Throughout the last several months, the MSI team has been performing some old-school types of attacks in our penetration testing work. Astoundingly, these “ancient” forms of hacking attacks are still yielding high levels of return. We’ve managed to steal amazing amounts of data using these tactics from the early days of the hacking community.
Lots of confidential data still ends up in the trash. If you’re lucky enough to find a dumpster with sensitive information inside it, then you can get access to that data without having to break into any systems or networks. This is one of the most common ways for hackers to gain access to valuable data and intellectual property.
And, we’ve seen plenty of it. PII, PHI, employee data, mergers and acquisitions information and a whole lot of intellectual property is still turning up in our team’s testing. Even with corporate shred containers scattered about (which you should have), many sensitive documents still end up in the trash.
The best we’ve seen? A document with a plethora of sensitive data in it, generated by a corporate attorney, with a post-it still attached to it that says “Please shred!”. All we can say is, awareness is the key to mitigating this one.
Compromising Voicemail Boxes
It’s 2021, and yet, 1987 called and wants their hack back. Our team is still compromising voicemail boxes with ease. Most are protected by simple 4 digit codes, and even then, the majority of those codes fall into a short “easy pickings” list. PIN lockouts after so many bad attempts remain almost unheard of, and it’s simply astounding what you can learn from owning some corporate voicemails.
If you haven’t had your voicemail system audited recently, now might be a good time to talk about it. Not only can it lead to exposure of a variety of confidential information, credentials and customer data, but in many cases, it can also lead to toll fraud and significantly increased telecomm charges.
Our best story here? Compromising a voicemail box for a customer service rep, where thanks to COVID, they were working from home. We changed the message to ask for callers to leave their account information as a part of their support request. Lo and behold, an easy way to harvest that data. How long would it take you to notice this kind of attack?
Wardialing & Dial-up Compromises
Remember dial-up? Our team still loves to play with the “beauty of the baud”, so to speak. You’d be amazed how many companies still have modems attached to critical systems and exposed to the world via the phone. Routers, industrial automation, PBX remote management, critical ICS systems all abound in the dial-up world. Many have simple logins and passwords, but some don’t even have that anymore.
In addition, VoIP and cloud technologies were expanded years ago to include modern war dialing tools. Hunting for dial-ups remains easy, cheap and effective.
What’s worse? If the attacker “gets lucky”, they can find a loose dial-up system that is network connected on the other side, making it easy to bridge a dial-up compromise into network access. The next thing the penetration testing team knows, it’s “raining shells”, so to speak.
When was the last time you audited your dial-up space, or went looking for modems? Many remote vendor support agreements still contain these types of connections. Pay special attention to remote support for MPLS and telecomm circuits. We’ve found a lot of this equipment with dial-ups in place for inbound tech support when a circuit fails.
Need a war dial or some dial-up testing? Give us a call. We love it.
Give some thought to old-school attacks. Penetration testers with experience in these areas may have some grey hair, but you’d likely be surprised how much these long in the tooth exploits still have bite!