Social Engineering: Your automation network's largest security vulnerability
When most people think about cyber security, they probably conjure up thoughts of someone locked away in a dark room, wearing the same gray hoodie for months. Staring at a screen for days at a time looking for just the right network packet to tell them where and how to attack. But that's not always how hacking is done.
We imagine the typical hacker staring at lines of code and process control network packets streaming across the screen of a MacBook Pro, its lid all decked out with programming language stickers and anti- establishment rhetoric.
Our hacker's pale face hasn’t seen the light of day in weeks. With acid techno blaring away in their headphones, they’ve been busily hacking away, brute-forcing that four-character password on the PLC you left connected to your public DSL connection.
If only that old DSL router you pulled out of the closet supported NAT connections based on TCP ports, you could’ve at least added some level of security to your PLC network. But you opted to connect the PLC directly to the Internet. And now our imaginary hacker just used Brutus to crack your password.
With access to the city’s process control network and water treatment system, they’ll surely be back for a ransomware attack on the district in a few weeks.