Related Stories

Top 5 Stories


ICS-CERT warns critical infrastructure companies about brute force attacks

07 February 2012

The US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is warning critical infrastructure companies about brute force attacks against industrial control systems with secure shell (SSH) command-line access.

Many organizations are seeing a large number of access attempts by remote attackers using SSH scans of internet-facing control systems, ICS-CERT said in a recent security advisory.

To find running SSH services on networks, attackers probe a large number of IPs on Port 22/TCP – the default SSH listening port. If a response from the probe of Port 22/TCP is received, the attacker may initiate a brute force attack, the advisory warned.

The team said that it received a report last week from an electric utility that had experienced an unsuccessful brute force attack against its networks.

ICS-CERT explained that a brute force attack attempts to obtain a user’s logon credentials by guessing usernames and passwords. “Attackers can use brute force applications, such as password guessing tools and scripts, to automate username and password guessing. Such applications may use default password databases, dictionaries, or rainbow tables that contain commonly used passwords, or they may try all combinations of a character set to guess a password”, it said.

ICS-CERT recommended that organizations monitor network logs for port scans as well as access attempts. “Hundreds or thousands of login attempts over a relatively short time period is an indicator of a brute force attack because systems running SSH normally do not receive high volumes of login attempts”, it explained.

This article is featured in:
Application Security  •  Internet and Network Security  •  Public Sector


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×