October 25, 2016 By Douglas Bonderud 2 min read

Cybercriminals prefer the easy way in, like a server with default username/password combinations or a software flaw. In the case of the Guilford County, North Carolina Emergency Medical Services (EMS) Department, the open Rsync server that manages system updates opened the door for malicious actors.

As noted by CSO Online, security researcher Chris Vickery discovered the publicly accessible system. While the county moved quickly to address the obvious threat, a clean bill of technology health may require more in-depth treatment.

Open Rsync Servers Put Lives at Risk

It all started when Vickery went looking for exposed Rsync servers. He found quite a few. Despite the prevalence of threats and compromised systems, many companies don’t recognize the risk of leaving Rsync servers out in the open.

In the case of Guilford County, Vickery assumed he’d run across an enterprise backup server until he found the administrator password. He discovered that he could both access local EMS services individually and prompt users to perform system updates while using in-vehicle computer systems.

While the county quickly changed admin passwords and pulled the server from public view, a statement noted that the system was only used to update files and stored no other information. In addition, the county said no unauthorized personnel had accessed the Rsync server.

Two problems crop up here: First, Vickery accessed the server without authorization, meaning there should be some record of his interaction with the EMS systems.

More importantly, however, is the second issue of system updating. If cybercriminals could gain admin access and prompt a fake update, it’s hardly a stretch of imagination to assume they could also craft a set of malicious files to upload in place of legitimate system patches. The potential results range from stolen personal data to a complete crash of the EMS system, putting more than 500,000 Guilford County lives at risk.

Emergency Response

As Vickery noted, companies don’t willfully expose critical data or systems but may sacrifice security because IT teams are overworked and underfunded. Anything goes, from using free antivirus software to leaving noncritical servers on public connections, so long as organizations can still conduct day-to-day operations.

The Guilford County open Rsync issue isn’t just a one-time thing. As noted by MSP Mentor, a recent “botched” server installation exposed 31,800 private health records to the public when default settings weren’t changed during deployment, forcing a health care provider to shell out over $2 million for violating the Health Insurance Portability and Accountability Act (HIPAA).

Other concerns for enterprises include publicly accessible remote desktop protocol (RDP) servers, which can be compromised to install malicious Trojan software and collect high-value corporate data.

The treatment plan here is improved server best practices. No matter the industry or the purpose, servers should always be pulled off the public grid and have default settings, usernames and passwords changed.

Cybercriminals have proven repeatedly that theoretically unimportant or trivial server functions can be used as initial compromise points and leveraged to gain access. Publicly accessible means potentially compromised. Stay out of harm’s way by keeping servers out of sight.

More from

Ransomware payouts hit all-time high, but that’s not the whole story

3 min read - Ransomware payments hit an all-time high of $1.1 billion in 2023, following a steep drop in total payouts in 2022. Some factors that may have contributed to the decline in 2022 were the Ukraine conflict, fewer victims paying ransoms and cyber group takedowns by legal authorities.In 2023, however, ransomware payouts came roaring back to set a new all-time record. During 2023, nefarious actors targeted high-profile institutions and critical infrastructure, including hospitals, schools and government agencies.Still, it’s not all roses for…

What should an AI ethics governance framework look like?

4 min read - While the race to achieve generative AI intensifies, the ethical debate surrounding the technology also continues to heat up. And the stakes keep getting higher.As per Gartner, “Organizations are responsible for ensuring that AI projects they develop, deploy or use do not have negative ethical consequences.” Meanwhile, 79% of executives say AI ethics is important to their enterprise-wide AI approach, but less than 25% have operationalized ethics governance principles.AI is also high on the list of United States government concerns.…

Hive0051 goes all in with a triple threat

13 min read - As of April 2024, IBM X-Force is tracking new waves of Russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) activity featuring new iterations of Gamma malware first observed in November 2023. These discoveries follow late October 2023 findings, detailing Hive0051's use of a novel multi-channel method of rapidly rotating C2 infrastructure (DNS Fluxing) to deliver new Gamma malware variants, facilitating more than a thousand infections in a single day. An examination of a sample of the lures associated with the ongoing activity reveals…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today