A recent cyberattack on Orange España highlights the vulnerability of telecom network personnel and the critical need for improved digital hygiene.
Hackers are actively targeting network engineers and IT infrastructure managers, seeking access to the organization’s sensitive data and infrastructure.
This alarming report by Resecurity reveals a disturbing trend: hundreds of network engineers’ credentials for organizations worldwide are being sold on the dark web.
Run Free ThreatScan on Your Mailbox
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
These compromised credentials grant attackers access to sensitive systems and data, potentially leading to devastating cyberattacks.
In January 2024, attackers hijacked an Orange España employee’s computer, stealing credentials for their RIPE NCC account.
This granted them access to manipulate the telecom’s network settings, causing a widespread internet outage.
The Dark Web: A Hunting Ground for Credentials
Resecurity’s investigation uncovered over 1,500 compromised credentials for regional internet registries, including RIPE, APNIC, AFRINIC, and LACNIC.
These credentials were likely stolen by info stealers, malware designed to silently collect sensitive information.
Worryingly, some credentials were offered for as little as $10, making them readily accessible to cybercriminals.
Beyond Credential Theft
Stolen credentials can be used for more than just disrupting services. They can also grant access to:
Enterprise Identity and Access Management (IAM) systems: This could allow attackers to steal sensitive data or grant unauthorized access to other systems.
Virtualization systems: This could allow attackers to manipulate virtual machines and disrupt critical operations.
Cloud providers: This could expose sensitive data stored in the cloud or allow attackers to launch further attacks from within the cloud environment.
Backup and disaster recovery systems: This could prevent organizations from recovering from cyberattacks or natural disasters.
Protecting Network: Steps to Take Now
Implement multi-factor authentication (MFA) for all accounts: This adds an extra layer of security by requiring a second factor, like a code from the phone, to log in.
Educate employees about cyber security best practices: Teach employees to be wary of phishing emails, suspicious links, and malware.
Regularly monitor the dark web for compromised credentials: Services like Resecurity can help you identify and address compromised credentials before they are used in an attack.
Patch systems and software regularly: This helps to close security vulnerabilities that attackers can exploit.
The post Hackers Exchanging Hundreds Of Network Operators’ Credentials on Dark Web appeared first on Cyber Security News.
“}]] Read More
Cyber Security News