, omissions or misuse(Computer Error at Sellafield Nuclear Plant in UK.) [1] Interruption of services. [2] Obstruction of communication signals.EnglandEnergy sectorEnergyA computer error at the vitrification plant resulted in two shielding doors being left open while highly radioactive material was still inside one chamber. (#2)5Production at the facility was stopped and did not resume until cause of the accident was established. No one was exposed to radiation during the incident. (#2)
5marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM501/01/19921992RISIInternalMalware infection(Computer Sabotage at Nuclear Power Plant.)LithuaniaSector and Production SystemsNuclear Power PlantA computer programmer at the Ignalina Power Reactor Sation in Lithuania introduced a virus into one of the stations computers in an attempt to sabotage a reactor at the plant by introducing a virus into the computer system. Oleg Savchuk was arrested on a3Nuclear plant computer was infected with a virus. There was a station shutdown, though it was reported to be coincidental and not caused by the virus. Oleg Savchuk was arrested for premeditated sabotage.
6marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM601/01/19941994RISIAccidentErrors, omissions or misuse(Computer Software Faults May Have Caused Chinook Helicopter Crash.) [1] Operational, in Computer, Devices or in Comunication, fail.EnglandTransport sector and systemsTransportation SystemsThe Chinook Mark 2 helicopter crashed on June 2, 1994 killing all 29 people on board. Initially, the pilots were blamed for the incident. Later, it was concluded that the exact cause of the accident was impossible to establish. The BBC received interna4The Chinook Helicopter crashed killing all 29 people on board. New evidence casts doubt on the airworthiness of the helicpoter. A report prepared nine months before the crash indicated there may be problems with the engine control computer software.
7marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM702/01/19941994RISIHybridUnauthorized access(Salt River Project Hack.) [1]Interception of convenient information. [2]Unauthorized access a Systems, Files and Devices.United StatesEnergy sectorEnergyBetween July 8th and August 31st, 1994, the perpetrator, Lane Jarret Davis, accessed a computer or computers belonging to the Salt River Project via a dialup modem on a backup computer. He was able to access data and delete files on systems responsible fo4The impacts reported on this incident are very contradictory. According to probation records (#1) Davis was able to access the canal control SCADA system for at least 5 hours, as well as accessing customer, financial and personnel records. SRP estimated t
8marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM824/07/19941994SCIDMARKAccidentErrors, omissions or misuse(An explosion, followed by a number of fires, occurred at 13.23 on Sunday 24 July 1994, on the Pembroke Cracking Company plant (PCC) at the Texaco Refinery, Pembroke. Two companies occupied the site.)United KingdomAgriculture, food and beverageOil and GasThe incident was caused by flammable hydrocarbon liquid being continuously pumped into a process vessel that had its outlet closed3’>00013The customer’s core business output, key applications, or mission-critical systems have been interrupted or have been so severely impacted that the company cannot continue to operate in a reasonable manner.
9marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM901/01/19951995RISIInternalErrors, omissions or misuse(PLCs Crashed by IT Audit.) [1] Humann Error. [2] Adulteration or alteration in architecture of physical devices and of software. [3] Operational, in Computer, Devices or Comunication, fail.United StatesAgricultural sectorAgriculture, food and beverageA security consultant was scanning the food companies business and process networks for vulnerabilities. Probe packets containing deliberately malformed entered the Ethernet-based process control network and caused all PLCs to hard fault. The packets cont5The loss of production was estimated to be over $1,000,000 USD
10marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM1002/01/19951995RISIAccidentSystem, device, software or operating failure(Oakland Air-Traffic Control Center Outage.) [1] Operational, in Computer, Devices or Comunication, fail. [2] Interrupption of services.United StatesTransport sector and systemsTransportation SystemsOne of the three power sources was down for testing and maintenance at the time of the episode. The second power source failed unexpectedly. When technicians attempted to bring the third power source on-line, a faulty circuit board in Critical Power Panel5All radar and radio communications at Oakland Center were shut down as the result of a 45-minute power outage. All radar screens went dark and all radio communications were cut off. Lights and telephones were unaffected. It took 45 minutes to restore radi
11marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM1101/01/19961996RISIAccidentSystem, device, software or operating failure(Duplicate IP Address Prevents Machine Startup.)CanadaSector and Production SystemsPulp and PaperThe mill had upgraded the profile controller on the #1 Paper Machine to a control system that used Ethernet and TCP/IP to communicate between the scanners and the main controller. It was also connected to the main mill network through a bridge so that pr3The paper machine could not be started for over six hours.
12marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM1202/01/19961996RISIAccidentSystem, device, software or operating failure(Omega Engineering Sabotage.) [1] Human Error. [2] Interruption of services.United StatesManufacturing and automation sectorCritical ManufacturingThe morning of July 31, 1996, the first worker in the door at Omega Engineering’s manufacturing plant in Bridgeport, N.J., logged on to his computer and unwittingly detonated a software time bomb that systematically eradicated all the programs that ran th5Omega suffered $12 million in damages and lost its competitive footing in the high-tech instrument and measurement market. Eighty workers lost their jobs as a result. “We will never recover,” said plant manager Jim Ferguson. After the system went down, i
13marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM1301/01/19971997RISIAccidentSystem, device, software or operating failure(Wrong Code Downloaded to PLC Causes Plant to Shutdown.)EnglandAgricultural sectorAgriculture, food and beverageWhen making minor changes to a PLC program, the PLC and Slave PLC were loaded with the new program and made the Master. The new Slave, previously the Master, was also loaded halfway through this download. The Master PLC stopped working and the plant was s3The plant was shutdown for 1
14marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM1402/01/19971997RISIExternalSystem, device, software or operating failure(Worcester Air Traffic Communications System Hack.) [1] Interruption of services. [2] Obstruction of communication signals. [3] Operational, in Computer, Devices or in ComunicationUnited StatesTransport sector and systemsTransportation SystemsOn March 10, 1997, an unidentified juvenile computer hacker broke into a Bell Atlantic control system used for the air traffic communications at the Worcester, Massachusetts airport, causing a system crash that disabled the phone system at the airport for4The crash of the NGDLC system knocked out phone service at the control tower, airport security, the airport fire department, the weather service, and carriers that use the airport. Also, the tower’s main radio transmitter and another transmitter that acti
15marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM1503/01/19971997RISIAccidentErrors, omissions or misuse(Korean Air Line B747 CFIT Accident in Guam.) [1] Human Error. [2] Interruption of services.GuamTransport sector and systemsTransportation SystemsApproaching Won Pat International Airport at night, Korean Air Lines Flight 801 impacted Nimitz Hill at 658ft, nearly 800ft below the minimum altitude at that point on the approach. While initially the accident seemed to have little to do with automated4There were 254 passengers and crew aboard the aircraft; 228 lost their lives.
16marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM1604/01/19971997RISIAccidentSystem, device, software or operating failure(New Serial Communications Line Disrupts Network.) [1] Interruption of services. [2] Operational, in computer or in comunication, fail.EnglandAgricultural sectorAgriculture, food and beverageWhile a project team was connecting a new serial communication between two PLCs, the main site network connected to the master of these two PLCs was interrupted. Both control and view of the running plant was interrupted. The running plant had its network2The operator lost visibility of the plant for about 30 minutes.30 minutes
17marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM1705/01/19971997RISIAccidentSystem, device, software or operating failure(Broadcast Storm Shuts Down DCS Consoles.) [1] Interruption of services. [2] Obstruction of communication signals.CanadaAgricultural sectorAgriculture, food and beverageThe facility lost communications to the operator consoles on a steam plant DCS. The problem was believed to be caused by an incorrectly configured Windows 95 workstation in another mill area that generated high levels of broadcast packets.2The DCS had to be removed from the mill network, preventing process data from being transferred to the business systems.
18marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM1805/01/19981998RISIExternalSystem, device, software or operating failure(Hackers Attack NZ & Aust for Joining Gulf Taskforce.) [1] Interruption of services.New ZealandEnergy sectorEnergyThe following FICTITIOUS news paper article opened Parliament of Australian Research Paper 18 1997-98: ================================================ Hackers Attack NZ & Aust for Joining Gulf Taskforce AZP London: A hacker group calling themselves the4While Auckland did suffer from severe power blackouts in Febrary 1998, this incident is NOT factual.
19marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM1901/01/19991999RISIHybridSystem, device, software or operating failure(Power Outages and Other Service Interruptions.) [1] Interruption of services.United StatesEnergy sectorEnergyA former computer systems administrator, Joseph D. Konopka, hacked into computers and caused power failures in WI. Konopka, also known as ‘Dr. Chaos’, pleaded guilty and was sentenced on 11 felony charges for crimes in WI. He was responisble for 28 pow5Twenty eight power outages and 20 other service interruptions causing about $800,000 in damage in 13 Wisconsin counties.
20marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM2002/01/19991999RISIAccidentSystem, device, software or operating failure(Y2K Test Crashes Reactor Computer.) [1] Human Error. [2] Interruption of services. [3] Operational, in Computer or in Commucation, fail.United StatesEnergy sectorEnergyThe problem began just after lunch on Feb. 8, when a group of technicians tested a computer called the “Rodworth Minimizer.” The unit, which operates when the reactor is at low power, analyzes the position of “control rods” in the core and tells engineers3
21marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM2103/01/19991999RISINaturalSystem, device, software or operating failure(Olympic Pipeline Rupture and Subsequent Fire.) [1] Interruption of services and operation. [2] Adulteration or alteration in architecture of physical devices and of software [3] Operational, in Computer or in Communication failUnited StatesTransportation SystemsOil and GasAt about 3:28 pm PDT, a 16 inch diameter steel pipeline ruptured and released about 237,000 gallons of gasoline into a creek that flowed through Whatcom Falls Park in Bellingham, WA. About 1 1/2 hours after the rupture, the gasoline ignited and burned app5Two 10 year old boys and an 18 year old young man died as a result of the accident. Eight additional injuries were documented. A single-family residence and the city’s water treatment plant were severly damaged. Fines and litigation could bring the total
22marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM2204/01/19991999RISIExternalMalware infection(Virus Infection On DCS.) [1] Virus Attack. [2] Interruption of services and operation.EnglandAgricultural sectorAgriculture, food and beverageData on the HMI server was being corrupted, this data caused the system to slow and eventually stop. On investigation, it was discovered that the R&T server (in the same domain) had been infected and was totally unusable – unlike the control servers which4A group of 7 people spent the week cleaning, rechecking, re-cleaning and installing anti-virus software. This prevented the normal day to day work being carried out and delayed a commissioning job of a new plant. There were problems with ownership of the7 days
23marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM2305/01/19991999RISIAccidentSystem, device, software or operating failureNavy Radar Shuts Down SCADA SystemsUnited StatesCritical ManufacturingWater and Wastewater SystemsIn November 1999, the US Navy was conducting exercises off San Diego during which two commercial spectrum users experienced severe electro mangnetic interference (EMI) to their Supervisory Control and Data Aquistion (SCADA) wireless networks operating atThe San Diego County Water Authority (SDCWA) and the San Diego Gas and Electric (SDGE) Companies were unable to remotely actuate critical value openings and closings as a result. This necessitated sending technicians to remote locations to manually open
24marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM2406/01/19991999RISIExternalUnauthorized accessHacker Takes Over Russian Gas System [1] Trojan Attack [2] Unauthorized access of softwares, systems, network and devicesRussiaOil and GasOil and GasAccording to a Associated Press news release, in 1999 a hacker took over control of a Russian gas system by penetrating the Gazprom (Russia’s state-run gas monopoly) SCADA system.(#1). National Petroleum Council report seems to confirm this, but it may j4Loss of control of the SCADA system
25marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM2517/02/19991999SCIDMARKAccidentSystem, device, software or operating failureAn explosion destroyed the boiler of Hawthorn Unit #5, a coal-fired generating unit. [1] Interruption of services and operation [2] Adulteration or alteration in architecture of physical devices and of softwareUnited StatesEnergy sectorEnergyOn February 17, 1999 at approximately 00:30 am Central, an explosion destroyed the boiler of Hawthorn Unit #5, a 476 megawatt coal-fired generating unit. The explosion hit an 11-story boiler building.498.39 explosion caused most of the building to collapse, but caused only a minor injury. The explosion caused no interruption of electrical service for the utility’s customers. The explosion at KCP&L’s Hawthorn Unit #5 plant on February 17, 1999 caused the
26marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM2601/01/20002000RISIAccidentSystem, device, software or operating failureAccidental Remote Control [1] Interruption of services and operationSwedenManufacturing and automation sectorCritical ManufacturingA simulation device located in the UK and identical to that installed in the running plant was also given the same communication parameters as were used on the plant device. Eventually the device in the UK assumed control.5Approximately 4 hours production loss.
27marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM2702/01/20002000RISIExternalFraud or sabotageMaroochy Shire Sewage Spill [1] Adulteration or alteration in architecture of physical devices and of software [2] Violation of laws and regulationAustraliaWater and wastewater sector and systemsWater and Wastewater SystemsIn November 2001, 49-year-old Vitek Boden was sentenced to two years in prison for using stolen wireless radio, SCADA controller and control software to release up to one million litres of sewage into the river and coastal waters of Maroochydore in Queens2Along with 27 counts of using a restricted computer to cause detriment or damage, Vitek was also convicted of 1 count of wilfully and unlawfully causing serious environmental harm. The sewerage spill was significant. It polluted over 500 metres of open d
28marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM2804/01/20002000RISIAccidentSystem, device, software or operating failureAccidental Remote Uploading of PLC Program [1] Human Error. [2] Interruption of services and operationCanadaChemical and Farmaceutic industry sectorOil and GasA testing and programming facility for the petroleum company’s PLCs was setup by an engineering consultant in a remote city. An engineer who had just returned from the plant site used his laptop to connect to a PLC he believed was in his office. Instead t5The petroleum company lost approximately 1/2 day of operations and about 10,000 barrels of production.
29marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM2901/01/20012001RISIExternalSystem, device, software or operating failureHackers Target Cal – ISO System [1] Human Error [2] Interruption of services and operation [3] Adulteration or alteration of physical devices and of softwareUnited StatesEnergy sectorEnergyLike the Salt River Project incident, this incident appears to be rampant with conflicting information. The best data we have is that a relatively inexperienced hacker was able to exploit two Solaris servers that were were part of a development network at3“There was an obvious attempt made to penetrate our systems,” said Greg Fishman, spokesman for Cal-ISO, who would not give any more details. “They were able to achieve minimal penetration into a system that we use to demonstrate software. This was never a
30marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM3002/01/20012001RISIAccidentSystem, device, software or operating failureAnti-Virus Software Prevents Boiler Safety Shutdown [1] Interruption of services and operationUnited StatesChemical and Farmaceutic industry sectorOil and GasA TUV approved boiler safety protection system used Microsoft Excel on a PC workstation for programming. This workstation also had Norton anti-virus software running. The AV software prevented the proper communications between the PC and the protection sy4The protection system was incorrectly configured and a safety shutdown that should have occured did not.
31marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM3103/01/20012001RISIAccidentSystem, device, software or operating failureCode Red Worm Defaces Automation Web Pages [1] Interruption of services and operationUnited StatesCritical ManufacturingOil and GasA network monitoring tool (PC running HPOpenView) used on the business side was also being used on the Automation Networks. This computer had two NIC cards installed, one on each network. This network monitoring PC provided a path from the internet, via t3Automation web pages were defaced.
32marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM3204/01/20012001RISIExternalMalware infectionNimda Impact on Manufacturing System [1] Human Error [2] Virus Attack [3] Interruption of services and operationUnited StatesAgricultural sectorAgriculture, food and beverageA major manufacturing company that had implemented a complete anti-virus program for their IT environment. All client hardware was required to have a specific anti-virus program with up-to-date signature files. The IT servers were likewise protected. I5Herculean efforts of the IC and IT staff prevented a production stoppage at this facility, but the recovery effort cost thousands of dollars in staff time due to a lack of preparedness. The virus exploited the common technology, servers and protocol that
33marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM3305/01/20012001RISIExternalSystem, device, software or operating failureDoS Attack Shuts Down Port of HoustonUnited StatesTransport sector and systemsTransportation SystemsAaron Caffrey, 19, was accused of bringing computers to a standstill at the port of Houston in Texas – but was found not guilty by a jury on October 17, 2003. This was despite both the prosecution and defence agreeing that Caffrey’s machine was responsibl4Computers at the port suffered a severe denial-of-service attack on 20 September, 2001. The attack crashed systems at the port which provide crucial data for shipping pilots, mooring companies and support firms responsible for helping ships to navigate in
34marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM3406/01/20012001RISIAccidentSystem, device, software or operating failureWindows Compiler Causes PLC Code to Crash PLCEnglandAgricultural sectorAgriculture, food and beverageWhen making minor changes to a PLC program the PLC started to operate the plant in the wrong way. Valves opened at the wrong time, the batch sequence changed and the operator was unable to control his plant. The PLC in question used a number of subroutine3The organisation was unable to change the program on the PLC for a number of months and the problem was discovered by accident. An additional 3 PLCs had a similar style of programming and were experiencing the same problem.
35marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM3507/01/20012001RISIAccidentSystem, device, software or operating failureElectronic Sabotage of Petroleum Company’s Gas Processing PlantUnited StatesOil and GasOil and GasA gas processing plant operated by US petroleum company was hacked by a supplier, sabatoging the plant. (#2) The plant’s supplier allegedly tried to cover a mistake it made on one computer system by creating a diversion by hacking into three other system5This resulted in shutting off the flow of material to homes and businesses in a Western European country. This incident resulted in contract violations, environmental fines, increased expenses, and lost frevenue for the petroleum company. It took investig
36marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM3608/01/20012001RISIHybridSystem, device, software or operating failureSCADA Attack on Production Plant of Global Chemical CompanyUnknownChemical and Farmaceutic industry sectorChemicalA disgruntled former employee was allegedly trying to disable the plant’s conveyor control, material storage, and chemical operating systems but was caught by a programmer ‘happening to notice unusual activity.’ (#1)1
37marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM3709/01/20012001RISIAccidentUtility SCADA System AttackedUnited StatesEnergy sectorEnergyAn electric power utility allowed a contracted vendor to establish a VPN connection. Neither took adequate steps to ensure proper access protection thinking that the other had. The connection was originally intended to have miminal exposure to the intern4The attack resulted in significant financial impact to the utility even though they did not lose electric power and their customers were not physically affected. The utility lost use of its SCADA system for 2 weeks until the SCADA system could be complete2 weeks
38marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM3801/01/20022002RISIAccidentSoftware Bug Blamed in Radioactive SpillAustraliaManufacturing and automation sectorCritical ManufacturingA pipe burst at the uranium mine and in about four minutes 62,000 litres of radioactive liquid escaped from the pipe into an area around the uranium processing plant. The leak was an acid solution containing a mixture of chemicals including innocuous salt5
39marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM3902/01/20022002RISIAccidentWhitehat Takeover of DCS ConsolesCanadaCritical ManufacturingOil and GasA simulated attack on a DCS during a security audit results in complete administrative takeover of the DCS operator consoles. A whitehat hacker with network access to the control LAN was to connect to selected DCS operator stations and obtain full adminis1None
40marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM4003/01/20022002RISIAccidentHacker Changes Chemical Plant Set Points via ModemCanadaEnergyChemicalOperators noticed set points being changed caused by a dialup modem that was continuously plugin and active.None
41marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM4104/01/20022002RISIAccidentIP Address Change Shuts Down Chemical PlantUnited StatesWater and Wastewater SystemsChemicalOn March 4, 2002, the control room operator’s LAN computer was restarted with a changed IP address. The IP address duplicated the address assigned to an analyzer computer used for continuous emissions monitoring. The analyzer computer locked-up as a res3The loss of signal from the analyzer computer forced a plant shutdown until the network communication problem was resolved 2 hours later.2 hours
42marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM4205/01/20022002RISIAccidentRunaway Remote Control TrainUnited StatesTransport sector and systemsTransportation SystemsA runaway train plowed through NIPSCO’s Michigan City Generating Station hitting another locomotive before the second locomotive’s engineer narrowly jumped to safety. The train was operating with a remote-controlled system that was less than one year old.3Operations were not affected. (#1)
43marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM4306/01/20022002RISIAccidentUK Air Traffic Control Computers FailEnglandTransport sector and systemsTransportation SystemsAir-traffic control computers at the West Drayton control center, near Heathrow Airport, failed causing subsequent failures at the control center in Swanwick, Hampshire. Although the current failure is being attributed to “creaky” old systems that are uns3The glitch meant that all the routes and schedules information normally produced by the computer – called flight strip – had to be prepared by hand. (#2)
44marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM4408/01/20022002RISIAccidentPenetration Test Locks-Up Gas Utility SCADA SystemUnited StatesWater and Wastewater SystemsOil and GasA gas utility hired an IT security consulting company to conduct penetration testing on their corporate IT network and carelessly ventured into a part of the network that was directly connected to the SCADA system causing it to lock-up.4Loss of service to the customer base for 4 hours.4 hours
45marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM4509/01/20022002RISIAccidentSki Gondola Worker Shutdown Control SystemUnited StatesTransport sector and systemsTransportation SystemsA 19-year-old woman faces felony charges for allegedly tampering with a public gondola system, causing a series of 33 shutdowns on the 2.5-mile line that shuttles thousands of people a day over a mountaintop at this ski resort. Alisha Sult, an operator o3Police were asked to investigate after a series of 32 shutdowns of the system over the three days, Mahoney said. Most were shorter than a minute. The shutdowns occurred December 26-28 during the Telluride Ski Resort’s busiest week of the winter season. T
46marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM4611/01/20022002RISIHackers Crash Controller via Web ServiceEnglandManufacturing and automation sectorCritical ManufacturingThere were 2 types of incidents ocurring at the same location in the same time frame: (1) Hackers opened connections with our device , sent messages of unknown nature, then stopped communicating without closing the connection. This exposed a bug in the3Two engineers worked on this problem full time for 3-4 weeks each. The hard part was being able to identify the cause so we could reproduce it at the vendor’s site. Our internal firewalls greatly reduce the likelyhood of these attacks getting through.
47marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM4712/01/20022002RISIElectronic Sabatoge of Venezuela Oil OperationsVenezuelaEnergyOil and GasIn December 2002, PDVSA, Venezuela’s state oil company became embroiled in a bitter strike that saw extensive sabatoge. According to a report in Oil Daily, Ali Rodriguez (the head of the oil company) stated: “[…] we have suffered many acts of sabotag5This and other physical sabatoge apparently cut Venzuela’s national production down to to 370,000 barrels per day, compared with 3 million barrels before the strike. Eight hours loss of production. Unable to load product into waiting tankers.
48marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM4814/01/20022002RISIVirus Infection of Operator Training SimulatorCanadaChemical and Farmaceutic industry sectorOil and GasAn operator training simulator was shipped to the site from the manufacturer in Houston. Prior to connection to the training DCS system, a standard system procedure check detected that the simulator was infected with a common computer virus. It is unlikel3None.
49marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM4904/02/20022002TI SafeA nation-state actor hacked media and publishing giant News CorpUnited StatesCommunication and telecommunications sectorCommunicationsAmerican media and publishing giant News Corp revealed it was victim of a cyber attack from an advanced persistent threat actor that took place in January.3The attack compromised one of the company’s systems and had access to emails and documents of some employees.
50marianna.ferreira@tisafe.com04/06/2024 02:58 PMmarianna.ferreira@tisafe.com04/06/2024 02:58 PM5024/02/20022002TI SafeUkraine falls victim to massive cyber attack, malware deletes all data from PCsUkraineGovernment facilities sectorGovernment FacilitiesCyber ​​attack has been carried out to erase data from computers in Ukraine.4Cyber ​​attack deleted all data from PCs.