Advertisement Banner
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home News

Too many default ‘admin1234’ passwords increase risk for industrial systems, research finds

admin by admin
January 18, 2023
in News


Written by Christian Vasquez

Jan 18, 2023 | CYBERSCOOP

Easily guessed default passwords can be a malicious hackers’ easiest way to infiltrate a target. And all too often, according to research released Wednesday, operators of critical infrastructure companies aren’t updating off-the-shelf security credentials in internet devices connected to industrial systems.

“We’re seeing a lot of the ‘admin1234,’ meaning that [hackers are] still going to be using default credentials in hopes that no one is changing the credentials for IoT devices — which is pretty accurate,” said Roya Gordon, security research evangelist at Nozomi Networks, a cybersecurity firm that specializes in industrial security.

The lack of the most basic security precaution is especially alarming in critical infrastructure. These organizations operate chemical plants, pipelines, utilities, hospitals and other industries that support essential functions of daily life.

Critical infrastructure cybersecurity has become such a concern in the U.S. that the Biden administration has made it a top national security priority. The White House is expected to release an updated national cybersecurity strategy in the coming weeks and the administration is likely to call for mandatory cybersecurity rules for particularly vulnerable industries, according to The Washington Post.

While much of the critical infrastructure that is owned and operated by the private sector is not heavily regulated for cybersecurity, calls for tougher mandates have grown in recent years following digital assaults such as the Colonial Pipeline ransomware attack.

The administration has taken some additional measures recently, as well. Late last year, the Transportation Security Administration released cybersecurity requirements for the rail and transit sectors. The mandates are in addition to the security directives for the pipeline industry after Colonial Pipeline.

Gordon expects that internet-connect devices will grow quickly inside industrial companies especially with the rise of digitization such as critical manufacturing. “Integrating IoT in manufacturing environments, smart manufacturing, smart buildings: that just means more vulnerable devices,” she said.

The Nozomi report examined industrial control system threat landscape over the past six months and based its research on the types of attacks on the company’s honeypots. The company also noted that the growing threat facing critical infrastructure is a global problem given the last year’s spree of wiper malware attacks designed to erase hard drives.

Since the beginning of the Ukraine war, researchers have identified at least 10 new types of wiper malware targeting Ukrainian organizations. Researchers and officials attributed many of those attacks to Russia.

Additionally, Nozomi pointed to an attack last year by the Iranian hacktivist group Gonjeshke Darandethat, also known as Predatory Sparrow. The group appears to have launched a series of intrusions that used wiper malware against critical infrastructure.



Source link

Previous Post

Imran Khan’s Party Dissolves Assembly in Pakistan’s Khyber Pakhtunkhwa – The Diplomat

Next Post

Substation Transformer in North Carolina Damaged by ‘Apparent Gunshot’

Next Post

Substation Transformer in North Carolina Damaged by ‘Apparent Gunshot’

Recommended

Explosion on Istanbul’s pedestrian avenue; several hurt

3 months ago

CISA researchers: Russia’s Fancy Bear infiltrated US satellite network

2 months ago

© 2022 Law Enforcement News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Cyber News
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact

© 2022 Law Enforcement News Hubb All rights reserved.