Sometimes I just stare at a point in space while I try to wrap my head around something like this.
From Techworld:
Siemens confirmed Tuesday that one of its customers has been hit by a new worm designed to steal secrets from industrial control systems.
To date, the company has been notified of one attack, on a German manufacturer that Siemens declined to identify. “We were informed by one of our system integrators, who developed a project for a customer in process industries,” said Siemens Industry spokesman Wieland Simon in an email message. The company is trying to determine whether the attack caused damage, he said.
So how, might you ask, does the worm get access to the Siemens SCADA systems?
With a DEFAULT PASSWORD
To quote Denis Leary, “Make sure to get your whole head in front of the shotgun. Thanks for calling!”
(Image used under CC from hans.gerwitz)
Even better was the guidance from Siemens to not change the default password…