{"id":11484,"date":"2024-02-26T17:34:12","date_gmt":"2024-02-26T04:34:12","guid":{"rendered":"https:\/\/kinetics.co.nz\/?p=11484"},"modified":"2024-02-26T17:34:12","modified_gmt":"2024-02-26T04:34:12","slug":"are-your-legacy-it-systems-giving-hackers-a-backdoor-into-your-business","status":"publish","type":"post","link":"https:\/\/new.kinetics.co.nz\/?p=11484","title":{"rendered":"Are your legacy IT systems giving hackers a backdoor into your business?"},"content":{"rendered":"

[et_pb_section fb_built=”1″ _builder_version=”4.24.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content” custom_padding=”11px|||||”][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.24.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”1_2″ _builder_version=”4.24.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.24.2″ _module_preset=”default” hover_enabled=”0″ global_colors_info=”{}” theme_builder_area=”post_content” sticky_enabled=”0″]<\/p>\n

One of our engineers was working on migrating a customer from a legacy email server into Office 365 after we discovered they were under a brute force external attack.<\/p>\n

The migration required that we receive the users passwords.\u00a0 These would, of course, be reset after the migration.\u00a0 It’s an old system and we found that many users didn\u2019t know their passwords.<\/p>\n

To overcome this, we had to delve into our toolbox.\u00a0 With the client’s agreement, we decided to run an experiment to see if we could glean any details from a packet capture.<\/p>\n

It turned out to be easy.\u00a0 We were able to pull all the usernames and passwords in plain text from the network!<\/strong><\/p>\n

This means it would be relatively straightforward for a potental attacker to completely compromise this organisation.<\/p>\n

All they would have to do was park in their carpark afterhours, crack their wifi (an easy task) and capture the login attempts. Ultimately this would result in the loss of all their systems and potentially the whole business.<\/p>\n

[\/et_pb_text][\/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.24.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_image src=”\/wp-content\/uploads\/2024\/02\/Wireshark.png” title_text=”Wireshark” _builder_version=”4.24.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.24.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.24.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.24.2″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

Luckily that risk is eliminated by a move to a secure cloud system with encrypted passwords and MFA.<\/h2>\n

Thankfully, this client is now taking security seriously and we are migrating them off legacy systems into more secure and up to date cloud services, but this is a great example as to why legacy systems present a risk to businesses.<\/p>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"

One of our engineers was working on migrating a customer from a legacy email server into Office 365 after we discovered they were under a brute force external attack. The migration required that we receive the users passwords.\u00a0 These would, of course, be reset after the migration.\u00a0 It’s an old system and we found that […]<\/p>\n","protected":false},"author":5,"featured_media":11486,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4,5],"tags":[],"class_list":["post-11484","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security"],"_links":{"self":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/11484","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11484"}],"version-history":[{"count":0,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/11484\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11484"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11484"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11484"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}