The US Cybersecurity and Infrastructure Security Agency (CISA) has urged manufacturers to end default passwords on internet-exposed systems due to the severe risks posed by malicious actors.
In a recent alert, CISA highlighted the exploitation of operational technology devices by Iranian threat actors affiliated with the Islamic Revolutionary Guard Corps (IRGC) who used default passwords to gain access to critical infrastructure systems in the US.
“IRGC-affiliated cyber actors using the persona ‘CyberAv3ngers’ are actively targeting and compromising Israeli-made Unitronics Vision Series PLCs that are publicly exposed to the internet, through the use of default passwords. The PLCs may be rebranded and appear as different manufacturers and company names,” wrote CISA in their alert.
Default passwords are publicly documented and identical across a vendor’s product line, making them susceptible to exploitation. Threat actors – armed with tools like Shodan – can scan for internet-exposed endpoints and breach them through default passwords, often gaining administrative privileges.
To address these vulnerabilities, CISA recommends manufacturers adopt secure by design principles, providing unique setup passwords or disabling default passwords after a set time period. Additionally, users should enable phishing-resistant multi-factor authentication (MFA) methods.
Manufacturers are also advised to conduct field tests to understand how customers deploy their products and identify any unsafe mechanisms. The goal is to bridge the gap between developer expectations and actual customer usage, ensuring the easiest route is the secure one.
Last week, CISA – along with the FBI, NSA, Polish Military Counterintelligence Service (SKW), CERT Polska, and the UK’s National Cyber Security Centre (NCSC) – released a separate joint advisory alerting to Russian Foreign Intelligence Service (SVR)-affiliated actors exploiting CVE-2023-42793 “at a large scale,” targeting servers hosting JetBrains TeamCity software since September 2023.
That advisory follows a warning from the UK earlier this month that directly accuses Russia’s Security Service, the FSB, of orchestrating a sustained cyber-hacking campaign targeted at politicians and public figures. Ahead of Western elections next year, it’s likely cyberattacks will continue to increase.
The NSA, Office of the Director of National Intelligence (ODNI), and CISA have jointly published recommended practices to enhance software supply chain security and open-source software management processes.
“Organisations that do not follow a consistent and secure-by-design management practice for the open source software they utilise are more likely to become vulnerable to known exploits in open source packages and encounter more difficulty when reacting to an incident,” said Aeva Black, CISA Open Source Software Security Lead.
“For this reason, CISA is very pleased to have co-produced this guide with NSA, ODNI, and industry partners, which can be used by organisations of all sizes to improve the safety and security of their open source software management practices.”
(Photo by Towfiqu barbhuiya on Unsplash)
See also: Ukrainians grapple with telecoms outages following cyberattack
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with IoT Tech Expo and Digital Transformation Week.
Additionally, the upcoming Cloud Transformation Conference is a free virtual event for business and technology leaders to explore the evolving landscape of cloud transformation. Book your free virtual ticket to explore the practicalities and opportunities surrounding cloud adoption.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
