[ISN] Public utility compromised after brute-force attack, DHS says

http://news.techworld.com/security/3520791/public-utility-compromised-after-brute-force-attack-dhs-says/ By Jeremy Kirk Techworld.com 21 May 2014 A public utility in the U.S. was compromised after attackers took advantage of a weak password security system, according to a U.S. Department of Homeland Security team that studies cyberattacks against critical infrastructure. The utility’s control system was accessible via Internet-facing hosts and used a simple password system, wrote the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in a report on incidents covering the first quarter of this year. The utility, which was not identified, was vulnerable to a brute-force attack, where hackers try different combinations of passwords until the right one is found. An investigation showed the utility was attacked before. “It was determined that the systems were likely exposed to numerous security threats, and previous intrusion activity was also identified,” ICS-CERT wrote in the report. […]