- Researchers found tens of thousands of vulnerable AMS around the world
- 49,000 misconfigured AMS could represent a major problem
- Vendors are working on a fix
Tens of thousands of Access Management Systems (AMS), built by different vendors and spread across different countries, were found connected to the wider internet, misconfigured, and thus – exposed to cyberattacks.
A report from cybersecurity researchers Modat noted Access Management Systems are security frameworks that control and monitor who can access digital or physical resources within an organization. They authenticate users through methods like passwords, biometrics, or multi-factor authentication and authorize their level of access based on predefined policies.
Modat said they found 49,000 misconfigured AMS’, in different organizations around the globe. “Widespread internet exposure of AMS across multiple countries indicates a worldwide problem,” it said. The devices were found in key industries such as construction, healthcare, education, manufacturing, the oil industry, and government organizations.
Botnet for hire
Arguably the biggest problem with these misconfigurations is the compromised physical security of the affected organizations, as criminals could bypass physical security and access buildings which should otherwise be off limits.
But aside from that, another important takeaway is that cybercriminals could steal sensitive employee data this way. “Personal identification information, employee photographs, biometric data, work schedules, payslips, and complete facility control and access were all found,” Modat stressed.
This could open the floodgates to phishing, identity theft, social engineering, and other forms of fraud that could see sensitive government information exfiltrated from the servers.
Different AMS’ were affected differently, the researchers further explained. They said they detected a “high concentration” of vulnerabilities, mostly in European countries, the US, and the MENA region (Middle East and North Africa).
The majority of flawed devices were found in Italy (16,678), Mexico (5,940), and Vietnam (5,035).
Modat notified all of the affected organizations, but according to BleepingComputer, none responded so we don’t know how many mitigated the risk by now. The researchers also reached out to vendors, some of which confirmed to be working on a fix.
Via BleepingComputer
Leave a comment