October 25, 2016 By Douglas Bonderud 2 min read

Cybercriminals prefer the easy way in, like a server with default username/password combinations or a software flaw. In the case of the Guilford County, North Carolina Emergency Medical Services (EMS) Department, the open Rsync server that manages system updates opened the door for malicious actors.

As noted by CSO Online, security researcher Chris Vickery discovered the publicly accessible system. While the county moved quickly to address the obvious threat, a clean bill of technology health may require more in-depth treatment.

Open Rsync Servers Put Lives at Risk

It all started when Vickery went looking for exposed Rsync servers. He found quite a few. Despite the prevalence of threats and compromised systems, many companies don’t recognize the risk of leaving Rsync servers out in the open.

In the case of Guilford County, Vickery assumed he’d run across an enterprise backup server until he found the administrator password. He discovered that he could both access local EMS services individually and prompt users to perform system updates while using in-vehicle computer systems.

While the county quickly changed admin passwords and pulled the server from public view, a statement noted that the system was only used to update files and stored no other information. In addition, the county said no unauthorized personnel had accessed the Rsync server.

Two problems crop up here: First, Vickery accessed the server without authorization, meaning there should be some record of his interaction with the EMS systems.

More importantly, however, is the second issue of system updating. If cybercriminals could gain admin access and prompt a fake update, it’s hardly a stretch of imagination to assume they could also craft a set of malicious files to upload in place of legitimate system patches. The potential results range from stolen personal data to a complete crash of the EMS system, putting more than 500,000 Guilford County lives at risk.

Emergency Response

As Vickery noted, companies don’t willfully expose critical data or systems but may sacrifice security because IT teams are overworked and underfunded. Anything goes, from using free antivirus software to leaving noncritical servers on public connections, so long as organizations can still conduct day-to-day operations.

The Guilford County open Rsync issue isn’t just a one-time thing. As noted by MSP Mentor, a recent “botched” server installation exposed 31,800 private health records to the public when default settings weren’t changed during deployment, forcing a health care provider to shell out over $2 million for violating the Health Insurance Portability and Accountability Act (HIPAA).

Other concerns for enterprises include publicly accessible remote desktop protocol (RDP) servers, which can be compromised to install malicious Trojan software and collect high-value corporate data.

The treatment plan here is improved server best practices. No matter the industry or the purpose, servers should always be pulled off the public grid and have default settings, usernames and passwords changed.

Cybercriminals have proven repeatedly that theoretically unimportant or trivial server functions can be used as initial compromise points and leveraged to gain access. Publicly accessible means potentially compromised. Stay out of harm’s way by keeping servers out of sight.

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today