News

Pentest missed a weak password in a ransomware attack on the municipality of Hof van Twente

By admin
Spread the love

The municipality of Hof van Twente used weak passwords and hired pen testers did not detect these problems. As a result, the municipality could be hit by ransomware. Several problems have been found, according to researchers.

The ransomware criminals entered the municipality through a server where the Remote Desktop Protocol was open. That gate was opened by the municipality in October 2019. Later, the password of an ftp account for that server was changed to Welcome2020. Criminals could easily crack that with a brute force attack. There was also an account called ‘testadmin’ with full admin rights that the attackers used to move through the network, the municipality said during a press conference on Wednesday. The report on the hack has since been made public.

The municipality had an external report drawn up in response to a ransomware attack that took place in December. As a result, systems were no longer accessible. The report shows that various vulnerabilities could be found at the municipality, such as the bad password. Also, the network was not segmented and there was no active monitoring for suspicious activity.

In addition to the municipality itself, Sogeti is also criticized. That company carried out a pen test in May last year on behalf of the municipality, but no major vulnerabilities were discovered. For example, the pentest did not look at the specific server that was currently being attacked. The researchers say they cannot find out how the pen test was performed at the time, because it was a self-designed method. This makes the test difficult to control.

The municipality is partly responsible for itself. Hof van Twente calls the hack ‘a solid lesson’ and says that there was ‘a gap between the security of the system as experienced by the municipality and the actual technical situation’. “There was a relationship based on mutual trust and within that role ambiguity between the municipality and the external party that arranged management and security,” the municipality writes. Unauthorized access ‘could have been prevented’, says the municipality.

You might also like
News

Google is serious about ending passwords: ‘passkeys’ are becoming the…

News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Zeeland power grid is full, grid operator stops new requests from major consumers

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Xbox Community CEO Larry ‘Major Nelson’ Hryb is leaving Microsoft after…

Exit mobile version