Cyberattack Tactics Included Guessing Passwords

January 12, 2021

If facility managers stress only one New Year’s resolution for building occupants and staff in 2020, it should be to use stronger passwords. The recent SolarWinds cyberattack, which included the California Department of State Hospitals among its victims, is a sobering reminder that this simple step is crucial for IT security.

An alert from the Cybersecurity and Infrastructure Security Agency (CISA) says perpetrators of the widespread, intelligence-gathering campaign used common hacker techniques to get through passwords in addition to more sophisticated methods, according to NextGov. Initial access in some cases was obtained by password guessing, password spraying, and inappropriately secured administrative credentials accessible via external remote access services.

For example, one way hackers were able to gain unauthorized access to government systems was via the IT management company SolarWinds. They injected malware into an update the company distributed to thousands of its customers which then established a command and control pathway to an external server.

The targeting of passwords directly was one of these other initial access vectors, CISA said. SolarWinds itself reportedly used a password for its update server that anyone could guess. CISA referred organizations to the National Security Agency’s cybersecurity advisory on detecting abuse of authentication systems. That agency has also recommended using strong passwords to defend against suspected Russian hackers using such tactics. 

Click here to read the article.

See the latest posts on our homepage


Share

Topic Area: Information Technology


Recent Posts
Recent Posts

OSHA-Approved State Standards Help Curtail COVID-19 Cases


In lieu of federal OSHA standards, 28 states have implemented their own emergency standards

1/20/2021

Visitor Management Takes Center Stage in COVID-19 Era


More than ever, facilities need control over patients, families, visitors, and outside contractors

1/20/2021

COVID-19: Challenges Continue for Environmental Services, Maintenance


Praise for healthcare workers is well deserved, but it left out nursing aides, housekeepers, medical assistants and food service workers

1/20/2021

Strategies and Resources for Technician Training


Providing training also is a proven strategy for engaging and motivating technical staff

1/20/2021

Fast Track: China Builds Hospital in Five Days


A 3,000-room hospital is under construction in Shijiazhuang

1/20/2021





Post Comment




FREE
NEWSLETTER

News & Updates • Webcast Alerts • Building Technologies

All fields are required.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.