Unnamed utility supplier and control system managing a mechanical device both hacked, according to official US security body
The US Department of Homeland Security has warned organisations running industrial control systems that an unnamed utility service was recently compromised.
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said it worked with the company and determined its systems were vulnerable and detected “previous intrusion activity”.
Hacking of the company’s systems would have been fairly trivial, the ICS-CERT report covering the incident indicated.
“A public utility was recently compromised when a sophisticated threat actor gained unauthorized access to its control system network,” read the report from the ICS-CERT.
“After notification of the incident, ICS-CERT validated that the software used to administer the control system assets was accessible via Internet facing hosts. The systems were configured with a remote access capability, utilising a simple password mechanism; however, the authentication method was susceptible to compromise via standard brute forcing techniques.”
The government security body also said it had uncovered a breach of “an unprotected, Internet-connected, control system operating a mechanical device”. The hacker had breached the security of a supervisory control and data acquisition (SCADA) protocol, which are often weak.
Worryingly, the device was not protected by a firewall or authentication access controls. “This incident highlights the need for perimeter security and monitoring capabilities to prevent adversaries from discovering vulnerable ICSs and using them as targets of opportunity,” ICS-CERT added.
Many are worried about the poor protection surrounding critical infrastructure, especially as SCADA systems have repeatedly been shown up as vulnerable.
ICS-CERT urged users to take advantage of tools available to them to shore up their control system networks.
“ICS-CERT strongly encourages taking immediate defensive action to secure ICSs by using defense-in-depth principles. Audit your networks for Internet facing devices, weak authentication methods, and component vulnerabilities.
“Understand the usage of tools, such as SHODAN and Google, and leverage those platforms to enhance awareness of the Internet accessible devices that might exist within your infrastructure.”
How well do you know network security? Try our quiz and find out!