ESET Analysis
When decommissioning their outdated {hardware}, many firms ‘throw the infant out with the bathwater’
18 Apr 2023
•
,
3 min. learn
Taking a defunct router out of an gear rack and sliding in a shiny new substitute might be an on a regular basis prevalence in lots of enterprise networking environments. Nevertheless, the destiny of the router being discarded needs to be as necessary, if no more so, as the sleek transition and implementation of the brand new equipment within the rack. Sadly, this seems typically to not be the case.
When the ESET analysis workforce bought just a few used routers to arrange a check atmosphere, there was shock amongst workforce members once they discovered that, in lots of circumstances, beforehand used configurations had not been wiped…and worse, the info on the gadgets could possibly be used to determine the prior house owners together with the main points of their community configurations.
This led us to conduct a extra intensive check, buying extra used gadgets and adopting a easy methodology to see if knowledge nonetheless existed on the gadgets. A complete of 18 routers have been acquired, one was useless on arrival, two have been a mirrored pair so we counted them as a single unit; after these changes, we found configuration particulars and knowledge on over 56% of the gadgets.
Within the flawed arms, the info gleaned from the gadgets – together with buyer knowledge, router-to-router authentication keys, software lists, and rather more – is sufficient to launch a cyberattack. A foul actor may have gained the preliminary entry required to begin researching the place the corporate’s digital property are positioned and what may be beneficial. We’re all possible conscious what comes subsequent on this situation.
The change lately to the strategies utilized by unhealthy actors to conduct cyberattacks on companies for the needs of monetization is effectively documented. Switching to a extra superior persistent menace model of assault has seen cybercriminals establishing an entry level and a foothold into networks. They then spend time and sources conducting subtle extraction of knowledge, exploring strategies to avoid safety measures, after which in the end bringing a enterprise to its knees by inflicting a harmful ransomware assault or different cyber-nastiness.
The preliminary unauthorized incursion into an organization community has a price: the present common worth for entry credentials to company networks, in line with research by KELA Cybercrime Prevention, is round $2,800. Because of this a used router bought for just a few hundred {dollars}, which with out an excessive amount of effort supplies community entry, may present a cybercriminal with a big return on funding. That’s assuming they simply strip the entry knowledge and promote it on a darkish net market, versus launching a cyberattack themselves.
A regarding aspect of this analysis was the dearth of engagement from firms once we tried to alert them to the difficulty(s) of their knowledge being accessible within the public area. Some have been receptive to the contact, just a few confirmed the gadgets had been handed to firms for safe destruction or wiping – a course of that had clearly not taken place – and others simply ignored the repeated contact makes an attempt.
The teachings that needs to be taken from this analysis are that any machine leaving your organization must have been cleansed, and that the method of cleaning must be licensed and usually audited to make sure your organization’s crown jewels usually are not being overtly bought in public secondhand {hardware} markets.
We’ve got printed the main points – effectively, all however the firms’ names and knowledge that may make them identifiable – in a white paper. The white paper additionally accommodates some steerage on the method that needs to be adopted, together with references to NIST particular publication 800.88r1, Guidelines for Media Sanitization. We strongly suggest studying the main points and utilizing our findings as a nudge to verify the method in your personal group, to make sure no knowledge is unintentionally disclosed.
If you wish to hearken to an audio model of this matter, discover out what occurred to the dead-on-arrival router, or how comparable {hardware} will be abused if present in a conflict zone, tune in to the most recent episode of the ESET Analysis podcast, the place Cameron Camp discusses his experiments with ESET Distinguished Researcher Aryeh Goretsky. In the event you take pleasure in listening to cybersecurity matters, subscribe to our ESET Analysis podcast on Spotify, Google Podcasts, Apple Podcasts, or PodBean.
