The target: The U.S based Fermilab Physics Laboratory
The take: Exposure of databases containing proprietary documents, project names, configuration files, passwords, and personality identifiable information such as employee names and emails.
The attack vector: Security researchers found wide open ports in Fermilab’s systems and were able to use these unprotected points of access to gain access to their IT ticketing support system and file transfer service. This led to further exposures of employee name and titles, as well as many sensitive documents attached to individual help tickets. Fermilab’s file transferring service was also online with no password protection.
This breach highlights the importance of credential management and thorough testing of points of access in a firm’s IT systems. All entry points should be secured through robust password controls, using the appropriate length and complexity, along with proper management and monitoring.