When default passwords on ‘unimportant’ devices turn the lights out and brick your supply chain.
So, the Polish power grid got a late Christmas present in December, and it wasn’t a new turbine. It was a massive outage courtesy of some very predictable shenanigans. If you read the incident report from CERT Polska, you will see a pattern that should make you sweat. The attackers didn’t burn zero-days on quantum encryption; they walked in through the digital equivalent of an unlocked back window. We are talking about default passwords on ‘nearby’ devices — stuff that wasn’t even the main target — used to pivot and destroy critical infrastructure. If your defence strategy relies on an ‘air gap’ and hope, you are next.
The Weakest Link is Usually the One You Forgot
If you spend a million dollars on a bank vault door but leave the doggy door unlatched, you don’t have a secure bank; you have a very expensive windbreak. The CERT Polska report regarding the late December 2025 incident paints a picture that is less Mission Impossible and more Home Alone. The bad actors didn’t rappel in through the ceiling by cracking the encryption on the primary PLCs or HMIs. They didn’t need to. Instead, they walked right through the digital doggy door: the ‘nearby’ devices.
These were the unloved orphans of the OT network — edge gateways, environmental sensors, and random IoT junk sitting on the SCADA network to facilitate remote telemetry. The attackers exploited the one vulnerability we can’t seem to patch out of existence: human laziness. These devices were running with default passwords. We are talking about admin/admin levels of negligence on hardware that had no business being accessible. Once the attackers compromised a low-value edge gateway, the myth of the ‘Air Gap’ evaporated. Because these networks are typically flat — designed for speed, not security — compromising one device meant they had a valid IP address inside the perimeter.
From there, it was a textbook case of lateral traversal. They used these compromised footholds to scan, map, and eventually pivot to the critical infrastructure. This highlights the fatal flaw in perimeter-based defence: it assumes everything inside the wall is friendly. It isn’t. As we have discussed in Russian Roulette: Gambling with Critical Infrastructure, simply scanning for exposed points allows attackers to bypass defences effortlessly if you rely on a porous firewall. An Identity-Aware Proxy would have stopped this dead by ensuring that even if a device is compromised, it cannot arbitrarily talk to the turbine controller without explicit, authenticated authorisation. Instead, the ‘trusted’ internal network became a superhighway for the attackers, leading them straight to the equipment they intended to destroy.
Bricked, Broken, and Out of Stock
It wasn’t just that they got in; it is what they left behind — or rather, what they destroyed. The attackers didn’t simply flip breakers and have a laugh. They went for the jugular: the firmware. In the Polish incident, the malware didn’t just reside on the device; it consumed it. They overwrote bootloaders, disabled signing verification, and corrupted the operating systems of these edge devices, effectively bricking them.
Now, here is the nightmare scenario that keeps OT managers awake at night. Those devices were End-of-Life (EOL). You cannot call the vendor for support because the team that built that box retired in 2022. You cannot re-image the device because the flash storage is physically corrupted. And you certainly cannot buy a new one, because the global inventory hit zero years ago.
“Just buy a newer model,” says the IT manager from the comfort of their air-conditioned office. If only it were that simple. In OT, we deal with the headache of the ‘Engineered Solution.’ That specific gateway is part of a certified, validated chain. You cannot just swap a legacy serial-to-ethernet converter for a modern one without re-certifying the entire system. You are looking at months of engineering, safety validation, and downtime while your plant sits dark.
This is the core warning of CISA BOD 26-02 regarding End-of-Support Edge Devices. The government finally admitted what we have known for years: relying on unsupported hardware isn’t a risk management decision; it is a suicide pact. When these devices go down, they don’t bounce back. They stay dead. If your perimeter defence relies on hardware that is effectively a fossil, a single firmware attack doesn’t just breach your network; it physically destroys your ability to recover. You aren’t just pwnd; you are out of business.
Stop Buying Time, Start Buying Identity
So, you are stuck with a critical control system that runs on hope and a prayer, and the vendor stopped returning your calls five years ago. You can’t patch it, and as we just established, if it gets hit, it is game over. The solution isn’t to rip and replace the entire plant — that is financial suicide. The solution is **Agilicus AnyX**. Think of it as a Kevlar vest for your fragile, aging infrastructure. We use an **Identity-Aware Proxy (IAP)** to wrap these legacy devices in a modern security layer — giving you **multi-factor authentication (MFA), Single Sign-On (SSO), and NERC CIP-style encryption** — without ever touching the device itself. The PLC thinks it is talking to a local cable; the internet sees an impenetrable wall.
You have to stop using VPNs. Seriously. As I have noted regarding Russian Roulette with VNC, relying on a VPN is just gambling with critical infrastructure. A VPN is effectively a very long Ethernet cable that invites the bad guys right into your living room. Once they breach that perimeter, they have lateral access to everything, including those vulnerable, out-of-support edge devices that serve as the entry point for the Polish grid attack. An IAP changes the rules. It creates a **Zero Trust** architecture where the network is irrelevant, and only identity matters.
Agilicus AnyX stops the attacker at the door. If a user cannot authenticate against your corporate Identity Provider (like Microsoft Entra), they cannot send a single packet to that fragile SCADA controller. This effectively extends the life of your hardware indefinitely. You prevent the “brick” scenario because the exploit payload never reaches the target. It is the only way to modernize your defence without rebuilding your entire supply chain from scratch.
Conclusions
The lesson from Poland is expensive and harsh: your network is only as secure as the oldest, dumbest device connected to it. When those out-of-support devices get bricked, you aren’t just looking at a restore from backup; you are looking at a total system re-engineering because the hardware doesn’t exist anymore. It is a supply chain nightmare of your own making. You can’t patch a device that the vendor forgot ten years ago, but you can hide it behind a shield that actually works. Stop relying on plywood perimeters. Use an identity-aware proxy, enforce multi-factor authentication, and stop letting the bad actors treat your SCADA network like an open buffet.