What happened:
Hacker “John Binns” accessed and sold 50 million consumer records stored in T-Mobile’s unsecured servers.
“John Binns” explained that he explored T-Mobile’s Internet-facing routers for vulnerabilities. After finding and exploiting one vulnerability, he found credentials for 100 servers inside one of T-Mobile’s Washington State servers.
He then exfiltrated the records and placed them for sale on the dark web.
Why is this important?
The T-Mobile attack required minimal resources. A single attacker compromised T-Mobile’s network and data through multiple layers. This was too easy. But the vulnerabilities found in T-Mobile’s environment are also common.
What does this mean to me?
HALOCK finds that many organizations are not implementing known-effective controls – such as router hardening, multifactor authentication (MFA), and credential protection – because they are overwhelmed and under-resourced. The burden is often left on the shoulders of IT staff to solve problems that they don’t have the resources for.
Related threats
Network device attack
Authentication hijacking
Related vulnerabilities
Un-hardened network devices
Unprotected privileged user credentials
Lack of MFA
Helpful controls
Network device hardening – Consider SCAP policies
Privileged access management (PAM)
Multifactor authentication (MFA)
Commonality of attack
High
Article on story
