Orange Spain Internet access hit by cyber attack

8 January, 2024 | Miscelanea

In a recent incident (last 3rd January), Orange Spain encountered a significant internet outage due to a cyberattack that targeted the company’s RIPE account. The threat actor, identified as ‘Snow,’ exploited vulnerabilities to misconfigure Border Gateway Protocol (BGP) routing and Resource Public Key Infrastructure (RPKI) settings, illustrating the importance of robust cybersecurity measures.

Understanding BGP and RPKI

The backbone of internet traffic routing is the Border Gateway Protocol (BGP), enabling organizations to associate IP addresses with autonomous system (AS) numbers and communicate with other routers, or peers. However, when a malicious entity manipulates BGP advertisements by associating IP ranges with unauthorized AS numbers, it can redirect traffic to potentially harmful destinations. BGP relies on trust, allowing the shortest and most specific route to dictate the routing table.

To mitigate such risks, the industry introduced Resource Public Key Infrastructure (RPKI), a cryptographic solution that verifies BGP route announcements. RPKI ensures that only authorized routers under a network’s control can advertise AS numbers and their corresponding IP addresses, bolstering security against BGP hijacking.

Hacker Exploits RIPE Account

In this instance, the threat actor ‘Snow’ targeted Orange Spain by breaching its RIPE account. The attacker successfully modified the AS number associated with the company’s IP addresses and implemented an invalid RPKI configuration. By announcing the IP addresses on an unauthorized AS number and enabling faulty RPKI, the hacker disrupted the proper announcement of these IP addresses on the internet, causing a performance issue for Orange Spain’s network of almost 2 hours.

Orange Spain’s Response

Upon discovering the breach, Orange Spain acknowledged the compromise of its RIPE account and promptly took steps to restore services. The company confirmed that customer data remained secure, emphasizing that the incident only affected the navigation of certain services.

The Lack of Two-Factor Authentication

While Orange Spain did not disclose the specifics of the RIPE account breach, it is speculated that the absence of two-factor authentication (2FA) might have contributed to the unauthorized access. The threat actor, ‘Snow,’ hinted at this vulnerability by sharing a screenshot on Twitter, revealing the compromised account’s email address.

The Importance of Two-Factor Authentication

In today’s threat landscape, information-stealing malware poses a significant risk to enterprises. Threat actors often acquire stolen credentials from cybercrime marketplaces to facilitate network breaches, data theft, cyber espionage, and ransomware attacks. To mitigate such risks, all accounts, especially those with sensitive information, should have two-factor or multi-factor authentication (MFA) enabled. This additional layer of security ensures that even if credentials are compromised, attackers cannot gain unauthorized access.

Orange Spain’s recent ordeal serves as a stark reminder of the critical role cybersecurity plays in maintaining the integrity of internet services. As organizations increasingly rely on digital platforms, implementing robust security measures, including 2FA and adherence to protocols like RPKI, becomes imperative. By learning from such incidents, the industry can collectively strengthen its defenses against evolving cyber threats.

Enabling MFA in your organization

Reliable implementation of Multi-Factor Authentication (MFA) becomes seamless with sophisticated Load Balancers and Application Delivery Controllers like RELIANOID. These advanced systems facilitate effortless integration with Active Directory, Radius, LDAP, or a combination of these, thereby establishing a more robust and secure authorization framework. Enabling MFA in your organization is made simple when consulting with experts well-versed in the capabilities of such advanced solutions.

Enjoy the Site Reliability Experience with RELIANOID!

SHARE ON:

Related Blogs

Posted by reluser | 18 December 2024
As we near the end of the year, I find myself reflecting on all that 2024 has brought for us at RELIANOID. It has truly been a remarkable journey, filled…
12 LikesComments Off on Looking Back on an Incredible 2024 at RELIANOID
Posted by reluser | 17 December 2024
With the increasing reliance on digital operations and the rise in cyber threats, it has never been more crucial for organizations to build a resilient infrastructure. The Digital Operational Resilience…
17 LikesComments Off on Why Compliance with the Digital Operational Resilience Act (DORA) is Essential for Businesses
Posted by reluser | 11 December 2024
Ticketmaster's parent company, Live Nation, has confirmed "unauthorised activity" in its database after hackers claimed to have stolen personal details of 560 million customers. The hacker group ShinyHunters says the…
33 LikesComments Off on Data breaches faced by the Entertainment Industry