Millions of internet users are at risk after login credentials for RIPE NCC accounts, crucial for routing internet traffic, were discovered for sale on the dark web. This alarming development exposes critical network infrastructure to potential sabotage and disruption.
Resecurity, a cybersecurity firm, identified 716 compromised RIPE NCC accounts during a monitoring exercise in Q1 2024. Stolen credentials for network engineers and other victims from various organizations, including a scientific research institute, an ICT technology provider, and a government agency, were found among the leaked data.
The attack involved well-known password stealers like Redline, Vidar, and Azorult, compromising a total of 1,572 accounts across RIPE NCC and other regional networks like APNIC, AFRINIC, and LACNIC. This raises concerns about the widespread vulnerability of network infrastructure due to weak password security practices.
RIPE NCC is taking steps to address the leak, including notifying affected individuals and recommending password resets. However, experts emphasize the importance of proactive measures like multi-factor authentication and security awareness training to prevent future breaches.
