In the normal course of business you are going to have different vendors in your system performing different actions, unfortunately they don’t always have your best interests at heart.
In this video, Nate Drier, Secureworks Managing Principal Consultant, describes an engagement with a client during a penetration test and some of the discoveries they found that opened a path to compromising the entire network. The lesson learned is for organizations to ensure they are doing their due diligence when hiring vendors and to think about testing the network after major software installations or changes to ensure security integrity is upheld.
We were doing this internal pen test against this lab environment that this client had set up and they wanted to test the security of it before they rolled it out in multiple locations. All the systems were new, up to date on patching, strong passwords set, everything was looking good. The system really wasn’t around long enough to have a lot of vulnerabilities introduced in it. However, right before we tested it they had hired a software vendor to put a specific piece of software on some of these systems to facilitate the needs of the business and the software vendor needed a local user account on the windows machine to work so what they did was created a username of the name of the software they were installing and set the password to the name of the software as well and the host name was also set to the name of the software as well.
So as an attacker it was easy to enumerate that and figure out what software was running and try that as a username and password to compromise the system and use that as a lunch point to compromise the rest of the network. In the normal course of business you are going to have different vendors in your system performing different actions, they don’t always have your best interests at heart, so do your due diligence when hiring vendors and think about testing the network after they are done with it to make sure they didn’t do thinks like set default or weak passwords on systems.