January 4, 2024 at 08:18AM
The massive outage at Orange Spain, affecting around half its network’s traffic, was caused by an infostealer malware gaining access to an employee’s account with the weak password “ripeadmin.” This breach allowed an attacker operating under the alias “Snow” to manipulate the network’s border gateway protocol (BGP) traffic. The incident highlights the risks of weak passwords and the need for improved security measures.
Key takeaways from the meeting notes:
– A massive outage at Orange Spain was caused by a weak password exposed by infostealer malware, leading to the breach of the RIPE account and disruption of around half of the network’s traffic.
– The attacker, operating under the alias “Snow,” accessed the RIPE account after harvesting admin credentials using infostealer malware, revealing the password to be “ripeadmin,” which was described as “ridiculously weak” by researchers.
– RIPE does not mandate 2FA or MFA use, and it wasn’t enabled at Orange Spain, highlighting a potential security gap. In comparison, North America’s equivalent database, ARIN, has mandated it since February 2023.
– Snow hijacked the network provider’s border gateway protocol (BGP) traffic, modifying the autonomous system (AS) number associated with Orange Spain’s IP address and changing the route origin authorizations (ROAs), causing the service outage.
– Orange Spain confirmed the RIPE account breach and service restoration via a newly minted X account and stated that there was no evidence of customer data compromise.
The meeting notes emphasize the critical need for strong password policies, routine checks for organizational exposure to infostealer infections, and the potential for further similar attacks in the wake of the incident at Orange Spain. It also underscores the importance of implementing additional security measures such as 2FA or MFA to mitigate the risk of such attacks.