Water
Most security failures provide an excellent what-not-to-do guide, even if the issues are usually depressingly basic. Such is the case with the Florida water treatment plant which someone accessed and tried to contaminate. The hacker accessed a computer at the plant which was running TeamViewer (an app commonly used for remote access and support). The problem in this case was that all the facility's computers shared the same password for remote access and they were all connected directly to the internet without a firewall. They were also running Windows 7, which Microsoft no longer supports. The attack failed because an employee noticed his cursor moving when he wasn't doing anything.
Checklist
The FBI has issued advice about how to prevent such incidents. It's basic...but so was the way the attacker accessed the facility's systems.
- Use multi-factor authentication
- Use strong passwords to protect Remote Desktop Protocol (RDP) credentials
- Ensure anti-virus, spam filters, and firewalls are up to date, properly configured and secure
- Audit network configurations and isolate computer systems that cannot be updated
- Audit your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts
- Audit logs for all remote connection protocols
- Train users to identify and report attempts at social engineering
- Identify and suspend access of users exhibiting unusual activity
- Keep software updated
Going cheap
Less than $2,000 will buy you administrator access to the network of a medium-sized company with a few hundred employees, according to research by threat intelligence firm, Kela. The price to breach larger organisations is much higher but, despite that, the average cost is less than $7,000. Nearly half of the access methods relate to remote desktop, VPNs, remote code execution and Citrix products. Buyers most commonly use the access to attack their targets with ransomware.