Plotting 'mass damage' in Australia? SMBs' crappy login hygiene really helps – hacker

Bsides Sydney hacker Edward Farrell says scores of small and medium businesses in Australia and some Fortune 500 companies are open to attack through running ancient Windows operating systems and unauthenticated servers.

The director of Mercury Information Security Services ran tests from the position of an attacker who would plan mass collateral damage to Australia.

His footprint of exposures reveal a third of those analysed contain poor or absent access controls and other dangerous holes that, if exploited, would cause significant data loss and disruption.

“Some of these systems are so old there is no fix,” Farrell told Vulture South ahead of his talk at Bsides Canberra this week.

“We found an Australian government contractor, doctors, a lot of small businesses, and five Fortune 500 companies that were exposed.”

Farrell and his team found 209,018 servers with open SMB ports within Australian IP ranges.

Of these, a sample of 20,000 servers was analysed to determine software version history and accessibility.

Some eight per cent run abandoned versions of Windows like XP, and 20.5 per cent unsupported versions of Samba below 4.1. Most of the latter would be embedded systems like network-accessible storage that cannot be patched.

About 70 per cent run some flavour of supported Windows and could but have not applied patches.

Farrell says the exposures are due to administrators not knowing the devices operating in their environments, how access controls apply to their various systems, and failing to deploy patch management systems.

Information on exposed systems was provided to CERT Australia. ®