PART-2 / Exploring the Efficacy of Custom Reconnaissance on ICS/SCADA: OT Security&Pentest
In the previous article, we have already discussed on how risky open port and discoverable services in public internet at OT sector. In this second part, I will focus on manipulation of power supplier units to the servers, and open VNCs. They are also remotely controlled. Data centers has plenty redundancy power supply from power distributors. These Uninterruptible power supplies (UPS) from different vendors feed the giant batteries, can be used, for instance, for cooling and air conditioning in the facilities. These assets can be found to spot the vulnerabilities, data center infrastructure can be misused by threat actors, not directly taking down the system, getting access for the website and causing all sorts of disturbances like DDOS or BruteForce attack, then cause mayhem for the power to the server. Some of them are already open free access, not requiring the effort for an attack.
Let us check some VNC ports with basic queries on Shodan.io. (be careful while connecting the untrusted VNC Server). You will see that settings on app can be clickable and adjustable.
Let us continue with UPS… APC and Eaton, default credentials may not have been changed, that exist on user guide…
It should not be revealed the SCADAs, PLCs for Remote Access without authentication. Almost all controls, pumps, parameters, indicators can be manually interrupted. Such critical system should be target not only for APTs but also for abuse users. To mitigate the risk, it can be protected the commonly used port controlling the internet traffic with a simple firewall policy, setting robust security measures, patching and updating in accordance with latest release…
OR on website: PART-1 / Exploring the Efficacy of Custom Scripts on ICS/SCADA: OT Security&Pentest (bayramh.wixsite.com)
PART-2 on website: PART-2 / Exploring the Efficacy of Custom Reconnaissance on ICS/SCADA: OT Security&Pentest (bayramh.wixsite.com)
