Tenable experts warn of credential hijacking: Warning of attacks on industrial control systems with modern malware. In response to an alert issued by CISA, Tenable is issuing a comment.
“The Joint Advisory issued by the US government on advanced tools used to attack industrial control systems and OT environments is worrying. If attackers are successful, the consequences of such an intrusion can be far-reaching and potentially devastating. When the attacker uses advanced tools to disrupt their system, organizations must have the people, processes, and technology in place to secure their environments and detect any malicious activity (the CISA has a corresponding warning published).
Cybersecurity and Infrastructure Security Agency (CISA) warns
The actors are apparently capable of directly interacting with and manipulating the OT devices mentioned in the alert. Therefore, it is imperative that asset owners and operators continuously monitor these devices for dangerous communications and be alert for real-time configuration or logic changes within the devices. The alert states that the attackers could elevate their privileges, move sideways in an OT environment, and disrupt critical devices or functions. Facility owners and operators should have systems in place to monitor credential abuse and detect accounts that do not comply with the principle of least privilege.”
More at Tenable.com
About Tenable Tenable is a Cyber Exposure company. Over 24.000 companies worldwide trust Tenable to understand and reduce cyber risk. Nessus inventors have combined their vulnerability expertise in Tenable.io, delivering the industry's first platform that provides real-time visibility into and secures any asset on any computing platform. Tenable's customer base includes 53 percent of the Fortune 500, 29 percent of the Global 2000, and large government agencies.