Iranian Password Spraying Attacks on U.S. Utilities Highlight Need for Multi-Factor Authentication

By January 27, 2020 No Comments

Iranian Password Spraying AttacksThe U.S. military strike in Baghdad earlier this month resulted in increased tensions between the Iranian and American governments, including a heightened risk for cyberattacks on U.S. critical infrastructure. The American Cybersecurity and Infrastructure Security Agency issued a statement to warn organizations about the risk for these attacks, urging personnel to align on best practices for detection and reporting.

In the days that followed, a new report was released, suggesting that Iranian state-sponsored hackers have been ‘password-spraying’ US electric utilities and oil and gas organizations in a series of targeted attacks.

Password spraying is one example of a ‘brute force’ attack, using repeated guesses of common password sets across various machines and applications in an attempt to gain unauthorized access to hundreds or even thousands of different accounts. And while this report highlighted recent attempts, password spraying is not a new method for hackers. In 2019, the Australian Cyber Security Centre issued an advisory for organizations to detect and mitigate these types of attacks against external services like email, remote desktop access, and cloud-based services. Microsoft released an Attack Simulator in December 2019 to help educate and mitigate an ongoing series of password spraying attacks across its Office 365 software. 

As such attacks our utilities operations continue to increase, we must acknowledge that single passwords are not enough to protect these systems. We need multi-factor authentication to ensure account identities and protect these critical assets, along with our national infrastructure.

Xage has developed a unified multi-factor authentication (MFA) for currently deployed assets and applications across the industrial control systems (ICS) used in utilities and oil and gas operations, as well as the new, IoT, and legacy assets that comprise them.

Xage’s Security Fabric was built to enable utilities to innovate and evolve their cyber security practices. Xage’s MFA offering allows fine-tuned identity-based access control to any device while enabling utilities to standardize multi-factor authentication methods and extend them across their deployed assets, applications, workstations, control devices, and more. Xage also enables flexibility in choosing and switching between MFA methods, such as pins, keys, smartcards, and authentication apps. 

A best practice multi-factor authentication scheme should include a combination of two or three of the following factors:

  • Something you know: username/password, pin
  • Something you have: phone, authentication app, SmartCard, RSA ID
  • Something you are: fingerprint, retina scan

As NERC-CIP 005-6 Part 2.3 requires MFA BES Cyber Systems without the need to replace existing assets, Xage enables regulatory compliance. In addition to incorporating multi-factor authentication, Xage’s Fabric also provides a tamperproof audit trail for all machine-to-machine and user-to-machine interactions.

Stop by booth 845 at DISTRIBUTECH International (January 28th – 30th in San Antonio, TX to learn more about how we serve utilities organizations and their operational needs. Learn more about Xage’s identity and authentication offerings here

White Paper

the whitepaper

The current model of enterprise security is incapable of protecting Industry 4.0 with its intermittently connected, heterogeneous devices and applications, distributed across organizations and geographies. Today’s centralized IT security paradigm needs to be replaced by cybersecurity that is distributed, flexible and adaptive.