Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
Drone aircraft are some of the U.S. Air Force’s deadliest weapons. Information on how to operate them can be very dangerous if it falls into the wrong hands. If that sort of data was breached and exfiltrated, you’d expect the attack vector would be an obscure zero-day vulnerability being exploited by a masterful cyberwarfare group, right? What if I told you that sort of data was breached by someone who desperately needed $200, through a home router exploit that’s been known for years?
Never, ever leave the default settings unmodified on your networking appliances!
Recorded Future’s Insikt Group made an interesting discovery as they were monitoring a Dark Web forum for cyber attackers. Someone was trying to sell manuals for the M1 Abrams tank, improvised explosive devices, and the MQ-9A Reaper drone. The seller was looking for $150 or $200, and they needed the money badly. Further investigation determined that the documents for sale were authentic.
The seller bragged that the manuals contained classified information taken from the Pentagon. While the exfiltrated data is considered highly sensitive, it’s not officially classified. “Highly sensitive” data is forbidden to be “released to another nation without specific authority.” And the data wasn’t taken from the Pentagon, it was acquired through a home router on the Creech Air Force Base in Nevada.
Recorded Future’s Andrei Barysevich was surprised by what they found:
“I’ve been personally investigating the Dark Web for almost fifteen years, and this is the first time I’ve uncovered documents of this nature. This type of document would typically be stolen by nation-state hackers. They wouldn’t be offering it on the Dark Web, and certainly not for $150.”
Insikt Group members built rapport with the seller. They determined that the seller was from an impoverished South American country (which hasn’t been specified), and had exploited a home router vulnerability known for years to obtain the documents. The modest cyber attacker was also able to view (unencrypted) live footage from an MQ-1 Predator, from NASA, and from cameras at the U.S.-Mexico border. All made possible because a U.S. Air Force service member had connected their poorly secured router to the Creech base network.
The exploited vulnerability is very similar to a Netgear router vulnerability, known and patched since 2016. SFGATE reported on the vulnerability in February of that year:
“It’s a potentially dangerous issue — and one that Netgear says its users are responsible for preventing.
The problem stems from a lax authentication process for accessing data on USB peripherals (printers and disk drives, mostly). When users attempt to remotely access data on an attached drive, they are prompted to enter a user name and password. If those users have not established unique log-ins, the router firmware grants access without requiring a password at all…
Netgear, a publicly traded networking equipment provider (NEP) in San Jose, CA, acknowledges the risk. But the company said customers must take steps to guarantee the security of their devices.
‘A simple change of the password will protect against this potential vulnerability,’ the company said in a statement. ‘Netgear advises to change the default password in the user manual in the section on Personal FTP (file transfer protocol) servers.’
The password intended to protect personal file sharing isn’t the same as the one used for WiFi access. Users can connect their computers to their routers to change the router’s password. Further details are in the router documentation, available on the Netgear website.”
The particular Netgear model of the home router that the US Air Force Captain from the Creech Base used hasn’t been disclosed (the SFGate article calls out the Nighthawk AC1900 Smart Wi-Fi Router R7000). But Errata Security’s Rob Graham believes that vendors have a responsibility to disclose the risk of using home routers as FTP servers in their manuals:
“It should be in the manual: ‘Hey, there are (people who are looking) for this thing. So access to whatever you put on this FTP server, they will find it, and they will download those files.”
DataGravity’s Andrew Hay also thinks that vendors should do a better job of educating their consumer customers:
“Suggesting that users change a password to protect themselves says nothing to the fact that any user account tested during our validation of the issue… would allow for full access to the files associated with the device.”
Interestingly, the U.S. Air Force Captain whose router was hacked had completed a cybersecurity awareness course in February. Either they were insufficiently trained, they didn’t properly apply what they learned, or perhaps a bit of both.
Barysevich recognizes the potential danger of the breached manuals:
“While such course books are not classified materials on their own, in unfriendly hands, they could provide an adversary the ability to assess technical capabilities and weaknesses in one of the most technologically advanced aircrafts.”
Thousands of home routers on the internet remain vulnerable to the same sort of exploit, which is easily avoidable. Cyber attackers like the person who illegally acquired the sensitive manuals often use Dark Web services like Shodan to discover vulnerable routers.
As Recorded Future wrote in their report:
“Sadly, very few understand the importance of properly securing wireless access points, and even fewer use strong passwords and understand how to spot phishing emails.
The fact that a single hacker with moderate technical skills was able to identify several vulnerable military targets and exfiltrate highly sensitive information in a week’s time is a disturbing preview of what a more determined and organized group with superior technical and financial resources could achieve.”
I think this discovery should be embarrassing to both the vendor and to the U.S. Air Force. Will a lesson be learned? If you have a Netgear router or any other sort of networking devices, go and make sure you’re using secure passwords everywhere, download and apply the latest patches, and avoid leaving factory default settings in place!
Tags: Cyber Security,cyber threat
Reading Time: 3 minutes [Pull quote: In my experience, our customers really appreciate our team’s attention to detail and ability to listen. Here at Comodo, we value professionalism–but we’re also available and friendly.– Stephen Corsale, SVP of Customer Success and Professional Services at Comodo] One thing that’s unique about the cybersecurity industry is that a vendor is successful when…
Reading Time: 3 minutes With cybersecurity playing such an essential role in modern-day business culture, many companies are sourcing highly specialized personnel to help keep their organizations secure. While departmental structures vary from company to company, many would agree a dedicated Chief Information Security Officer (CISO) provides the best bang for buck when establishing sustainable security practices now and…
Reading Time: 3 minutes It can be hard to imagine a world in which an attempted hack attack occurs roughly every 39 seconds. But research shows that’s the world we live in. Some organizations stay in a permanent defensive crouch, running scans and madly installing security patches as needed. While those are good ways to prevent a cyber attack,…
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
See how your organization scores against cybersecurity threats