- #Breached plant employees used same teamviewer manual
- #Breached plant employees used same teamviewer password
That said, it’s imperative for organizations to employ sound privileged access security controls to safeguard access to sensitive information systems and monitor live remote sessions. Furthermore, remote sessions, when accessed by unauthorized users, could open the floodgates to sensitive information worth hundreds of millions of dollars.
#Breached plant employees used same teamviewer manual
Manual management and tracking of privileged credentials using spreadsheets is not just cumbersome, but also not reliable owing to the fact that one malicious or ignorant insider is all it takes to expose the credentials to criminals.
#Breached plant employees used same teamviewer password
Poor password practices, such as reusing and sharing critical credentials, are not uncommon and could open several security loopholes for attackers to exploit. Periodic vulnerability scanning and patching of endpoints Identifying and terminating suspicious user activities Monitoring remote user sessions in real time Securing privileged credentials in encrypted databases Including multi-factor authentication controls
This involves following a certain set of basic security hygiene, such as:Įnsuring and mandating strict password policies While it’s crucial to stay on top of threats by employing advanced defence controls, it is equally imperative to consistently ensure that the often ignored or neglected fundamental elements of security (read credentials) are fortified. Security is not a one-time process it has to be approached and improved holistically. The Goldilocks approach to proactive cybersecurity Time and again, incidents like this prove that when passwords are stored in secure vaults and are subject to standard security practices, the chances of getting hacked are far lower. Simply put, it is often the known, neglected, and underestimated vulnerabilities that provide cybercriminals with an opportunity to exploit the administrative access to privileged resources. Since the credentials are legitimate, attackers can mimic legitimate users to avoid being detected.
However, with remote work growing popular across the globe, there has also been a significant surge in the number of remote-session-based attacks, where cyber criminals break into critical infrastructure using compromised credentials. With work from home being a prevailing necessity among the global workforce, corporate VPNs and privileged remote sessions are the only way through which employees can access their corporate resources. Let’s take the attack on the Florida water treatment plant for example-all it took the unidentified perpetrator was one unprotected password to access and handle the control systems remotely. While it is true that attack methods are rapidly evolving, it’s more often misuse of administrative privileges and weak or stolen credentials that are enough to breach any critical infrastructure. They may also use simple techniques, such as phishing, keylogging, and brute forcing to gain access to their target machines. To put things in perspective, there was no sophisticated or complex attack strategy involved in this incident the attacker was able to breach the public infrastructure by simply taking advantage of the treatment plant’s lax security practices.Īttackers do not always need to design advanced hacking algorithms to carry out their plans sometimes they simply pick stolen or compromised credentials from the dark web to hack into critical networks. While the incident is still under investigation, security analysts across the globe have unanimously agreed on the fact that poor access controls and security hygiene have paved the way for this incident. The recent news of a cyberattack on a water treatment plant carried out by a remote perpetrator came as a shock to organizations around the world.Įarlier this month, an unauthorized threat actor had remotely accessed the plant’s control systems via TeamViewer and used it to increase the amount of sodium hydroxide (lye) in water to dangerously higher levels. Fortunately however, a vigilant operator at the plant identified this anomalous activity in real time and blew the whistle internally to prevent any potential damage.
0 kommentar(er)
