The US Cybersecurity and Infrastructure Security Agency (CISA) has urged manufacturers to eliminate default passwords on internet-exposed systems, warning that these credentials present serious risks when exploited by malicious actors.
In a recent alert, CISA highlighted incidents where Iranian-affiliated cyber actors linked to the Islamic Revolutionary Guard Corps (IRGC) used default passwords to access operational technology devices, gaining entry to critical infrastructure components in the United States.
“IRGC-affiliated cyber actors using the persona ‘CyberAv3ngers’ are actively targeting and compromising Israeli-made Unitronics Vision Series PLCs that are publicly exposed to the internet, through the use of default passwords. The PLCs may be rebranded and appear as different manufacturers and company names,” CISA wrote in its advisory.
Default passwords are often publicly documented and identical across a vendor’s product range, making them easy targets for attackers. Adversaries can use publicly available scanning tools to locate internet-facing devices and attempt logins with known defaults, frequently obtaining administrative access when those credentials remain unchanged.
To mitigate these threats, CISA recommends that manufacturers adopt secure-by-design practices. Suggested measures include provisioning unique setup passwords for each device, forcing password changes during initial setup, or disabling default credentials automatically after a short period. CISA also advises users to enable phishing-resistant multi-factor authentication (MFA) where possible to add an additional layer of protection.
Manufacturers should perform field testing to learn how customers actually deploy products and to identify unsafe or unintentionally insecure configurations. Understanding real-world usage helps ensure that secure options are the simplest choices for users, reducing the chance that convenience encourages insecure behavior.
Separately, CISA, in coordination with the FBI, NSA, Poland’s Military Counterintelligence Service (SKW), CERT Polska, and the UK’s National Cyber Security Centre (NCSC), issued a joint advisory warning that actors affiliated with Russia’s Foreign Intelligence Service (SVR) have been exploiting CVE-2023-42793 at scale. Since September 2023, these actors have targeted servers running JetBrains TeamCity software, highlighting ongoing supply-chain and remote-execution risks.
This joint advisory followed a UK warning earlier in the month that accused Russia’s Federal Security Service (FSB) of conducting a sustained cyber campaign targeting politicians and public figures. With major elections approaching in Western countries, cybersecurity experts expect an uptick in politically motivated cyber activity.
The NSA, Office of the Director of National Intelligence (ODNI), and CISA have published recommended practices to strengthen software supply chain security and improve open-source software management. These guidelines aim to reduce the likelihood that organizations become vulnerable to known exploits and to improve incident response when vulnerabilities are discovered.
“Organizations that do not follow consistent and secure-by-design management practices for the open-source software they use are more likely to be exposed to known vulnerabilities in open-source packages and face greater challenges when responding to incidents,” said Aeva Black, CISA Open Source Software Security Lead.
“CISA is pleased to have co-produced this guide with NSA, ODNI, and industry partners. It provides practical steps organizations of all sizes can use to improve the safety and security of their open-source software management practices.”
(Photo by Towfiqu barbhuiya on Unsplash)
See also: Ukrainians grapple with telecoms outages following cyberattack
Want to learn more about cybersecurity and cloud technologies from industry leaders? Consider attending Cyber Security & Cloud Expo, held in Amsterdam, California, and London. The event runs alongside IoT Tech Expo and Digital Transformation Week and covers current trends in security, cloud, and IoT.
Additionally, the Cloud Transformation Conference is a free virtual event for business and technology leaders to explore the evolving landscape of cloud adoption and transformation. Reserve a free virtual ticket to learn practical strategies and opportunities for moving to the cloud.
Discover other upcoming enterprise technology events and webinars powered by TechForge to stay informed about the latest industry developments.