Remote Access endangers Water Utilities

In recent years, several cyberattacks have been targeting utilities in general, and water infrastructure in particular. These attacks exploited vulnerabilities in industrial control and monitoring software and took advantage of insecure remote access systems. Fortunately, these incidents did not cause extensive physical damage to the water systems themselves or harm public health. However, the mere fact that such attacks succeeded is reason enough to study the attackers’ methods and improve security mechanisms to prevent similar incidents in the future. 

A look back at the history of cyber attacks against Water Utilities

Several attacks have been made public, illustrating the vulnerability and potentially devastating impact of such attacks. One notable example of such an attack was recorded in 2019 in Ellsworth County, Kansas. In that case, a disgruntled employee managed to access the control system and attempted to alter the levels of caustic soda used for water purification to potentially toxic levels. The breach required no advanced hacking skills—he simply used a remote access program called TeamViewer to change values in the control system.

‍
A remarkably similar incident occurred about two years later in Oldsmar, Florida, where again, an employee accessed systems through a remote control platform and tried to modify caustic soda levels used in water treatment.

‍
In 2023, Iranian hackers successfully breached the water systems of Aliquippa, Pennsylvania, reached a controller responsible for water pressure, and disabled one of the pumps. According to reports, the same hacker group also attacked water infrastructure in Israel around the same time.

‍
The city of Muleshoe, Texas, suffered a cyberattack from Russian hackers who managed to cause a leak from one of the city’s water tanks. Fortunately, it was detected and contained before any damage or disruption to the city’s water supply occurred. Throughout 2024 and 2025 attackers penetrated the backend and billing systems of various water utilities worldwide, infected them with ransomware, and disrupted their operations. The British Drinking Water Inspectorate (DWI) reported 5 cyber attacks impacting water plants throughout 2024 and 2025, and in October 2025 the Canadian Cyber Centre and the Royal Canadian Mounted Police issued an alert regarding hacktivists attacking internet-facing ICS devices- including an incident that involved hackers tampering with water pressure values at a water facility, resulting in degraded service for its community.

‍
One of the most notable attacks was directed against a water-utility in Denmark. According to the Danish water-sector account, the pump control environment had been made reachable via an insecure VNC system. Access protection was weak: the VNC access used a simple 4‑digit PIN (The waterworks stated they had previously used a more secure remote connection provided by the SRO vendor, but later switched to a cheaper alternative that turned out to be less secure). Once inside, the attackers directly changed pump pressure settings:

Pump pressure was set to manual “0%” (result: ~450 households without water for about 1 hour).

Pump pressure was later changed again—this time to 100%, which burst a water pipe, leaving about 50 households without water for around 7 hours while repairs were made.

The operators also reported that the pump system was “locked” and they could not recover control remotely, requiring on-site response and support from their SRO supplier to restore operations within a few hours.

How can such attacks be prevented?

An analysis of these incidents reveals that many of these attacks involved the use of remote access software such as Teamviewer or abused unsecured VPN connection. Such tools allow employees and subcontractors to connect remotely to infrastructure systems, bypassing standard security mechanisms and often lack sufficient monitoring or control. In addition some incidents indicate the lack of proper separation between IT and OT networks, allowing an attacker who breaches the IT network to also reach the industrial control systems.

Zeroport’s solution

Zeroport has developed a secure connectivity solution that allows remote access to an organization in a safe way- enabling all necessary operations without exposing the organization to the internet, allowing malware infiltration or data exfiltration.
This solution allows water utilities to provide secure and convenient remote access for employees, contractors, and suppliers, saving time and money without compromising security. ZeroPort’s technology has already been successfully tested in various water utilities. Contact us today to learn more about Fantom Edge.

‍