Friday, July 19, 2024

Tech Device Manufacturers Urged by CISA to Remove Default Passwords

Recently, the Cybersecurity and Infrastructure Security Agency (CISA) has requested technology device manufacturers to take measures to eliminate default passwords due to the threats posed by IRGC actors.

This step has been taken to ensure the security of tech devices and prevent unauthorized access by malicious actors.

The use of default passwords makes it easier for hackers to gain access to devices and exploit them for nefarious purposes.

It’s important to be aware that malicious cyber actors often use default passwords (such as “1234”, “default,” or “password”) to gain initial access and move laterally within businesses. This is especially true for systems that are exposed to the internet.

It’s crucial to implement strong and unique passwords to protect your systems and sensitive data from unauthorized access.

It has been reported that the critical infrastructure of the United States was recently targeted by threat actors who were successful in their attempts to exploit it.

The attackers were able to gain access to the infrastructure by exploiting static default passwords, which were found to be malfunctioning.

This incident highlights the importance of maintaining strong security measures and regularly updating passwords to prevent unauthorized access to critical infrastructure systems.

Based on recent and continuing threat activity, CISA is issuing this alert to require all technology manufacturers to remove default passwords from all product designs, releases, and updates.

Evidence has been mounting for years, showing that it is insufficient to rely on thousands of consumers to change their passwords.

Instead, serious action by technology manufacturers is the only way to effectively address the serious threats that critical infrastructure organizations confront. 

Notably, It is unacceptable to utilize default passwords that are generally known in the present threat environment.

Additionally, the hackers targeting programmable logic controllers (PLCs) hardcoded with a four-digit password demonstrate the significant potential for real-world harm caused by manufacturers distributing products with static default passwords.

The default password was easily accessed by actors with IRGC (Iranian Government’s Islamic Revolutionary Guard Corp) ties, giving them access to vital services that are provided to communities all around the nation.

The recent security breach has highlighted some important lessons for the Cybersecurity and Infrastructure Security Agency (CISA).

Despite the attack, the agency is determined to learn from these compromises and implement more robust security measures to prevent future incidents.

 Take Ownership of Customer Security Outcomes

In this principle, attention is given to the key security areas that manufacturers should protect, such as public safety and health. It includes:

  • Provide instance-unique setup passwords with the product.
  • Establish time-limited setup passwords that require activation of more secure authentication methods, including phishing-resistant MFA, and disable themselves after the setup process.
  • The purpose of the initial setup and the specification of instance-unique credentials require physical access.

Build Organizational Structure and Leadership

Product and public safety concerns are fundamentally at the core of cybersecurity issues; thus, manufacturers should make sure that business units in charge of product and service design, development, and delivery understand this.

Manufacturers should ensure that design and development teams engineer products with built-in security and safety by default.


Latest articles

Hackers Claiming Dettol Data Breach: 453,646 users Impacted

A significant data breach has been reported by a threat actor known as 'Hana,'...

CrowdStrike Update Triggers Widespread Windows BSOD Crashes

A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users,...

Operation Spincaster Disrupts Approval Phishing Technique that Drains Victim’s Wallets

Chainalysis has launched Operation Spincaster, an initiative to disrupt approval phishing scams that have...

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles