Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers

Discarded enterprise routers are often not wiped and contain secrets that could be highly useful to malicious hackers.

Discarded enterprise routers are often not wiped properly and store secrets that could be highly useful to malicious hackers, according to an analysis conducted by cybersecurity firm ESET.

The company acquired 18 secondhand enterprise routers made by Cisco, Fortinet and Juniper Networks and found that nine devices, including core routers, contained complete configuration data. Only five devices had been properly wiped.  

In the case of the nine routers, ESET was able to determine with high confidence — based on the data still present on the devices — who their previous owner was. The list included a multinational tech company and a telecoms firm, both with more than 10,000 employees and over $1 billion in revenue. 

The easily accessible and sensitive corporate information found on these routers also included IPsec or VPN credentials or hashed root passwords, customer information, data allowing third-party connections to the network, credentials for connecting to other networks, router-to-router authentication keys, and connection details for specific applications. 

ESET warned that much of the exposed information could be very useful to threat actors planning an attack against the device’s original owner.

The type of network information found on the routers is often only available to a limited number of individuals within an organization. The devices also stored information for accessing cloud applications, as well as firewall rules.

“With this level of detail, impersonating network or internal hosts would be far simpler for an attacker, especially since the devices often contain VPN credentials or other easily cracked authentication tokens,” ESET explained.

Another important piece of information exposed by the routers was related to the organization’s security. The security configuration of a device can allow a threat actor to infer the victim’s overall security level.

“We also noted, significantly, that multiple devices were acquired following decommissioning from managed IT providers who operate networks for much larger organizations, so often the affected organizations would have no idea that they may now be vulnerable to attacks due to data leaks by some third party,” ESET said.

Advertisement. Scroll to continue reading.

“This seemed like a massive security attack surface that was potentially wide open to a whole host of target organizations. Two such IT companies (an MSSP in one case) managed networks for hundreds of clients in a variety of sectors including education, finance, healthcare, manufacturing, and professional services, among others,” it added.

The cybersecurity firm attempted to contact the previous owners of the tested routers to warn them about the potential risk. Three organizations completely ignored ESET. 

Interestingly, one of the impacted organization’s representatives said they had contracted a specialized disposal service and they were ‘shocked’ to learn about the findings. 

ESET’s full report contains recommendations for securely disposing of routers, pointing out that in most cases it’s easy to wipe a device using functionality provided by the manufacturer. 

Related: US, UK: Russia Exploiting Old Vulnerability to Hack Cisco Routers

Related: InHand Industrial Router Vulnerabilities Expose Internal OT Networks to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Wendi Whitmore has taken the role of Chief Security Intelligence Officer at Palo Alto Networks.

Phil Venables, former CISO of Google Cloud, has joined Ballistic Ventures as a Venture Partner.

David Currie, former CISO of Nubank and Klarna, has been appointed CEO of Vaultree.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.