- The researchers found tens of thousands of vulnerable am around the world
- 49,000 am poorly configured could represent an important problem
- Suppliers are working on a solution
Tens of thousands of Access Management Systems (AM), built by different suppliers and distributed in different countries, were connected to the wider, poorly configured and, therefore, exposed to cyber attacks.
A report by cybersecurity researchers Modat pointed out that access management systems are security frameworks that control and monitor who can access digital or physical resources within an organization. They authenticate users through methods such as passwords, biometry or multifactor authentication and authorize their level of access based on predefined policies.
Modat said they found 49,000 am poorly configured ‘, in different organizations around the world. “The generalized internet exposure from AMS in several countries indicates a worldwide problem,” he said. The devices were found in key industries such as construction, medical care, education, manufacturing, oil industry and government organizations.
Botnet for rent
It could be said that the biggest problem with these erroneous configurations is the committed physical security of affected organizations, since criminals could avoid physical security and access buildings that should otherwise be out of the limits.
But apart from that, another important conclusion is that cybercriminals could steal confidential data from employees in this way. “Personal identification information, photographs of employees, biometric data, work schedules, salary and control receipts of the installation were found,” said Modat.
This could open the phishing gates, identity theft, social engineering and other forms of fraud that could see information from the sensitive exfiltrated government of servers.
Different AMS were affected differently, the researchers explained. They said they detected a “high concentration” of vulnerabilities, mainly in European countries, the United States and the Mena region (Middle East and North Africa).
Most defective devices were found in Italy (16,678), Mexico (5,940) and Vietnam (5,035).
Modat notified all affected organizations, but according to BleepingcomputerNone responded, so we don’t know how many mitigated the risk for now. The researchers also communicated with the suppliers, some of whom confirmed to work in a solution.
Through Bleepingcomputer
