Vulnerabilities related to exposure of passwords can pose significant risk to ICS and OT
X Cyber Group (XCyber?)
We work with clients to keep data, people and businesses protected within the geography of the internet.
Vulnerabilities related to the exposure of passwords can pose a significant risk to industrial control systems (ICS) and other types of operational technology (OT). SecurityWeek spoke with multiple experts about the prevalence of such flaws and their potential impact.
Threat actors exploiting weak or default passwords to conduct attacks aimed at ICS systems are a reality. In late 2023, hackers linked to the Iranian government hijacked ICS at a municipal water authority in Pennsylvania and water utilities in multiple other states around the US.?
In response, the cybersecurity agency CISA urged device manufacturers to stop relying on customers to change default passwords.
In addition to default passwords, software vulnerabilities that can allow attackers to obtain a product’s password can also pose a significant risk to organizations. In recent weeks, CISA published at least three advisories describing security holes related to the exposure of passwords.
Read Eduard Kovacs's report here: