Brute-Force Cyber Attacks Intensify on Critical Infrastructure
The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned that attacks against critical infrastructure are growing, with more than 200 brute-force cyber attack incidents reported between October and May, surpassing the 198 total attacks in all of FY 2012.
According to a ComputerWorld article, the newly issued report state that more than half of the attacks were against the energy sector – 49 malicious IPs attacked natural gas companies across the Midwest and Plains. A further 17 percent of attacks targeted the manufacturing sector.
On June 24, US-CERT issued the first security alert for leaving the vendors’ default passwords in place on Internet-connected devices. “Any system using password authentication accessible from the internet (sic) may be affected. Critical infrastructure and other important embedded systems, appliance and devices are of particular concern,” the alert warns, adding that it is imperative to change the manufacturer’s password, as the lists of such defaults are easily obtained online.