See on Scoop.it – IT SEC TOOLS
Reuters reports that the U.S. Department of Homeland Security (DHS) has
acknowledged that an unidentified public utility in the U.S. was recently
compromised by a sophisticated hacker group.In a report [PDF], DHS’ Industrial Control Systems Cyber Emergency Response
Team (ICS-CERT) explained that the software used to mange the utility’s
control system was accessible via the Internet. “The systems were
configured with a remote access capability, utilizing a simple password
mechanism; however, the authentication method was susceptible to compromise
via standard brute forcing techniques,” the report states.An ICS-CERT investigation found that the system had been breached
previously, and worked with the utility’s owners to evaluate the overall
security of their infrastructure and to make practical recommendations for
securing the control network.ICS-CERT Monitor Jan-April2014
See on sto-strategy.com
[STO Strategy] 