Saturday, December 7, 2024
Homecyber securityUsed Routers Fully Loaded With Corporate Secrets for Just $100

Used Routers Fully Loaded With Corporate Secrets for Just $100

Published on

SIEM as a Service

Researchers at ESET found that hardware on resale in the market consisted of highly confidential information such as IPsec or VPN credentials, hashed root passwords, and much more.

Second-Hand sales of computing equipment have been in place ever since the introduction of computers and their hardware parts.

Every company relies on its managed service providers or e-waste contractors for the decommissioning procedures.

- Advertisement - SIEM as a Service

Unfortunately, this equipment, like corporate routers or any other network managing devices, did not have great decommissioning and wiping procedures, which led to the disclosure of confidential information.

Researchers also mentioned that this highly classified corporate information equipment was resale for just $100 – $150.

Threat actors who plan to attack the infrastructure can get this information for just $100, which they can use for planning an attack.

Another overwhelming fact is that this equipment was sometimes owned by organizations that include cloud computing businesses or data centers, who must be aware of how to wipe this information during decommissioning of the equipment.

According to the report, the information that was revealed during the analysis included,

  • Customer data – 22%
  • Data of Third-party connections to the network – 33%
  • Credentials for connecting to other networks as a trusted party – 44
  • Connection details for specific applications – 89%
  • Router-to-router authentication keys – 89%
  • IPsec or VPN credentials, or hashed root passwords – 100%
  • Data to identify the former owner/operator – 100%

The report also mentioned that it was hard for the researchers to contact the companies whose data had been exposed in the analysis.

Most of this data exposure is due to human error, which could lead to a potential data breach.

Equally concerning was the difficulty the team experienced during the disclosure process when attempting to contact the companies concerned, to disclose that our researchers were in possession of a device with the company’s sensitive network configuration data.” reads the report published by ESET.

ESET used 18 routers for testing and analytic purposes. The list of routers used for analysis by ESET researchers is given below

ManufacturerDevice TypeNumber
Cisco SystemsASA 5500 series4
FortinetFortiGate series3
Juniper NetworksSRX Series Services Gateway11

In these routers, accessible were several network configuration data were extracted by the ESET research team. The data is given in proportion to the data extracted.

Network Configuration DataNumberPercentage
Complete Configuration Data available956.25
Wiped Properly531.25
Hardened212.5
Dead (no recoverable data1N/A
Second Device in Mirror pair1N/A

Source: ESET

Companies that were identified during the analysis and details of their type of business and revenue are listed below.

VerticalReachEmployeesRevenue (US$, M)
Light Manufacturing/supplierDirect data services, as well as managed MSP services for the region5-505-25
LegalNationwide (US) law firm50-1005-25
CreativeProducts/subassemblies integrated into larger companies’ products100-50025-100
Services multiple tiers one, household brand companiesMultinational Technology Company100-50025-100
MSPManages fintech companies100-50025-100
Open-source softwareHas over 100 million users, worldwide100-500500-1000
EventsOperates trade shows and equipment rentals1000-500025-100
Multinational Technology companyGlobal data company10000+1000+
TelecomsThis was CPE (Customer Premises Equipment) for a transportation company10000+1000+

Every organization needs to decommission any computing equipment and have a clean wiping procedure before making the computing equipment available to the resale market.

Network Security Checklist – Download Free E-Book

Also, Read

HiatusRAT Malware Attack Routers to Gain Remote Access & Download Files

Multiple Flaws in Cisco Small Business Routers Allow Remote Attackers to Execute Arbitrary Code

Russia Based Cyclops Blink Malware Targeting ASUS Routers Models

FritzFrog Botnet Targeting SSH server, Data Center Servers, and Routers

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication

Secret Blizzard, a Russian threat actor, has infiltrated 33 command-and-control (C2) servers belonging to...

Sophisticated Celestial Stealer Targets Browsers to Steal Login Credentials

Researchers discovered Celestial Stealer, a JavaScript-based MaaS infostealer targeting Windows systems that, evading detection...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication

Secret Blizzard, a Russian threat actor, has infiltrated 33 command-and-control (C2) servers belonging to...