Internet Accessible Device

From attackics
Jump to navigation Jump to search
Internet Accessible Device
Technique
ID T883
Tactic Initial Access
Data Sources Authentication logs

Description

Adversaries may gain access into industrial environments directly through systems exposed to the internet for remote access rather than through External Remote Services. Minimal protections provided by these devices such as password authentication may be targeted and compromised.1

In the case of the Bowman dam incident, adversaries leveraged access to the dam control network through a cellular modem. Access to the device was protected by password authentication, although the application was vulnerable to brute forcing. 231


Procedure Examples

  • Sandworm actors exploited vulnerabilities in GE's Cimplicity HMI and Advantech/Broadwin WebAccess HMI software which had been directly exposed to the internet.45