Cyberattack Tactics Included Guessing Passwords

Perpetrators of the attack used common hacker techniques to get passwords


If facility managers stress only one New Year’s resolution for building occupants and staff in 2020, it should be to use stronger passwords. The recent SolarWinds cyberattack, which included the California Department of State Hospitals among its victims, is a sobering reminder that this simple step is crucial for IT security.

An alert from the Cybersecurity and Infrastructure Security Agency (CISA) says perpetrators of the widespread, intelligence-gathering campaign used common hacker techniques to get through passwords in addition to more sophisticated methods, according to NextGov. Initial access in some cases was obtained by password guessing, password spraying, and inappropriately secured administrative credentials accessible via external remote access services.

For example, one way hackers were able to gain unauthorized access to government systems was via the IT management company SolarWinds. They injected malware into an update the company distributed to thousands of its customers which then established a command and control pathway to an external server.

The targeting of passwords directly was one of these other initial access vectors, CISA said. SolarWinds itself reportedly used a password for its update server that anyone could guess. CISA referred organizations to the National Security Agency’s cybersecurity advisory on detecting abuse of authentication systems. That agency has also recommended using strong passwords to defend against suspected Russian hackers using such tactics. 

Click here to read the article.



January 12, 2021


Topic Area: Information Technology


Recent Posts

Site Selection Mistakes: What Not To Do

Healthcare providers that treat site selection as a strategic decision, not a simple real estate deal, will be positioned for long-term success.


High-Performance EFCO Systems Shape MUSC's New Black River Medical Center

Case study: A sweeping curved-glass entrance, impact-resistant envelope and energy-efficient fenestration support a sustainable, resilient design for one of South Carolina’s newest rural hospitals.


Heritage Valley Health System to Officially Affiliate with Alleghany Health Network

With the affiliation now complete, Heritage Valley Beaver and Heritage Valley Sewickley will be rebranded.


The Impact of Acoustics on Patient Privacy

As healthcare facilities evolve toward more open and flexible care environments, acoustic privacy has become essential.


Texas Behavioral Health Center in Dallas Opens with Ribon-Cutting Ceremony

The 456,265-square-foot facility offers a variety of therapeutic, recreational and social spaces that prepare patients for life outside the hospital.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.