Corporate networks at risk: used routers on the secondary market expose sensitive data
Enterprise-level network equipment on the secondary market hide sensitive data that hackers could use to breach corporate environments
Enterprise-level network equipment on the secondary market hide sensitive data that hackers could use to breach corporate environments or to obtain customer information, according to a report from cybersecurity company ESET. The report found that most of the used corporate-grade routers that they purchased had been improperly wiped during the decommissioning process and then sold online. This means that the full configuration data could still be accessed on more than half of the routers that worked properly.
Core routers are the backbone of a large network as they connect all other network devices. They support multiple data communication interfaces and are designed to forward IP packets at the highest speeds. Researchers at ESET purchased 18 used core routers from online marketplaces and found that many of them contained sensitive data that should have been wiped before they were sold.
The ESET research team initially bought a few used routers to set up a test environment and found they had not been properly wiped and contained network configuration data as well as information that helped identify the previous owners. The purchased equipment included four devices from Cisco (ASA 5500), three from Fortinet (Fortigate series), and 11 from Juniper Networks (SRX Series Services Gateway).
In the report, Cameron Camp and Tony Anscombe explain that one device was dead on arrival and eliminated from the tests, and two of them were a mirror of each other and counted as one in the evaluation results. Of the remaining 16 devices, only five were properly wiped and just two had been hardened, making some of the data more difficult to access.
See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses
Used corporate-grade routers sold online pose security risk, allowing access to sensitive data
For most of the routers, however, it was possible to access the complete configuration data, which is a trove of details about the owner, how they set up the network, and the connections between other systems. With corporate network devices, the administrator needs to run a few commands to securely wipe the configuration and reset it. Without this, the routers can be booted into a recovery mode that allows checking how it was set up.
The researchers found that some of the routers retained customer information, data that allowed third-party connections to the network, and even “credentials for connecting to other networks as a trusted party.” Additionally, eight of the nine routers that exposed the full configuration data also contained router-to-router authentication keys and hashes.
The list of corporate secrets extended to complete maps of sensitive applications hosted locally or in the cloud. Some examples include Microsoft Exchange, Salesforce, SharePoint, Spiceworks, VMware Horizon, and SQL. “Due to the granularity of the applications and the specific versions used in some cases, known exploits could be deployed across the network topology that an attacker would already have mapped” – ESET.
Such extensive insider details are typically reserved for “highly credentialed personnel” such as network administrators and their managers, the researchers explain. An adversary with access to this type of information could easily come up with a plan for an attack path that would take them deep inside the network undetected.
“With this level of detail, impersonating network or internal hosts would be far simpler for an attacker, especially since the devices often contain VPN credentials or other easily cracked authentication tokens” – ESET.
Trending: Major Cyber Attacks of 2022
Trending: Offensive Security Tool: dontgo403
Router Data Exposes Security Risks in Managed IT Provider Environments
Based on the details uncovered in the routers, several of them had been in environments of managed IT providers, who operate the networks of large companies. One device even belonged to a managed security services provider (MSSP) that handled networks for hundreds of clients in various sectors (e.g. education, finance, healthcare, manufacturing).
Following their findings, the researchers highlight the importance of properly wiping network devices before getting rid of them. Companies should have procedures in place for the secure destruction and disposal of their digital equipment. The researchers also warn that using a third-party service for this activity may not always be a good idea.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com