Breaching Networks Using Data on Resold Corporate Routers

Corporate Routers

In an era when everything is supposedly connected digitally, can threat actors in the form of cybercriminals be far away? Remember, no digital device is useless for hackers, as they can pry it open to unearth data. Similar is the case with enterprise-level network equipment in the secondary market. Since they are likely to hide sensitive data, hackers can use them to obtain customer information or breach corporate environments. Researchers have found that most corporate-grade routers are not decommissioned properly and are sold online without the data being wiped completely. In fact, when researchers purchased 18 such used corporate core routers, to their surprise, they were able to access full configuration data on more than half of such devices. So, what is so special about core routers?

Core routers form the basic architecture of a large network and connect all other network devices. They not only support multiple data communication interfaces but are also designed to send IP packets at high speeds. In fact, researchers were able to identify the previous owners of the devices after accessing the network configuration data and information from them. The devices include Juniper Networks (SRX Series Services Gateway), Fortinet (Fortigate Series), and Cisco (ASA 5500), respectively. From most of the devices, researchers were able to access the full configuration data, which contained, among other things, details about the owner, connections between other systems, and how to set up the network.

Routers Allow Third-Party Connections to the Network

As a routine, any corporate administrator needs to run a few commands on the corporate network devices to wipe the configuration and reset them. Or else, routers could be booted into recovery mode, thereby allowing hackers to check how they were set up in the first place. According to researchers, some of the routers had customer information, which allowed third-party connections to the network to be established. Further, they had credentials, router-to-router authentication keys, and hashes to connect to other networks as a trusted party. The corporate secrets included complete maps of local or cloud-based applications. Such secrets are mainly reserved for people with high credentials, such as network administrators.

Shockingly enough, many of the routers had customer information, credentials that allowed connections to other networks, and data to establish third-party connections to the network. They even had maps of sensitive applications that were either hosted in the cloud or locally. The names include SharePoint, Microsoft Exchange, VMware Horizon, Salesforce, and SQL. According to Ravin Prasad, CEO of Cybernetic Global Intelligence, a global accredited cybersecurity company, the granularity of the applications, including the specific versions used, could be the information that cybercriminals are likely to exploit to deploy across any network topology and get access to unauthorized information. Mr. Prasad stated further that any hacker or adversary with access to such information can easily find an attack path to go deep inside any network undetected. Also, since the devices contain VPN credentials or authentication tokens that could be easily cracked, attackers can easily impersonate internal hosts or a network.

The findings should ring alarm bells among corporates handling corporate data and information. It highlighted the need to wipe out data from network devices before discarding them. Enterprises should have well-established procedures in place to ensure the secure destruction and disposal of such devices. And outsourcing the job of wiping out information to third parties is not always a good idea, as many examples were found of the job being done shoddily. Businesses are therefore advised to follow the recommendations of the device maker to wipe out the information and get the device back to its default state.

What Should Businesses Do to Secure Their IT Infrastructure from Potential Hackers?

Failure to implement or update cybersecurity measures by businesses can result in substantial costs to be incurred. Cybercriminals can target small and medium-sized enterprises, making it crucial for all industries to establish strict cybersecurity protocols and safeguard vital business assets, including data. However, to identify vulnerabilities in the current IT infrastructure, penetration testing is essential.

How Penetration Testing Can Help

Before exploiting a business’s IT infrastructure and accessing sensitive data, cybercriminals search for weaknesses in the system. To prevent cybercriminals from taking advantage of these vulnerabilities, penetration testing can play a vital role. It allows certified ethical hackers to intentionally penetrate the company’s IT infrastructure to identify weaknesses and fix them, thereby preventing cybercriminals from exploiting them. For instance, Cybernetic Global Intelligence provides penetration testing services that include information gathering, footprinting, vulnerability assessment, exploitation, and reporting, among others. This method provides an in-depth analysis of the IT infrastructure’s weaknesses and insights into potential solutions. This type of testing can apply to web applications, wireless networks, mobile applications, client-server applications, ERP systems, SCADA, social engineering, and more.

Penetration testing offers numerous benefits, including:

Anticipating emerging security risks and preventing unauthorized access to critical data and systems.
Identifying gaps in the organization’s current security practices.
Evaluating the effectiveness of firewalls, network security, routers, and web servers.
Ensuring the organization meets regulatory compliance requirements such as PCI DSS, ISO/IEC 27001-13, ACSC Essential Eight, SSAE 18, and others.

Conclusion

The findings about sensitive data and information stored in discarded devices like routers were an eye-opener. Business enterprises should not be casual in discarding devices but ensure the data inside such devices is cleaned by following the recommendations of the manufacturers. At the same time, it is extremely critical to secure the IT infrastructure from the ever-evolving cybersecurity threats. For further information on ways to protect your business from potential cybersecurity threats, contact 1300 292 376 or send an email to contact@cybernetic-gi.com.

Post a Comment