Authentication is one of the pillars of cybersecurity. Nevertheless, weaknesses in its mechanism, or in the process around authentication, are still a common root cause for organizations of all sizes falling prey to online attacks. In 2021 alone, countless organizations were compromised, with further investigations showing the attackers leveraged poorly managed authentication mechanisms.
Given the fundamental importance of getting your authentication right, Mariner cybersecurity consultant Dr. Daniel de Castro has authored a white paper on the topic. Our goal is to help you and your organization to keep your data and people safe. Developing or strengthening an authentication system is an essential step towards a more secure cyberspace and your security is very important to us, because, at Mariner, it is personal with us.
Real-world impact of weak cybersecurity authentication practices
In February 2021, in the small town of Oldsmar, Florida, an employee at their local water treatment station suddenly noted the mouse cursor moving on the screen by itself. According to reports, initially, the operator thought it was another employee connecting remotely, which had become common during the pandemic. However, the mystery user changed the concentration of sodium hydroxide from 100 to 11000 parts per million. Sodium hydroxide, also known as lye or caustic soda, in small amounts helps to control the pH level of the water. In higher quantities, it becomes harmful, or even lethal, to people who consume the water. When the changes were noticed, the local operator swiftly disconnected the remote attacker and restored the configuration to the proper settings.
Later, in May of the same year, the Colonial Pipeline Company halted its operations due to a Ransomware attack that compromised its IT networks, which resulted in fuel shortages across multiple states, affected local airports and delayed flights, and caused fuel price to rise to its highest in several years. Colonial Pipeline paid a ransom of approximately $4.4 million USD.
What these two cases have in common is investigations suggest both incidents were linked to issues around authentication, more precisely, around password management.
In the case of the treatment plan, reports indicated weak and shared passwords may be one of the factors that led to the incident. There were also reports of employee credentials found on the dark web. Similarly, there is a belief the passwords found on the dark web were leveraged by attackers to use Colonial Pipeline’s VPN and initiate the attack.
These cases were well covered by the media for other reasons – risk to human life and financial impact, respectively – but they are certainly not the only cases of attacks abusing weak authentication mechanisms and processes.
During vulnerability assessments and penetration testing engagements, our security consultants have often uncovered similar issues, varying from applications that accept weak passwords, to applications vulnerable to brute force, to more mature systems lacking additional mechanisms or processes for extra protection which will also be discussed in this paper.
Authentication mechanisms are your front line of defense
Authentication mechanisms are the equivalent of having a lock on your home or business – If you have no lock or a very cheap one, chances are your building could be easily trespassed, and your goods stolen or damaged. But having a great lock is also useless if you don’t have proper processes around its use. For example, you need to remember to lock the door before you leave, and you should not leave your keys where they can be easily found.
The white paper reviews good practices and common recommendations around authentication. First, we will review the current scenario. Then we will examine recommendations around password management. Finally, we will discuss other means for authentication which can improve your security posture even more.
Mariner Security Solutions Team