The US FBI has issued a Private Industry Notification warning to the federal and private companies after the Oldsmar plant attack. The attack which happened last week where hackers almost supplied water with dangerous chemical content, has happened because of old passwords, running systems on Windows 7, and using TeamViewer, says FBI.
Weak Passwords, Windows 7, and TeamViewer
The Oldsmar attack that happened last week is critical and a close one. Unknown hackers have managed to access the water treatment plantโs operator system and altered the sodium hydroxide (lye) levels added to the water. This would have sickened all the citizens but was immediately rectified by the operator, fortunately.
After investigating the incident, the FBI came up with three major flaws that led to this almost succesful attack. Number one, itโs the TeamViewer! Yes, the FBI has specifically mentioned TeamViewer since the remote control software was being used by operators while this attack happened.
Also Read- TeamViewer Alternatives
Itโs said that the hacker was able to move the operatorโs mouse and alter the chemical values into the water, which was then immediately rectified. Though the FBI didnโt specifically ask citizens to uninstall TeamViewer, it warned that usage of such software can be threatening sometimes.
Thus, they should be handled with caution, and loopholes in such remote handling software should be rectified before any threat actor abuses it. Moving on, the FBIโs PIN also talked about the usage of Windows 7, again! This agency has warned users about using the outdated software last year, that it can be harmful since it no longer receives any security patches.
Though thereโs no evidence saying that hackers abused any known vulnerabilities in Windows 7 in the Oldsmar attack, the FBI warns about potential cyberattacks arising from using it. At last, it asked citizens to stop using weak passwords that are easily guessable. Something thatโs obvious can be easily cracked and abused. So, it mentioned the following guidelines;
- Use multi-factor authentication;
- Use strong passwords to protect Remote Desktop Protocol (RDP) credentials;
- Ensureanti-virus, spam filters, and firewalls are up to date, properly configured, and secure;
- Audit network configurations and isolate computer systems that cannot be updated;
- Audit your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts;
- Audit logs for all remote connection protocols;
- Train users to identify and report attempts at social engineering;
- Identify and suspend access of users exhibiting unusual activity;
- Keep software updated.