According to a report from the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a “sophisticated” hacker recently gained access to the control system network of an undisclosed public utility.
ICS-CERT said that the software used to administer the control system was accessible via Internet-facing hosts, but used a simple password system that was susceptible to brute-force attacks. These attacks consist of hackers trying a combination of different passwords until the correct one is found. In addition, the report said that this was also not the first time that the utility’s network had been compromised.
“It was determined that the systems were likely exposed to numerous security threats and previous intrusion activity was also identified. ICS-CERT conducted an onsite cybersecurity assessment in response to this incident to assist the asset owners with evaluating the overall security posture of their infrastructure,” wrote ICS-CERT.
As a result of this evaluation, ICS-CERT made several recommendations as it pertained to “re-architecting and securing” the utility’s control network.
“This incident highlights the need to evaluate security controls employed at the perimeter and ensure that potential intrusion vectors (ex: remote access) are configured with appropriate security controls, monitoring, and detection capabilities,” the report said.