why complacency is malware's best friend
If our grid is ever brought down by a cyberattack, the greatest contributing factor will be the carelessness and technical illiteracy of front line utility workers.
Recently, computers at two power plants were found to have been infected by three viruses that came from compromised USBs, all three easily detectable by up to date anti-virus software, and both infections were easily preventable if the plant operators followed the simplest cybersecurity procedures. If our infrastructure was ever to be the victim of a powerful cyberattack, the exploits' success wouldn't be so much a testament to the skills of the hackers as much as they would be indictments of the shoddy practices by those who simply don't understand how to secure critical systems and don't care to learn. Very few attacks we see out in the wild are truly brand new and very sophisticated like Stuxnet, Duqu, Flame, Gauss, and Red October. Most target unpatched, poorly secured systems with easily exploitable administrator accounts or out of date servers and database engines, attacks on which have been all but automated by simple PHP scripts. If you're wondering how Anonymous can topple site after site during an op, now you know.
For example, take the pillaging of Stratfor. How did Anons get into their system? By using easily crackable default passwords and reading databses that were never encrypted. What about the huge data leak from Sony in which hundreds of thousands of accounts were compromised? An unpatched server provided a back door. Periodic leaks of credit card numbers from point of sale systems you find at local bars and restaurants? Out of date operating systems exposing admin accounts to external systems as is a typical industry practice. The ability to get into AT&T users' account just by typing the right URL? Total absence of security checks on the company's sites, checks that should've been tested before the sites ever went live. I think you get the point. Keep up with the virus definitions, patches, updates, test your software, don't let external systems run as administrators on your network, and don't stick random USBs into mission critical computers. If you don't follow these elementary practices, you, quite frankly, are begging to be infected and hacked, and considering that we basically live on the web today, that's just reckless.
