Watch out for those used routers, because they reveal company secrets

It would be good erase all data before giving away or reselling PCs, servers and network equipment, to prevent them from falling into the wrong hands.

It applies to individuals and, even more so, to companies and institutions.

Not everyone does, though. As the researchers of the security company Eset by buying second-hand routersmore than half of these used equipment contained company customer information, VPN login credentials and other services, or device authentication keys and data to connect to specific previous owner’s applications.

The results of this survey will be presented at the next RSA conference, an international meeting on security to be held in San Francisco (April 24-27, 2023).

However, Cameron Camp and Tony Ascombe briefly explain on Eset’s blog how and why they conducted such research. Initially, a few used routers were purchased to create a test environment. Only then did they realize that from the equipment it was possible to recover important data of those who had previously used them since they had not been eliminated.

It is at this point that a more in-depth test was carried out by acquiring a total of 16 second-hand routers of various models from different manufacturers (Cisco, Fortinet and Juniper Networks).

The verification confirmed what was found in the first instance: on more than half of the devices (56%) it was possible to access data which, if in the possession of the malicious, would be sufficient to launch a cyber attack.

Crime as-a-service: cybercrime is a real economy in the digital world

March 20, 2023

Therefore, the serious carelessness in managing the passage of hands of these devices by corporate users can lead to very high risks of becoming a target of cybercrime. Whose threats, in recent years, underline the Eset researchers, are increasingly oriented towards an Advanced Persistent Threat approach, i.e. organized by groups with high technical skills and aimed at maintaining access to systems over a longer period of time to succeed to maximize their criminal activity. Which often leads to sophisticated data extraction and data theft strategies, bypassing corporate security measures, up to the goal of bringing a company to its knees, via, for example, a ransomware attack.

However, already obtaining corporate credentials for accessing a company’s network has a value that can be monetized on the dark web at an average price of around $2,800, according to estimates by Kela, an Israeli company specializing in monitoring and protecting against cybercrime.

Cybersecurity

New hacker attack in Italy, the website of the Ministry of Transport has been taken offline

by Archangel Rociola

March 22, 2023

In other words, a used router, purchased for a few hundred dollars, could mean a significant economic return without much effort from cybercriminals.

Faced with evidence of the dangers, Eset’s researchers were also struck by the reaction of many managers of owning companies who have been made aware of the findings.

Several companies have taken the matter seriously, aware of the implications of IT violations but, otherwise, the answers were evasive, non-existent or purely formaldemonstrating an attitude not up to the risks they were facing.

An underestimation of the problem that prompted the authors to publish a White Paper on the matter, without however revealing the names of the companies involved. The document contains useful information on the process to be followed for the secure elimination of data (data sanitization), also with reference to the Guidelines by the National Institute of Standards and Technology USA. That as for routers they recommend reset and reset to factory settings, or, in extreme cases, physical destruction.

“There are well-defined procedures for the correct disposal of a piece of hardware – underlines Tony Anscombe, Chief Security Evangelist of ESET. Our research shows that many companies do not strictly follow these rules when the devices are sold in the second-hand market”.