Brute-force attack on its SSO service at RIPE NCC
RIPE NCC is an organization that handles the management and assignment of IPv6 and IPv4 for several parts of the world. These include the former Soviet Union, the Middle East, and many European countries. The company recently shared that there was a cyber-attack attempt made on its infrastructure. However, the attack could not be successful. It has now asked its member organizations to activate 2FA for their accounts. The organization has 20,000 organizations as its members.
What action does the organization intend to take?
The organization posted a message on its official website in February this year to share the news. The message read that its SSO or single sign-on service called RIPE NCC Access got affected in what seemed to be an intentional credential-stuffing cyber-attack. The attack also led to some downtime.
However, the agency also added that the cyber-attack could be mitigated by their people. It also intimated that while any account was not compromised after the attack, they were conducting an investigation to delve into the matter.
Further, the organization added the action they plan to take after the investigation gets over. The authorities would get in touch with the concerned account holder and inform them if the attack affected their account.
RIPE NCC was established way back in 1992. The agency is responsible for the allocation of various Internet number resources such as IPv6 addresses and IPv4 addresses, as well as, autonomous system numbers. The allocation is done for web hosting organizations, data centers, internet service providers, and telcos in Europe, Middle East, and the Africa region.
If any RIPE account has been compromised because of this cyber-attack, it can create some major issues for the account holders, as well as, RIPE. That is because any account if compromised would enable the intruders to re-assign internet resources, albeit temporarily to third parties.
Today, the popularity of IPv4 addresses has grown by leaps and bounds throughout the world. It has led to a booming black market in the last decade. The market is filled with hijacked address blocks of IPv4. These malware gangs use them to get access to address spaces of hijacked IPv4. Such actions can skirt and spam blocklists.
An investigation conducted by African Network Information Centre unraveled the hijack of IPv4 address space in 2019. It was one of the most infamous hijacks of IP address space that transferred over 4.1 million IPv4 addresses. These addresses were transferred to new owners from South African organizations.
It was in November 2019 when RIPE NCC was formally exhausted out of their IPv4 addresses. The scenario is self-explanatory why malware gangs are trying to gun for member accounts. They are hopeful to hijack existing address pools.
However, a spokesperson of RIPE NCC also clarified that they have not yet discovered any proof that their accounts have been compromised. It is imperative to point out that even though an account was compromised, the relevant Internet number resource will still not be under threat.
The spokesperson mentioned so in an email to ZDNet. It was claimed that the risk is low as there are certain other authentication layers before getting transferred to some other entities.
The agency also mentioned that people may utilize the accounts of their RIPE NCC Access for the submission of transfer requests. However, the actual transfers can be only processed after they have conducted certain additional diligence checks. Also, transfers need supporting documentation for justifying the request. These include contracts signed by the company’s authorized representatives.
What does RIPE NCC want its member organizations to do?
However, the organization still feels that due precautions should be taken at their clients’ end to be full-proof and stay safe. RIPE has now requested all its member organizations to take the required steps for enabling 2-factor authentication for the Access accounts.
Enabling so will prevent cybercriminals from getting access to such Internet resources via easy cryptographic hacking or brute force attacks. Such attacks enable a hacker to submit several passwords with the hope of finally guessing the correct combination.