US public utility’s network hacked, says Homeland Security report

Security

by CBR Staff Writer| 21 May 2014

It suspects similar attacks happened in the past too.

A public utility in the US was recently attacked by cyber criminals and its control system network was hacked, revealed the Department of Homeland Security.

A report released by Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a unit of the department, did not make the name of the utility public.

ICS-CERT said that the software used to administer the control system assets was accessible via Internet facing hosts.

"The systems were configured with a remote access capability, utilizing a simple password mechanism; however, the authentication method was susceptible to compromise via standard brute forcing techniques," the report said.

The team has analysed the network logs and found that the systems must have been attacked in the past as well.

The report said, "This incident highlights the need to evaluate security controls employed at the perimeter and ensure that potential intrusion vectors (ex: remote access) are configured with appropriate security controls, monitoring, and detection capabilities."

ICS-CERT received 181 vulnerability reports in 2013; 87% of them were prone to exploitation remotely while the remaining required local access.

Authentication flaws formed 33% of the vulnerabilities, followed by denial of service at 14%.

The team recommends users to minimize network exposure and configure ICSs behind firewalls to avoid attacks.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

755 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.