The incident which took place in the city of oldsmar has drawn the FBI to reach out for new security measures. An unidentified hacker has accessed the computer systems for the water treatment facility in the city of Oldsmar, Florida, and has modified chemical levels to dangerous parameters.
The alert, called a Private Industry Notification( FBI PIN), warns about the use of out-of-date Windows 7 systems, poor passwords, and desktop sharing software TeamViewer. Urging private companies and federal and government organizations to review internal networks and access policies accordingly.
Warning about Team Viewer
Under the FBI investigation, it stated that TeamViewer allows cyber actors to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs).
TeamViewer’s legitimate use, however, makes the anomalous activity less suspicious to end-users and system administrators compared to typical RATs. The FBI is not stating that the use of such remote access tools is insecure rather they are stating that if not taken carefully this could cause huge losses.
Warning about Windows 7
FBI also warns about the use of Windows 7, an operating system that has reached end-of-life last year, on January 14, 2020. FBI has reached with a warning because the water plant was using Windows 7. This is just one water plant but the truth to be said many companies have been using Windows 7 without upgrading to windows 10. This makes them more vulnerable to hackers.
Continuing to use the old operating system is dangerous as the OS is unsupported and does not receive security updates, which currently leaves many systems exposed to attacks via newly discovered vulnerabilities.
What is the basic security practises that we can adapt?
- Use multi-factor authentication.
- Use strong passwords to protect Remote Desktop Protocol (RDP) credentials.
- Ensureanti-virus, spam filters, and firewalls are up to date, properly configured, and secure.
- Network configurations and isolate computer systems that cannot be updated;
- Audit your network for systems using RDP, closing unused RDP ports.
- Apply two-factor authentication wherever possible, and logging RDP login attempts.
- Review logs for all remote connection protocols.
- Train users to identify and report attempts at social engineering.
- Identify and suspend access of users exhibiting unusual activity.
- Keep software updated.