This week in hacking: The control system for a U.S. public utility was compromised. The Department of Homeland Security did not specify which utility was affected in the agency's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) report.
A DHS official told Reuters, "While unauthorized access was identified, ICS-CERT was able to work with the affected entity to put in place mitigation strategies and ensure the security of their control systems before there was any impact to operations."
Details of these cyber attacks are rarely revealed to the public, and even more rarely do they provide details into the matter. What we do know: this particular attack was on a utility that was previously hacked and the hackers used the employee access portal to get in. The actual hack was relatively simple: they determined the password through a tactic known as "brute forcing." In a brute force hack, the attackers auto generate a variety of password combinations and try them until something clicks.
Last year, the ICS-CERT dealt with 256 cyber attacks, the majority of which were in energy utilities. Luckily, these hacks don't usually cause any disruptions to the public utility itself, but there is always the fear that future attacks could do a lot more damage to the nation's infrastructure.