Internet Accessible Device

From attackics
(Redirected from Internet Accessible Device)
Jump to navigation Jump to search
Internet Accessible Device
Technique
ID T0883
Tactic Initial Access
Data Sources Authentication logs

Description

Adversaries may gain access into industrial environments directly through systems exposed to the internet for remote access rather than through External Remote Services. Minimal protections provided by these devices such as password authentication may be targeted and compromised.1

In the case of the Bowman dam incident, adversaries leveraged access to the dam control network through a cellular modem. Access to the device was protected by password authentication, although the application was vulnerable to brute forcing. 231


Procedure Examples

  • Sandworm actors exploited vulnerabilities in GE's Cimplicity HMI and Advantech/Broadwin WebAccess HMI software which had been directly exposed to the internet.45

Mitigations

  • Network Segmentation - Deny direct remote access to internal systems through the use of network proxies, gateways, and firewalls. Steps should be taken to periodically inventory internet accessible devices to determine if it differs from the expected.