Hackers found and cracked this fake electricity substation network in just two days
Originally Posted August 7, 2018 – ZDNET
This article describes a honeypot that went live in an attempt to lure would be hackers to break into what appeared to be a real power substation complete with an IT, OT, and HMI components. Three services were public Internet facing – Sharepoint, SQL, and a domain controller with remote access services like RDP and SSH. They purposely set weak passwords on this system. Within 2 days of connecting this fake system to the internet, links had been posted by a black market seller indicating that this exploit may be for sale. Exploits included common RDP user rights modification allowing multiple sessions, and creation of alternate users. Over 10 days while the honeypot was live – it was exposed to cyptomining bots, phishing bots, DDoS bots, which is not all that atypical.
What this exercise shows that there are some pretty basic exploits that can be carried out when weak passwords are employed. Having a password policy that puts emphasis on the number of characters not how many special ASCII characters can be added. In addition to passwords, adding a layer of authentication using one of many 2 factor authentication services (2FA) could decrease the potential of a network being compromised
Do you have public facing services in your IT, or OT environment? What steps have you taken to secure these resources?
Rotalec is pleased to offer eWON as a trusted remote access hardware and software service with a focus on security. Want to take it further? Secure the Industrial Control System (ICS) by implementing a platform such as Bedrock’s Open Secure Automation Platform. These are but two of the IIoT focused vendors Rotalec offers.