The target: Gunnebo, a Swedish-based security firm.
The take: 38,000 sensitive company documents including: schematics of client bank vaults and surveillance systems, blueprints for monitoring and alarm equipment, and security function of Automatic Teller machines.
The attack vector: Compromised credentials to an employee’s Remote Desktop Protocol account which had a password of ‘password01’. While the confirmation of this particular RDP account’s role in the attack is unverified, security researchers highlight the extremely poor password hygiene here and infer this practice is likely widespread within the firm.
The breach highlights the critical important of robust password polices. Length, complexity, and aging standards for every company account are invaluable to preventing credential compromise.