Florida water plant compromise came hours after worker visited malicious site

[Galdorf]

https://arstechnica.com/gadgets/202...me-hours-after-worker-visited-malicious-site/

What type of mickey mouse security do they have going on there they used teamviewer and they all shared the same password??? my guess everything is on same network and wifi which is also shared with employees with phones and laptops that is just asking to get hacked when you skimp on security either you get hit with ransomware or get hacked.

 

[Sky-Knight]

SDLAN all the things...

 

[britechguy]

No matter what you do, where certain choices are actually vastly superior to others, you really can't fix stupid. And it appears that a very great many places that have suffered all sorts of attacks that were the direct result of "stupid" are unwilling to punish same as well. No one ever seems to be held to account for their own actions or inactions when the results of same are entirely predictable.

 

[Galdorf]

I had a customer they had used the same password for banking, email, game sites,facebook and they got hit and they wondered why.
When they told me i sat them down and gave them all the information they needed to secure all accounts NEVER re-use passwords period.

Cyber security should be mandatory starting in elementary schools on this really needs to be be done since now everyone uses computers.

 

[britechguy]

Cyber security should be mandatory starting in elementary schools on this really needs to be be done since now everyone uses computers.

Couldn't agree more. And just a few simple "human factors" steps would go a very long way toward eliminating the majority of the issues that keep recurring if those changes are followed. Not reusing a password, and not choosing insanely short passwords, being the first two things.

I notice, again and again, that the industry keeps trying to come up with all sorts of clever ways to secure things (which isn't bad in and of itself) that are primarily meant to get around what most do because they don't know any better (which is not so great). The push for insanely long, complete gobbledy-gook passwords was a crashing failure, and deservedly so.

You only secure things, and well, by working with the natural inclinations of the majority of users, and carefully shaping what one can about those natural tendencies to prevent the bad ones from establishing themselves as early practices that get kept for years to decades.

 

[Diggs]

What type of mickey mouse security do they have going on there they used teamviewer and they all shared the same password???

Really? This is a small town (14,000 people?). Network? Pffft! I support 4 local townships. Two of them just started file sharing in the last couple of years. IT in small towns is really far down on the priority list. I'm hoping recent events change that.

 

[britechguy]

I'm hoping recent events change that.

Though I share that sentiment, don't hold your breath. There is a lack of money, in-house/local expertise, and the political will to obtain either.

Security by obscurity (and I'd say perceived or hoped-for obscurity that does not exist at all if connected to cyberspace) still rules the day. You'd think that "recent events" that are now not all that recent, really, would have raised the priority on this long ago. But when you lack those things I mentioned it just doesn't happen.