Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Data Breaches

US DHS confirms control system was breached

Paul Anderson by Paul Anderson
May 23, 2014
in Data Breaches, Security
0
DHS
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

The United States Department of Homeland Security and its Industrial Control Systems Cyber Emergency Response Team, aka ICS-CERT, issued a report this week (PDF ) confirming several recent attacks.

You might also like

BreachForums Owner Arrested and Charged

US politicians personal details compromised in hack

Acer corporate confirms breach – data being sold for Monero

The report on the very first quarter of 2014 occurrences discussed information on an unnamed public utility which was recently breached by means of a sophisticated threat actor who acquired unauthorized entry to its control system network. It turned out that the software utilized by the utility to manage the control system assets were available through its Internet facing hosts.

ICS-CERT examined accessible network logs and forensics to discover that:

  • The systems were likely exposed to a number of security threats
  • Previous intrusion activity was also identified
  • Recommendations were to ensure that potential attack vectors such as remote access should be configured with appropriate security controls, monitoring, and detection capabilities.

Security and cyber risk are actually new inclusions in their list of concerns, and not all are prepared to evaluate and correct configuration errors and vulnerabilities.“ICS-CERT strongly encourages taking immediate defensive action to secure ICSs by using defense-in-depth principles. Audit your networks for Internet facing devices, weak authentication methods, and component vulnerabilities.”

ICS-CERT also recommends users take defensive measures to minimize risk of exploitation:

  • Minimize network exposure for all control system devices. In general, locate control system networks and devices behind firewalls and isolate them from the business network
  • When remote access is required, employ secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices
  • Remove, disable or rename any default system accounts wherever possible
  • Implement account lockout policies to reduce the risk from brute forcing attempts
  • Establish and implement policies requiring the use of strong passwords
  • Monitor the creation of administrator level accounts by third-party vendors
  • Apply patches in the ICS environment, when possible, to mitigate known vulnerabilities

You can read more on the breach here.

Tags: breachedDHShacked
Share30Tweet19
Paul Anderson

Paul Anderson

Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the top of the page.

Recommended For You

BreachForums Owner Arrested and Charged

by Paul Anderson
March 17, 2023
0
BreachForums Owner Arrested and Charged

On Wednesday afternoon, federal agents arrested a man in Peekskill, New York, for allegedly running a dark web data breach site known as "BreachForums." The suspect, Conor Brian...

Read more

US politicians personal details compromised in hack

by Kyle
March 9, 2023
0
US politicians personal details compromised in hack

A hacker has claimed that personally identifiable information (PII) belonging to several members of the US Congress may have been compromised in a cyberattack on DC Health Link,...

Read more

Acer corporate confirms breach – data being sold for Monero

by Kyle
March 8, 2023
0
Acer corporate confirms breach – data being sold for Monero

Acer, the sixth-largest PC maker in the world, has confirmed that it suffered a data breach in mid-February 2023 that compromised its intellectual property and other sensitive data....

Read more

Stolen credit card market BidenCash leaks over 2 million credit cards

by Paul Anderson
March 3, 2023
0
Stolen credit card market BidenCash leaks over 2 million credit cards

BidenCash, a marketplace that focuses on carding, has leaked a database of 2,165,700 credit and debit cards to celebrate its first anniversary. Instead of keeping the leak a...

Read more

Blackmailing data thieves who targeted thousands of businesses apprehended

by Paul Anderson
February 26, 2023
0
Blackmailing data thieves arrested by Dutch police

The Dutch police recently apprehended three additional suspects in what is considered one of the most significant data extortion cases to date. These suspects, aged between 18 and...

Read more
Next Post
Low Level IPhone programming

Low Level IPhone programming

Related News

NSA intercepting U.S. Routers

NSA intercepting U.S. Routers

June 6, 2014 - Updated on March 17, 2023
Netwire RAT seized by FBI and other worldwide police agencies

Netwire RAT seized by FBI and other worldwide police agencies

March 16, 2023
The Emotet botnet returns and is sending a slew of malicious emails

The Emotet botnet returns and is sending a slew of malicious emails

March 14, 2023
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology News
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Tools
  • Contact Us
  • Privacy Policy

© 2022 ZeroSecurity, All Rights Reserved.