A Cyber Breach in Littleton, Massachusetts

A small town in Massachusetts just experienced a major cybersecurity shock. Hackers secretly broke into the computer network of the Littleton Electric Light and Water Departments (LELWD) and stayed inside for almost a year.A group called Volt Typhoon launched this attack in February 2023, but security experts did not discover it until November 2023.

Microsoft identified them in May 2023 and has since linked them to multiple attacks across the U.S. Their main targets? America’s most critical infrastructure—things like power, water, and communication systems. Microsoft identified them in May 2023 and has since linked them to multiple attacks across the U.S.

The hackers were inside the LELWD system for 300 days before security experts finally detected them. While no customer information was stolen, this long-term presence in the system raised serious concerns. If left unnoticed, they could have potentially gained control over critical operations, leading to massive disruptions.

How the Hackers Got In and Moved Around

At the time of the attack, LELWD was already working with Dragos, a cybersecurity firm that specializes in protecting industrial systems. But despite their efforts, the hackers still managed to get inside.After discovering the breach, Dragos and LELWD quickly joined forces to investigate the attack and prevent the hackers from advancing further.

The cybercriminals used advanced techniques to move through the system without being noticed. These included:

• Server Message Block (SMB) Traversal: A method used to jump between different computers in a network.
• Remote Desktop Protocol (RDP) Lateral Movement: A technique allowing hackers to control different machines from a distance, making it easier to spread deeper into the system.

Cybersecurity experts detected the attack after the hackers had already spent a long time inside the system. Acting quickly, they blocked the intruders from causing more damage.

The Growing Danger of Cyber Attacks on Utilities

Cyberattacks on important systems like electricity and water are becoming more common. The problem is especially serious for smaller utilities that may not have the same level of cybersecurity as larger companies. Hackers often target these smaller organizations because they can be easier to break into.

Experts warn that attackers like Volt Typhoon often start their attacks using zero-day vulnerabilities—security weaknesses that no one knows about yet. These hackers don’t just steal data immediately. Sometimes, they wait, watching and planning for the right time to strike. They could disrupt entire systems or steal valuable information whenever they choose.

Another big challenge is the aging technology used in critical infrastructure. Many of these systems were designed years ago and are not equipped to handle modern cyber threats. Devices that once followed strong security practices may now be vulnerable to new and more sophisticated attacks. Hackers take advantage of this, knowing that many organizations struggle to update old systems without interrupting service.

Security experts say that cybercriminals also build vast networks of hacked devices, known as botnets, to carry out attacks. These botnets help them hide their real location and make it harder for authorities to trace them. To make matters worse, hackers are now using more advanced techniques to avoid detection, including methods like Living off the Land (LOTL)—a tactic where they use built-in system tools to carry out attacks instead of bringing in outside malware.

A Wake-Up Call for Utility Providers

The breach at LELWD is a warning sign for all utility providers. Hackers remained inside the system for nearly a year before cybersecurity experts discovered the attack, highlighting the challenges of detecting such threats With attacks on power grids, water systems, and other critical services becoming more frequent, cybersecurity experts stress the need for constant monitoring, stronger defenses, and better collaboration between IT and operational teams.

Cyber threats are no longer just a problem for big companies or government agencies. They are now affecting communities of all sizes, making it essential for every organization to stay vigilant and prepared for future attacks.