Discarded enterprise routers that are not properly wiped can store secrets that are valuable to malicious hackers, according to a cybersecurity firm. In an analysis, ESET found that out of 18 secondhand routers from Cisco, Fortinet, and Juniper Networks, only five had been properly wiped, while nine contained complete configuration data. By examining the data, ESET was able to identify the previous owners, including a multinational tech company and a telecoms firm. The exposed information on these routers included credentials, customer data, router-to-router authentication keys, and connection details. ESET warned that this information could be exploited by threat actors to target the original owners. Additionally, the routers revealed security configuration details, exposing the overall security level of the organizations. ESET attempted to inform the previous owners, but three organizations ignored the warnings. ESET’s report provides recommendations for securely disposing of routers.
| Signal | Change | 10y horizon | Driving force |
|---|---|---|---|
| Discarded enterprise routers store useful secrets | Proper wiping of routers | More secure disposal methods | Lack of awareness and negligence |
| Easily accessible corporate information | Increased risk of cyber attacks | Better protection of sensitive data | Lack of proper security measures |
| Exposed network information | Easier impersonation of network hosts | Enhanced network authentication | Lack of awareness and negligence |
| Inferred security levels | Increased vulnerability to attacks | Improved security configurations | Lack of awareness and negligence |
| Disposal services not taking proper action | Lack of response from organizations | Greater awareness and accountability | Lack of awareness and negligence |
| Recommendations for secure disposal | Implementation of secure disposal practices | Standardized disposal guidelines | Need for better security practices and awareness |
| Exploitation of old router vulnerabilities | Increased risk of router hacking | Improved router security | Exploitable vulnerabilities in old routers |
| Vulnerabilities in industrial routers | Increased risk to industrial OT networks | Enhanced security measures for routers | Lack of security measures in industrial routers |