A Russian hacker has published passwords of over 900 enterprise VPN servers on a hacking forum visited by several ransomware groups, putting them at risk.
Even if those companies patch their VPN servers now, they need to change passwords to avoid hackers abusing the leaked credentials to take over devices and then spread to their internal networks, reports ZDNet.
The list of plaintext usernames and passwords includes 913 IP addresses of ‘Pulse Secure’ VPN servers.
All the ‘Pulse Secure’ VPN servers were running a firmware version vulnerable to the ‘CVE-2019-11510′ vulnerability.
The threat intelligence analyst Bank Security said the hacker used an exploit for the ‘CVE-2019-11510′ vulnerability to gain access to systems, dump server details (including usernames and passwords), and then collected all the information in one central repository.
The ‘Pulse Secure’ VPN servers are usually employed as access gateways into corporate networks so staff can connect remotely to internal apps from across the internet.
“These types of devices, if compromised, can allow hackers easy access to a company’s entire internal network,” said the report.
The list has been shared on a hacker forum that is frequented by multiple ransomware groups who break into corporate networks by leveraging network edge devices and ask for huge ransom demands.
The companies, whose names were not revealed in the report, “have to patch their Pulse Secure VPNs and change passwords with the utmost urgency”.
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]