What We Can Learn from the NASA Data Breach
Over the weekend, a colleague sent me a link to the recent NASA data breach (the one where they hijacked a drone). The drone hijack is really the highlight of the article, but two things really resonated with me as well:
- Allegedly, attackers gained privileged access by brute-forcing a root password in less than a second because it was still the default for the system. I’m sorry, I’ll take a strong stand here - there is absolutely no reason to have a default privileged password on any system connected to your network. Even if it’s a piece of test equipment – change the default password. Make it complex. You might see a system as a test box or “junk in the corner” but a would-be attacker sees it as a launch-pad. Simple, simple, simple – change your root/admin/enable passwords. It doesn’t cost a thing.
- Never, ever underestimate the reconnaissance phase of an attack. This is the part where everything might seem fine. No crypto-lockering, nothing specifically weird, no major data leaks. Yet, your attacker is collecting as much information as possible to conduct the most powerful attack, in the least amount of time.
Consider this scenario – I still see a lot of SNMP v1 traffic during vulnerability assessments. It’s certainly not unique to one customer. What if an attacker gained access to a server (NASA hack step 1) with a default password and then was able to run a sniffer like tcpdump or pcap and just watched the network for SNMP v1 traffic (NASA hack step 2). How many people have a common “password” that’s used across your devices? You know – “the password”. If you used that same password as the read-write community string, the attacker will see it.
Then that person will be quiet about it, but try to use it to see what other systems they can get to. They will do that quietly and slowly. You might not have a cool multimillion-dollar drone for an attacker to steal but you probably have money and the attacker might like that even more.If you have default passwords anywhere on your network or feel like your passwords need a boost, check out our 4 Ways to Strengthen Your Passwords blog post.