Over the past few years, remote hackers have perpetrated numerous attacks against water supply systems, particularly in the U.S.:
In January 2021, a hacker attacked a California water treatment plant and deleted multiple programs required to treat drinking water
In February 2021, an unknown remote hacker accessed the computer systems of a Florida water treatment facility and attempted to poison the city’s water supply with unsafe quantities of sodium hydroxide
In March 2019, an ex-employee of Post Rock Rural Water District in Kansas tampered with the processes used to disinfect water
In each of these cases, remote hackers exploited weak network security and critical unpatched vulnerabilities to tamper with critical processes that could potentially damage public health in serious ways.
Remote cyber attacks on public water systems are on the rise. And in fact, no industry is safe from remote hackers.
A remote attack refers to a malicious attack that targets one or more computers on a network. Remote hackers look for vulnerable points in a network’s security to remotely compromise systems, steal data, and cause many other kinds of problems. Some of the most types of remote attacks are:
The DNS server is tricked into accepting falsified traffic as authentic. Users are then redirected to fake websites where they unknowingly download malicious content like viruses which the attackers exploit further to steal data or compromise systems.
Hackers use port scanning software to find open ports on a network host. To do this, they send packets to each port and determine which ports are open based on the response type. While the scanning itself does not cause damage, threat actors do utilize this method to exploit potential vulnerabilities on the network, and then gain access to it.
Attackers will identify a large number of usernames (accounts), and attempt to guess the passwords for those accounts to gain unauthorized access. They usually use a single commonly-used password in a particular timed interval, e.g., one password a week, to remain undetected and avoid account lockouts. These attempts would be made against VPN or email exchanges, say, Outlook Web Access.
Phishing is one of the most commonly-used methods to gain remote access to corporate networks. Bad actors send emails to potential victims containing malicious links or attachments. They often use urgency, fear or panic to pressure recipients into clicking on these links or downloading these attachments, which then allows the attacker to access the victim’s system.
Here are some ways remote hackers hack into remote access tools to manipulate enterprise systems, steal data, and disrupt businesses.
The problem: Many organizations rely on VPNs to enable remote access for employees. But not all VPNs provide end-to-end encryption, and many still rely on weak or outdated encryption. Remote hackers exploit these weaknesses to compromise enterprise systems.
The solution: Companies should avoid using VPNs with older and less secure protocols. They should also apply regular security patches. It’s also important to only use VPNs that work to prevent IP address leaks, do not collect network log information, provide a kill switch, and provide multifactor authentication for additional security. Multi-factor authentication must also be mandated for each VPN account.
The problem: Many organizations also use Microsoft Remote Desk Protocol (RDP) to mobilize remote access. Remote hackers use online scanning tools to find unsecured RDP endpoints. They then use stolen credentials to exploit such ports, access the network, and lock systems or data that they then use as leverage for ransom payments.
The solution: Outdated RDP versions without the latest security patches are extremely vulnerable to attacks. Microsoft releases updates to vulnerabilities as soon as they’re discovered. But for these patches to take effect, network administrators must ensure that every device is updated. They must also use secure remote desktop and support solutions that ensure corporate security policies are not violated, provide robust user access and rights management, and track all activity to provide thorough audit trails. Lastly, it’s vital not to expose RDP to the Internet. Ideally, at least two layers of security should be implemented before any devices can be remotely managed (e.g., VPN plus credentials for system access).
The problem: A RAT is a malware program that gives a remote hacker administrative “back door” access over a target computer. This malware allows them to access confidential information, delete or alter files, format drives, distribute viruses, etc. Usually, users inadvertently download RATs when they click on a link or download an attachment within a dodgy email.
The solution: To protect themselves, companies must install and update antivirus and anti-malware programs. They must also patch all applications, block unused ports, turn off unused services, and monitor outgoing traffic to prevent infections. It’s also critical to educate employees on why they should not download applications or attachments from non-trusted sources.
In addition to these three methods, it’s important to conduct regular penetration testing. Penetration testing can help organizations find and fix security gaps before remote hackers can exploit them.
Remote hackers have many tools at their disposal to attack all kinds of organizations, including public utilities and critical infrastructure providers. Fortunately, there are multiple ways for organizations to protect themselves against such attacks. We hope this article gives you a good place to get started. If you have further questions about remote attacks, get in touch with the Packetlabs team today.
October 24 - Blog
Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.
September 27 - Blog
InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.
September 26 - Blog
Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.
© 2024 Packetlabs. All rights reserved.