Scrapping a dead router and skimming on a shiny new update is a daily occurrence in many business networking environments. However, the fate of the waste must be as important as the replacement and use of new materials on the shelf. Unfortunately, this is not usually the case.
When the ESET research team purchased some routers to use to set up a test environment, team members were surprised to discover that in many cases previously used settings cannot be removed… Worst of all, the data is that the device could be. Used to identify the previous owner and details of the network configuration.
This takes us to more testing, buying more tools, and a simple way to see if data is still available on the device.A total of 18 routers were purchased, one broke when it arrived and two were mirrored, so we counted them as one unit; After these changes, we found configuration details and information for over 56% of devices.
If data collected from devices, including user data, router-to-router authentication keys, name lists, and more, falls into the wrong hands, it can be enough to strike a cyberattack. The bad guys will get the first access they need to start exploring what the company’s digital assets are and what they might be worth. We probably all know what happens next in this situation.
In recent years, there has been a well-documented change in the way criminals use cyberattacks on businesses for profit. Continuing to increase threats, cybercriminals created entry points and pillars into networks.Then they spend time and resources performing tough data removals, find ways to bypass security measures, and eventually bring the company to its knees by leading to devastating ransomware attacks or other cyberattacks.
Initial value for unauthorized access to corporate partners: According to research by KELA Cybercrime Prevention, the average value of corporate access to corporate information Original is currently around $2,800. This means that an old router purchased for a few hundred dollars and providing access to the network without much effort can provide cybercriminals with something they can invest in. This assumes that instead of launching cyberattacks themselves, they simply download access data and sell it on darknet markets.
One of the concerns of this research is that companies do not cooperate when we try to warn them about the problem of their data becoming public.Some have been contacted, others have confirmed that the equipment has been sent to the company for safe disposal or rest – a process that apparently did not happen – and others simply to ignore re-contact.
The lesson to be learned from this study is that all equipment from your company must be cleaned and the cleaning process must be certified and regular, and make sure that your company’s jewelers are not sold out in a hardware store.