- Scientists found tens of thousands of vulnerable AMs around the world
- 49,000 Incorrect configurated AMS could represent a major problem
- Sellers are working on a solution
Tens of thousands of Access Management Systems (AMS), built by different suppliers and spread over different countries, were found associated with the wider internet, incorrectly configured and thus – exposed to cyberattacks.
A report from CyberSecurity researchers Modat noted Access Management Systems is security frameworks that control and monitor who can access digital or physical resources in an organization. They authenticate users through methods such as passwords, biometrics or multi-factor authentication and authorize their access level based on predefined policies.
Modat said they found 49,000 incorrectly configured AMS ‘in different organizations across the globe. “Widespread Internet exposure of AMS across several countries indicates a worldwide problem,” it said. The units were found in key industries such as construction, healthcare, education, manufacturing, the oil industry and government organizations.
Botnet for rent
It is likely that the biggest problem with these incorrect configuration is the compromised physical security of the organizations concerned, as criminals could bypass physical security and access buildings that would otherwise be out of bounds.
But other than that is another important pickup that cyber criminals could steal sensitive employee data in this way. “Personal identification information, employee photographs, biometric data, work plans, paychecks and complete facility control and access were all found,” Modat emphasized.
This could open the flooding gates of phishing, identity theft, social engineering and other forms of fraud that could see sensitive government information that has been exiltered from the servers.
Different AMS ‘was affected differently, the researchers explained further. They said they discovered a “high concentration” of vulnerabilities, mostly in European countries, the United States and the Mena region (the Middle East and North Africa).
The majority of the defective units were found in Italy (16,678), Mexico (5,940) and Vietnam (5,035).
Modat notified all the affected organizations but according to Bleeping computerNo one answered, so we don’t know how many diminished the risk now. The researchers also reached out to suppliers, some of whom confirmed to work on a solution.
Via Bleeping computer
