http://news.techworld.com/security/3520791/public-utility-compromised-after-brute-force-attack-dhs-says/
By Jeremy Kirk
Techworld.com
21 May 2014
A public utility in the U.S. was compromised after attackers took
advantage of a weak password security system, according to a U.S.
Department of Homeland Security team that studies cyberattacks against
critical infrastructure.
The utility's control system was accessible via Internet-facing hosts and
used a simple password system, wrote the Industrial Control Systems Cyber
Emergency Response Team (ICS-CERT) in a report on incidents covering the
first quarter of this year.
The utility, which was not identified, was vulnerable to a brute-force
attack, where hackers try different combinations of passwords until the
right one is found. An investigation showed the utility was attacked
before.
"It was determined that the systems were likely exposed to numerous
security threats, and previous intrusion activity was also identified,"
ICS-CERT wrote in the report.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
