In the wake of the Oldsmar incident, in which an unidentified attacker gained access to a water treatment plant̵
The alert, called a private industry report, or FBI PIN, warns against the use of outdated Windows 7 systems, bad passwords and desktop sharing software TeamViewer, and urges private companies and federal and governmental organizations to review internal networks and access policies then.
TeamViewer assessed the entry point
The FBI PIN specifically calls TeamViewer as a desktop sharing software to take care of after the app was confirmed as the attacker’s entry point into the Oldsmar water treatment plant network.
According to a Reuters report, officials said that the intruder on two occasions last Friday connected to a computer on the Oldsmar water treatment plant network via TeamViewer.
In the second, the attacker actively took control of the operator’s mouse, moved it on the screen, and made changes to the levels of sodium hydroxide (lye) added to drinking water.
While the operator reversed the changes the hacker made almost immediately, the incident became an immediate point of contention and discussion among security professionals.
Among the most common points raised in electronic discussions was the use of the TeamViewer app to access resources on US critical infrastructure.
In a motherboard report released Tuesday, several well-known security experts criticized companies and workers who frequently use the software for teleworking, calling it unsafe and insufficient to handle sensitive resources.
While the FBI PIN alert does not take a critical tone or attitude towards TeamViewer, the FBI would like federal and private organizations to take note of the app.
“Beyond the legitimate use, TeamViewer allows cybercriminals to exercise remote control over computer systems and drop files on victim computers, making it functionally similar to Trojans for remote access,” the FBI said.
However, TeamViewer’s legitimate use makes deviant activity less suspicious for end users and system administrators compared to typical RATs.
The FBI alert does not specifically ask organizations to uninstall TeamViewer or other types of desktop sharing software, but warns that TeamViewer and other similar software can be misused if attackers gain access to employees’ account credentials or if remote access accounts (such as those used for Windows RDP access) is secured with weak passwords.
The FBI warns against using Windows 7 … again
In addition, the FBI alert also warns of continued use of Windows 7, an operating system that reached the end of its life last year, January 14, 2020, a question the FBI also warned U.S. companies about last year.
This part of the warning was included because Oldsmar water treatment plants still used Windows 7 systems on the network.
Although there is no evidence that the attackers abused Windows 7-specific errors, the FBI says that continuing to use the old operating system is dangerous as the operating system is not supported and does not receive security updates, which currently leaves many systems vulnerable to attack. via newly discovered vulnerabilities.
However, a Cyberscoop report published today highlights the fact that the Oldsmar facility, along with many other U.S. water treatment facilities, is often underfunded and understaffed.
While the FBI warns against using Windows 7 for good reason, many companies and U.S. federal and state agencies may not be able to do anything about it, and hinder a serious financial investment in modernizing top-level IT infrastructure, which is not expected when preferably. soon many places.
In these cases, the FBI recommends a number of basic security practices as an intermediate way to reduce threats, such as:
- Use multi-factor authentication;
- Use strong passwords to protect RDP (Remote Desktop Protocol) credentials;
- Ensureanti viruses, spam filters, and firewalls are up-to-date, properly configured, and secure;
- Revise network configurations and isolate non-updating computer systems;
- Check your network for systems that use RDP, close unused RDP ports, use two-factor authentication where possible, and log on to RDP login attempts;
- Audit logs for all dial-up protocols;
- Train users to identify and report attempts at social engineering;
- Identify and suspend access to users who show unusual activity;
- Keep the software up to date.