CISA roasts unnamed critical national infrastructure body for shoddy security hygiene
CISA is using the findings from a recent probe of an unidentified critical infrastructure organization to warn about the dangers of getting cybersecurity seriously wrong.
The US cybersecurity agency, along with experts from the US Coast Guard (USCG), identified myriad weaknesses in the mystery organization's approach to security, including storing credentials in plaintext.
Threat hunters did not find any signs of foul play, nor any malicious activity on the network, but published an extensive report of its findings on Thursday, highlighting risks such as:
CISA's report did not explicitly state that the critical infrastructure organization in question operated in the marine industry. However, the fact that it collaborated with the USCG, and that many of its findings overlapped with those of Coast Guard Cyber Command's 2024 trends, suggests the subject of the report was of interest to both authorities.
This organization's most serious offense was sharing local admin accounts, which were protected by non-unique passwords that were stored in plaintext, according to CISA, which ranked the risks in order of severity.
