Too many default ‘admin1234’ passwords increase risk for industrial systems, research finds

Researchers say a growing number of internet-connected devices linked to critical infrastructure organizations don't have basic protections.
Oil refinery
Getty Images

Easily guessed default passwords can be a malicious hackers’ easiest way to infiltrate a target. And all too often, according to research released Wednesday, operators of critical infrastructure companies aren’t updating off-the-shelf security credentials in internet devices connected to industrial systems.

“We’re seeing a lot of the ‘admin1234,’ meaning that [hackers are] still going to be using default credentials in hopes that no one is changing the credentials for IoT devices — which is pretty accurate,” said Roya Gordon, security research evangelist at Nozomi Networks, a cybersecurity firm that specializes in industrial security.

The lack of the most basic security precaution is especially alarming in critical infrastructure. These organizations operate chemical plants, pipelines, utilities, hospitals and other industries that support essential functions of daily life.

Critical infrastructure cybersecurity has become such a concern in the U.S. that the Biden administration has made it a top national security priority. The White House is expected to release an updated national cybersecurity strategy in the coming weeks and the administration is likely to call for mandatory cybersecurity rules for particularly vulnerable industries, according to The Washington Post.


While much of the critical infrastructure that is owned and operated by the private sector is not heavily regulated for cybersecurity, calls for tougher mandates have grown in recent years following digital assaults such as the Colonial Pipeline ransomware attack.

The administration has taken some additional measures recently, as well. Late last year, the Transportation Security Administration released cybersecurity requirements for the rail and transit sectors. The mandates are in addition to the security directives for the pipeline industry after Colonial Pipeline.

Gordon expects that internet-connect devices will grow quickly inside industrial companies especially with the rise of digitization such as critical manufacturing. “Integrating IoT in manufacturing environments, smart manufacturing, smart buildings: that just means more vulnerable devices,” she said.

The Nozomi report examined industrial control system threat landscape over the past six months and based its research on the types of attacks on the company’s honeypots. The company also noted that the growing threat facing critical infrastructure is a global problem given the last year’s spree of wiper malware attacks designed to erase hard drives.

Since the beginning of the Ukraine war, researchers have identified at least 10 new types of wiper malware targeting Ukrainian organizations. Researchers and officials attributed many of those attacks to Russia.


Additionally, Nozomi pointed to an attack last year by the Iranian hacktivist group Gonjeshke Darandethat, also known as Predatory Sparrow. The group appears to have launched a series of intrusions that used wiper malware against critical infrastructure.

Latest Podcasts