Get best of the week

In most corporate networks, there may be traces of hackers and related vulnerabilities

We decided to discuss a number of factors that negatively affect the security of networks in the company - the slow installation of patches, the failure to comply with IS regulations and the lack of encryption.


/ Unsplash / Clint Patterson

The situation with (non) network security


The network infrastructure of companies is built on corporate routers. They connect offices to each other and the cloud and are responsible for the security of the connection. However, sometimes difficulties arise with them. The problem with one of these devices was discovered by specialists of the Chinese information security company Qihoo 360. According to them, a group of unknown hackers uses a vulnerability in the authorization mechanism to monitor mail and FTP traffic.

Attackers inject malicious code into the login field in the control panel of the router. When a user logs in, a special script is run located athttp://103.82.143.51:58172/vig/tcpst1. From there, malware is downloaded, which gives hackers control over the device and access to the corporate network.

Attackers monitor traffic on ports 21, 25, 110, and 143 (for working with FTP, SMTP, POP3, and IMAP protocols) and collect various authentication data transmitted over the network in clear text. In the future, they can be used to carry out more serious attacks.

Fresh posts from our blog on Habré:


Unfortunately, compromise of data in corporate networks occurs much more often than we would like. According to experts from Dell, over the past year 63% of companies have experienced a leak due to vulnerabilities in one or another hardware platform. At the same time, analysts at one international information security company say that suspicious activity (hiding traffic, connecting to TOR, proxying) is present in the networks of 97% of organizations.

What is the reason


Long installation of patches . Most often, attackers use already known software vulnerabilities to crack, with existing corrective patches. Such attacks are successful because on average organizations spend several months installing patches.

, , , . 100 . .

Part of the delay is due to a lack of qualified personnel. According to The New York Times, in 2021 the market will have 3.5 million open vacancies related to information security. For comparison, in 2014 this figure was kept at the level of one million. Patching processes are also affected by poor process automation. There are companies that store information about the necessary patches in Excel. One Fortune 100 organization has even formed a dedicated department that populates spreadsheets with vulnerability information.

Failure to comply with information security recommendations . The list of the most frequent “miscalculations” includes: launching unknown files received by e-mail, and transitions to fake sites. Therefore, today phishing is the reason91% of all cyberattacks.

Lack of data encryption . Unencrypted transmission of AP opens additional attack vectors for attackers. Given that 95% of corporate networks have been compromised at least once, the amount of information stolen cannot be measured. But all Fortune 500 PD leaks are already called the “largest transfer of ownership” in history.

How can I fix the situation?


First of all, information security experts recommend that managers conduct basic cyber hygiene courses for both ordinary employees and IT professionals. To better absorb knowledge, you can resort to gamification methods. PWC Australia is already hosting a Game of Threats game among customers that simulates real-life cyber attacks. In it, a team of hackers attacks the network infrastructure, and a team of defenders tries to stop them.


/ Unsplash / Clint Patterson

Analysts from the Ponemon Institute and ServiceNow say that 48% of companies could have avoided leaks in the past if they patched a system in time ( page 5) Timely installation of patches complicates the work of attackers and closes critical attack vectors. Therefore, information security experts recommend automating the software update process when the system itself downloads and installs patches from the Internet. System administrators can only monitor their correct operation.

A couple of materials from our corporate blog on the VAS Experts website:

More articles:


All Articles