FBI Warns Vital Infrastructure: Change Default Passwords Immediately

By Netvora Tech News

---

The FBI, the US Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Energy have issued a warning to vital organizations in the US, urging them to change default passwords immediately and limit public access to their systems. The warning comes after recent cyber incidents have affected operational technology (OT) and industrial control systems (ICS) of vital organizations. The exact organizations affected are not publicly known. In an advisory document, the government agencies make several recommendations to mitigate cyber threats to operational technology. Firstly, they advise that OT and ICS systems be disconnected from the public internet. "Attackers use simple, repeatable, and scalable tools that are available to anyone with an internet browser," the advisory states. "Entities in the vital infrastructure should identify and remove unintended exposure of their publicly accessible systems." Secondly, the agencies recommend that organizations change default passwords. Research into the cyber incidents has shown that attacked systems used default or easily guessable passwords. Furthermore, vital organizations should secure remote access to systems using a VPN and phishing-resistant multi-factor authentication. Another recommendation is to segment IT and OT networks. Finally, vital organizations are advised to practice and maintain the ability to manually operate systems in case of a failure. The advisory highlights the importance of securing vital infrastructure from cyber threats, particularly in the wake of recent incidents that have compromised the security of OT and ICS systems.