News
Expert comment: Microsoft announce energy grid hack
November 2022 by Sharon Nachshony, Security Researcher at Silverfort
Considering the news that Microsoft announced attackers hacking energy
grids by exploiting decades-old software, the comment from Sharon
Nachshony, Security Researcher at Silverfort.
"The Microsoft research highlights a long-standing supply-chain risk to
IoT and OT environment from legacy technology. While heard to manage,
given the abundance of such technology in critical industries, a
rigorous patching regime is essential.
Age-old vulnerabilities such as this provide a jumping off point for
attackers looking to move laterally to more sensitive areas by abusing
the identity attack surface. With access to critical areas inside OT
environments - their activities can quickly become significantly more
impactful.
To stop lateral movement, MFA should be applied to resources such as
Command Line interfaces, WMI, Shared Folders and Service Accounts to
close down commonly used attack paths."
