A researcher has discovered that some of the GarrettCom’s switches are open to hacker attack, as there is a hard-coded password in a default account on the devices that may allow for quick control by malicious parties.
Unfortunately, these switches are deployed in a number of critical infrastructure industries, leaving them in jeopardy.
The loophole was discovered by a researcher who warned ICS-CERT about it. As soon as DHS got to know about this, they released an updated version of the application that addresses the vulnerability. Besides, a comforting actor in the GarrettCom release is that an attacker would need to have access to an existing account on an affected switch in order to exploit the vulnerability to escalate his privileges.
“The Magnum MNS-6K Management Software uses an undocumented hard-coded password that could allow an attacker with access to an established device account to escalate privileges to the administrative or full-access level. While an attacker must use an established account on the device under attack, this vulnerability facilitates the circumvention of physical-connect safeguards and could allow complete administrative level access to the system, compromising system confidentiality, integrity, and availability. Successful exploitation of this vulnerability from an established account on the system could allow escalation of privileges to full administrative access. The privilege escalation could provide the attacker a vector for making changes to settings, or initiating a complete device shutdown causing a denial of service (DoS),” the ICS-CERT advisory says.
Prior to this, ICS-CERT released a report that informs a whopping increase in the number of infrastructure cyber attacks “cyber incidents” in the past few years. According to the report, among all incidents in 2011, around 41 percent were related to the Water Sector, and this was due to use of a large number of internet-facing control system devices. Rest is specific to government facilities, energy sector, nuclear, chemical, transportation, national monuments, IT, critical manufacturing, and communication segments.
Tools like Splunk come into play when there is a need for identification of real threats. Splunk uses Big Data systems to provide capability for deep real-time analysis, and delivers powerful languages that put the ability to query ongoing changing and data in the hands of technicians who may need those alerts to be prepared for both the expected and unexpected.