“This is cyber Pearl Harbor,” said Philip Lieberman, President and CEO of Lieberman Software. “This is the first time we’ve ever seen a general attack that affects everybody.”
One major security mistake that many organizations make is to leave their IPMI devices’ default passwords unchanged.
Whenever new computers and applications are deployed on a network, they can introduce unforeseen security risks. Shared and default privileged account passwords are introduced through deployment scripts, ghosted images, default appliance credentials and developer “back doors.”
It’s simple for intruders to obtain a list of weak systems from Showdan with a credit card. From there they can take over CNI systems using well known exploits, or powerful and secret zero day attacks available to many governments around the world. In a few hours you can own the infrastructure of an entire country.
Criminals apply the concept of “land and expand” during cyber attacks. This means that when hackers compromise your machine, they exploit that machine to gather user names and passwords for the systems you use (i.e. banking, corporate, social networks, etc.).
Large organizations typically have thousands of privileged accounts, which are often left unmanaged. Rogue insiders, former employees, criminal hackers and sophisticated state-sponsored attackers can exploit these unmanaged privileged accounts to anonymously access and extract an organization’s most critical data.
Why the pessimistic attitude among IT security folks? One assumption is because they realize that vendors of traditional security tools like firewalls and anti-virus are in an almost constant state of catch up, updating their products to reactively protect against yesterday’s threats. Meanwhile hackers, rogue nation states and others are looking for new flaws which they can exploit in tomorrow’s attacks.
If you’ve been following the news over the last 6 months or so, you may have noticed an uptick in articles related to Critical National Infrastructure (CNI) security legislation. You may have also seen more reports of cyber-attacks against a wider variety of targets by entities other than criminal elements seeking financial gain. Why is that?
I’ve been in the security software industry for many years and my company focuses on privileged identity management, so it kills me every time I get a call from a potential customer telling me that they suffered a breach because of a lack of common sense and need our help to get things back under control.
Foreign-made security appliances are widely deployed on the networks of our country’s most sensitive government agencies and public utilities. And these appliances come pre-installed with default passwords – hidden backdoors that create all sorts of security holes.