Image: ZDNet
In the wake of the Oldsmar incident, where an unidentified attacker gained access to the network of a water purification plant and adjusted chemical doses to dangerous levels, the FBI issued a warning on Tuesday, addressing three security issues facing the ‘s network following the previous hack.
The alert, known as a private industry alert, or FBI PIN, warns about the use of outdated Windows 7 systems, bad passwords and desktop sharing software, TeamViewer, and urges private and federal companies and government organizations review internal networks and access policies accordingly.
TeamViewer considered entry point
The FBI PIN specifically names TeamViewer as a desktop sharing software to note after the app has been confirmed as the attacker’s access to the Oldsmar water purification network.
According to a Reuters report, officials said the intruder was connected twice last Friday via TeamViewer via a computer in the Oldsmar water treatment plant’s network.
In the second one, the attacker actively took over the driver’s mouse, moved it on the screen, and made changes to the sodium hydroxide (lye) levels added to drinking water.
While the operator reversed the changes the hacker made almost immediately, the incident became an immediate point of contention and discussion among security personnel.
One of the most common aspects raised in online discussions was the use of the TeamViewer app to access resources on US critical infrastructure.
In a Motherboard report published on Tuesday, several well-known security experts criticized companies and workers who regularly use the software for remote work, calling it unsafe and insufficient for managing sensitive resources.
Although the FBI PIN alert does not take a critical tone or attitude toward TeamViewer, the FBI would like federal and private organizations to take note of the app.
“Apart from its legal use, TeamViewer allows cybercriminals to exercise remote control over computer systems and drop files onto victims’ computers, making them functionally similar to Trojans for Remote Access (RATs),” the FBI said.
However, TeamViewer’s legal use makes deviant activities less suspicious for end users and system administrators compared to typical RATs.
The FBI warning does not specifically tell organizations to remove TeamViewer or any other desktop sharing software, but warns that TeamViewer and other similar software can be misused if attackers gain access to work account accounts or as remote accounts (such as those used for Windows RDP access) is password protected.
FBI warns against using Windows 7 … again
In addition, the FBI alert also warns about the continued use of Windows 7, an operating system that was at the end of its lifespan last year, on January 14, 2020, a problem that the FBI also warned U.S. companies by last year.
This part of the warning was included because the Oldsmar water purification plant was still using Windows 7 systems in its network.
Although there is no evidence to suggest that the attackers abused Windows 7-specific bugs, the FBI says the use of the old operating system is dangerous as the operating system is not supported and does not receive security updates, which many systems currently use exposing to attacks via newly discovered vulnerabilities.
However, a report by Cyberscope published today highlights the fact that the Oldsmar plant, along with many other U.S. water treatment facilities, is often underfunded and understaffed.
Although the FBI warns against using Windows 7 for good reasons, many companies and US federal and state agencies can do nothing about it, which hinders a serious financial investment to modernize IT infrastructure from top management, something that is not expected at any moment does not become. soon in many places.
In these cases, the FBI recommends a series of basic security practices as an interim way to mitigate threats, such as:
- Use multifactor authentication;
- Use strong passwords to protect the Remote Desktop Protocol (RDP) credentials;
- Insurance viruses, spam filters and firewalls are up to date, properly set up and secure;
- Audit network configurations and isolate computer systems that cannot be updated;
- Check your network for systems that use RDP, close unused RDP ports, apply two-factor authentication where possible, and record RDP login attempts;
- Audit files for all external connection protocols;
- Train users to identify and report social engineering efforts;
- Identify and suspend access for users displaying unusual activities;
- Keep software updated.