October 25, 2016 By Douglas Bonderud 2 min read

Cybercriminals prefer the easy way in, like a server with default username/password combinations or a software flaw. In the case of the Guilford County, North Carolina Emergency Medical Services (EMS) Department, the open Rsync server that manages system updates opened the door for malicious actors.

As noted by CSO Online, security researcher Chris Vickery discovered the publicly accessible system. While the county moved quickly to address the obvious threat, a clean bill of technology health may require more in-depth treatment.

Open Rsync Servers Put Lives at Risk

It all started when Vickery went looking for exposed Rsync servers. He found quite a few. Despite the prevalence of threats and compromised systems, many companies don’t recognize the risk of leaving Rsync servers out in the open.

In the case of Guilford County, Vickery assumed he’d run across an enterprise backup server until he found the administrator password. He discovered that he could both access local EMS services individually and prompt users to perform system updates while using in-vehicle computer systems.

While the county quickly changed admin passwords and pulled the server from public view, a statement noted that the system was only used to update files and stored no other information. In addition, the county said no unauthorized personnel had accessed the Rsync server.

Two problems crop up here: First, Vickery accessed the server without authorization, meaning there should be some record of his interaction with the EMS systems.

More importantly, however, is the second issue of system updating. If cybercriminals could gain admin access and prompt a fake update, it’s hardly a stretch of imagination to assume they could also craft a set of malicious files to upload in place of legitimate system patches. The potential results range from stolen personal data to a complete crash of the EMS system, putting more than 500,000 Guilford County lives at risk.

Emergency Response

As Vickery noted, companies don’t willfully expose critical data or systems but may sacrifice security because IT teams are overworked and underfunded. Anything goes, from using free antivirus software to leaving noncritical servers on public connections, so long as organizations can still conduct day-to-day operations.

The Guilford County open Rsync issue isn’t just a one-time thing. As noted by MSP Mentor, a recent “botched” server installation exposed 31,800 private health records to the public when default settings weren’t changed during deployment, forcing a health care provider to shell out over $2 million for violating the Health Insurance Portability and Accountability Act (HIPAA).

Other concerns for enterprises include publicly accessible remote desktop protocol (RDP) servers, which can be compromised to install malicious Trojan software and collect high-value corporate data.

The treatment plan here is improved server best practices. No matter the industry or the purpose, servers should always be pulled off the public grid and have default settings, usernames and passwords changed.

Cybercriminals have proven repeatedly that theoretically unimportant or trivial server functions can be used as initial compromise points and leveraged to gain access. Publicly accessible means potentially compromised. Stay out of harm’s way by keeping servers out of sight.

More from

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Cybersecurity Awareness Month: 5 new AI skills cyber pros need

4 min read - The rapid integration of artificial intelligence (AI) across industries, including cybersecurity, has sparked a sense of urgency among professionals. As organizations increasingly adopt AI tools to bolster security defenses, cyber professionals now face a pivotal question: What new skills do I need to stay relevant?October is Cybersecurity Awareness Month, which makes it the perfect time to address this pressing issue. With AI transforming threat detection, prevention and response, what better moment to explore the essential skills professionals might require?Whether you're…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today