[ad_1]
Now new information is emerging about IT security at Gunnebo, the company that suffered a data breach and a huge amount of sensitive information was leaked.
In late August, Gunnebo discovered the data breach and the leak took place in September. But already in March of this year, six months earlier, Gunnebo received a notice that the password of one of its servers was circulating among criminals.
The suggestion came through Brian Krebs, one of America’s most experienced IT security writers. Through a security company, he had received information that a Gunnebo server password had been sold to a group specializing in blackmailing hacked companies.
Gunnebo received the information, according to Brian Krebs. “They thanked me for contacting me and said they would review the issue. That was the last I heard from them,” he writes in an email to DN and continues: “I have no idea if this information was the origin of this intrusion, but I would not be surprised Brian Krebs has also written about the incident.
The password, which gave access to a computer on the Gunnebo network, was “password01”.
With the help of the password, an attacker could log into a so-called RDP server, remote desktop protocol, which makes it possible to remotely control a computer over the network as if he were sitting in front of its screen.
Therefore, it is not clear if the March event is related to the data breach. But it is not uncommon for attackers to work for months to infiltrate a corporate network, steal data, and plant blackmail viruses before carrying out the attack. It happened, for example, with the aluminum giant Norsk Hydro, which was paralyzed by a blackmail attack last year, about which DN had previously reported.
The fact that criminal groups buy and sell access to hacked companies is also increasingly common.
– Organized criminals who do it for commercial purposes have gone further and become specialized groups, where some work to find ways to enter, where other groups work with the extortion part itself. It has become an information marketplace that can be used for intrusion, says IT security expert Robert Malmgren.
Having the type of password listed here in remote access services is under all criticism and is on the verge of self-destructive behavior.
Gunnebo confirms the data. The notice came on March 3 of this year and the password was changed in less than an hour, writes Isabelle Ljunggren, who handles Gunnebo’s media contacts, in an email to DN. “Gunnebo’s IT department acted immediately,” he writes. However, he does not want to comment on what measures were taken in other respects. He does not comment on the question of whether the sold password played a role in the leak: “As for your specific question, we chose to leave it unanswered for technical investigative / security reasons,” he writes.
Robert Malmgren is critical of having computers open to log in, as Gunnebo appears to have done. You see even bigger problems with the weak password:
– Having the type of password that has appeared here in the remote access services is under all criticism and is on the verge of self-injurious behavior, he says.
Information leaked from Gunnebo’s servers included security drawings of bank vaults, alarm systems, and technical details on protecting sensitive buildings.
