Information Security News mailing list archives
Public utility compromised after brute-force attack, DHS says
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 21 May 2014 09:11:55 +0000 (UTC)
http://news.techworld.com/security/3520791/public-utility-compromised-after-brute-force-attack-dhs-says/ By Jeremy Kirk Techworld.com 21 May 2014A public utility in the U.S. was compromised after attackers took advantage of a weak password security system, according to a U.S. Department of Homeland Security team that studies cyberattacks against critical infrastructure.
The utility's control system was accessible via Internet-facing hosts and used a simple password system, wrote the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in a report on incidents covering the first quarter of this year.
The utility, which was not identified, was vulnerable to a brute-force attack, where hackers try different combinations of passwords until the right one is found. An investigation showed the utility was attacked before.
"It was determined that the systems were likely exposed to numerous security threats, and previous intrusion activity was also identified," ICS-CERT wrote in the report.
[...] -- Subscribe to InfoSec News http://www.infosecnews.org/subscribe-to-infosec-news/
Current thread:
- Public utility compromised after brute-force attack, DHS says InfoSec News (May 21)