Use Case: State Actors Targeting Critical InfrastructureEditors note: This is the first of three use case blogs that describe how a BeyondTrust-orchestrated cyber defense can prevent or minimize an attack. To illustrate, we’ll use specific use cases available in the Verizon Data Breach Digest (full report).
From The Data Breach Summary:After an unexplained pattern of valve and duct movements affected both the chemical levels and flow of a regional drinking water supply, Verizon’s RISK team was called in by (who they refer to as) Kemuri Water Company (KWC), to investigate suspicious cyber activity. The initial investigation revealed several concerns; among them, that some of KWC’s internet facing applications contained high-risk vulnerabilities, as well as that several critical IT and operational technology (OT) functions were all run on the same AS/400 server. This single point of failure had direct connections to various networks, ran the water control application, and housed customer PII and billing information. Upon further review, it was determined that threat actors exploited vulnerabilities within KWC’s online customer payment application to steal 2.5 million unique customer records. Worse yet, since the payment application had a direct connection to the AS/400 server, and clear text credentials for that server were discovered on the payment application web server, threat actors now had access to the valve and flow control application.
How An Orchestrated Cyber Defense Can Minimize Risks Like ThisTo help prevent or minimize risks associated with similar attacks, BeyondTrust recommends an integrated security approach that includes BeyondTrust and 3rd party solutions. Technologies Integrated:
- Vulnerability Management
- Exploit Mapping
- Next Generation Firewall
- Password Management