Weak Passwords, Windows 7, and TeamViewer
The Oldsmar attack that happened last week is critical and a close one. Unknown hackers have managed to access the water treatment plant’s operator system and altered the sodium hydroxide (lye) levels added to the water. This would have sickened all the citizens but was immediately rectified by the operator, fortunately. After investigating the incident, the FBI came up with three major flaws that led to this almost succesful attack. Number one, it’s the TeamViewer! Yes, the FBI has specifically mentioned TeamViewer since the remote control software was being used by operators while this attack happened. Also Read- TeamViewer Alternatives It’s said that the hacker was able to move the operator’s mouse and alter the chemical values into the water, which was then immediately rectified. Though the FBI didn’t specifically ask citizens to uninstall TeamViewer, it warned that usage of such software can be threatening sometimes. Thus, they should be handled with caution, and loopholes in such remote handling software should be rectified before any threat actor abuses it. Moving on, the FBI’s PIN also talked about the usage of Windows 7, again! This agency has warned users about using the outdated software last year, that it can be harmful since it no longer receives any security patches. Though there’s no evidence saying that hackers abused any known vulnerabilities in Windows 7 in the Oldsmar attack, the FBI warns about potential cyberattacks arising from using it. At last, it asked citizens to stop using weak passwords that are easily guessable. Something that’s obvious can be easily cracked and abused. So, it mentioned the following guidelines;
Use multi-factor authentication; Use strong passwords to protect Remote Desktop Protocol (RDP) credentials; Ensureanti-virus, spam filters, and firewalls are up to date, properly configured, and secure; Audit network configurations and isolate computer systems that cannot be updated; Audit your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts; Audit logs for all remote connection protocols; Train users to identify and report attempts at social engineering; Identify and suspend access of users exhibiting unusual activity; Keep software updated.
