Over the recent years, it has often transpired that some of the top professional organization are often very lax when it comes to digital security. It has now proved true in the case of Cisco. A blackhat organization has listed one of Cisco’s machines as hacked PCs available for rent.
Different blackhat organizations provide access to infected machines within Fortune 500 companies for hackers looking for them. Among them is the Dedicatexpress.com which provides login credentials such as usernames and passwords for compromised machines in many organizations.
On its list of available infected machines for rent, the site has now added a Cisco machine. The intriguing part is that the login credentials of the machine are ridiculously simple – the username as well as the password of this machine is ‘Cisco.’
Moreover, the ‘rent’ is very low for access to such machines, with Dedicatexpress offering them for as low as $4.55. When Cisco was contacted about this security loophole, an ‘inside source’ revealed that the listed machine was indeed a part of the company’s network.
According to Brian Krebs who first revealed this, “Businesses often turn on RDP for server and desktop systems that they wish to use remotely, but if they do so using a username and password that is easily guessed, those systems will soon wind up for sale on services like this one.”
Naturally, many persons with malicious intents would be happy to find a Cisco machine on the list and apparently, some have already made good use of it. Krebs further states, “I ran a check on the Cisco box and found that it had already been blacklisted by 10 out of 15 popular services that track malicious activity online, such as spam and malware hosting.”
Source: Krebs On Security