HomeCII/OTStolen Ripe Credentials Available for Purchase on the Dark Web

Stolen Ripe Credentials Available for Purchase on the Dark Web

Published on

spot_img

The recent discovery of hundreds of network operator credentials being stolen via compromised RIPE accounts has raised concerns about the security of sensitive information in the digital realm. Researchers from Resecurity found that RIPE, the database for IP addresses and their owners for countries in the Middle East, Europe, and Africa, has become a popular target for attackers seeking to gather confidential data.

According to Shawn Loveland, COO at Resecurity, bad actors use these stolen credentials to probe other applications and services to which the victims may have privileged access. This increases their chances of successfully infiltrating the network of enterprises and telecom operators.

In a recent incident, Orange Spain experienced an internet outage after a hacker breached the company’s RIPE account to manipulate BGP routing and an RPKI configuration. RIPE has confirmed that they are investigating the compromise of a RIPE Network Coordination Center Access account that temporarily affected some services.

Resecurity conducted a monitoring exercise in Q1 2024 and identified 716 compromised RIPE NCC customers with leaked credentials on the Dark Web, including organizations from Iran, Saudi Arabia, Iraq, and Bahrain. In total, 1,572 customer accounts across RIPE and other regional networks were compromised due to malware activity involving well-known password stealers.

Gene Yoo, CEO of Resecurity, explained that attackers not only stole RIPE accounts but also lifted other privileged user credentials. The stolen credentials targeted network engineers, ISP/telecom engineers, data center technicians, and outsourcing companies. According to Resecurity, it remains unclear whether RIPE has been targeted more deliberately than its global peers.

Elliott Wilkes, CTO at Advanced Cyber Defence Systems, warned that credential theft is a widespread issue in the Middle East and globally. He stressed the importance of deploying tools to protect privileged access and implementing effective privileged access management tools with time-bound credentials to mitigate the risk of stolen credentials being exploited.

Paul Lewis, CISO at Nominet, emphasized the need for stakeholders to take responsibility for their corporate security. He highlighted the role of centralization of services and the imperative need for organizations to implement the correct controls to protect against potential threats.

In light of these incidents, IDC META reported a recent surge in malware-borne cyberattacks in the Middle East, with more than 65% of CISOs reporting an increase in malware. The increasing incidence of phishing attacks, credential leaks, and social engineering poses a significant security risk for organizations in the region.

This type of attack, arising from credential leaks, is becoming very common in the Middle East. Credential leaks provide attackers with login details that can be used for credential stuffing, privilege escalation, and authentication bypass, enabling lateral movement within networks and posing significant security risks.

As the investigation into the stolen network operator credentials continues, the focus on securing sensitive information and protecting against cyber threats remains paramount. It is crucial for organizations to strengthen their cybersecurity measures and adopt effective privileged access management tools to safeguard against future incidents.

Source link

Latest articles

Schadsoftware RedLine und META lahmgelegt

In a recent international operation against cybercrime, authorities from various countries have successfully dismantled...

Best Practices for Cloud Environments to Combat Cyber Attacks by IAM

Organisations across the globe are continually looking for new ways to incorporate artificial intelligence...

Explore Son Doong Cave in 360° Flight

The magnificent Son Doong Cave in Vietnam continues to captivate visitors with its breathtaking...

CrossBarking Attack Exposes Opera Browser Users through APIs

Security researchers have recently brought to light a new browser attack that exploits "private"...

More like this

Schadsoftware RedLine und META lahmgelegt

In a recent international operation against cybercrime, authorities from various countries have successfully dismantled...

Best Practices for Cloud Environments to Combat Cyber Attacks by IAM

Organisations across the globe are continually looking for new ways to incorporate artificial intelligence...

Explore Son Doong Cave in 360° Flight

The magnificent Son Doong Cave in Vietnam continues to captivate visitors with its breathtaking...
en_USEnglish