Public utility compromised after brute-force attack, DHS says

Author: 
Coverage Type: 

A public utility in the US was compromised after attackers took advantage of a weak password security system, according to a US Department of Homeland Security team that studies cyberattacks against critical infrastructure.

The utility's control system was accessible via Internet-facing hosts and used a simple password system, wrote the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in a report on incidents covering the first quarter of 2014. The utility, which was not identified, was vulnerable to a brute-force attack, where hackers try different combinations of passwords until the right one is found.

An investigation showed the utility was attacked before.

"It was determined that the systems were likely exposed to numerous security threats, and previous intrusion activity was also identified," ICS-CERT wrote in the report. ICS-CERT warned that it is easy for hackers using search engines such as Google and SHODAN to find Internet-connected control systems "that were not intended to be Internet facing."

The report described a second cyberattack but did not specify what type of organization was affected. In that instance, an Internet-connected control system that operated a mechanical device was accessed by an attacker using a cellular modem. The access has been gained using a SCADA (supervisory control and data acquisition) protocol, the team wrote. "The device was directly Internet accessible and was not protected by a firewall or authentication access controls," ICS-CERT wrote.


Public utility compromised after brute-force attack, DHS says Internet performance and management company Dyn acquires Renesys (GigaOm) Public utility hit by hackers, feds claim (The Hill)