Yesterday, we were hit with alarming news: yet another company has fallen victim to a breach, adding to the growing list of casualties. But this, like other major breaches, isn't just a problem for big businesses. The significance of this revelation cannot be overstated. It's imperative that we sound the alarm to caution small businesses about the dire consequences of such breaches on their security.
What Does Dell Say About The Breach?
The following is a statement from Dell, “The information involved does not include financial or payment information, email addresses, telephone numbers or any highly sensitive customer information,” yet in the same statement they say, “At this time, our investigation indicates limited customer information was accessed: Name, Physical Address, Dell Hardware and order information, including service tag, item description, date of order, and related warranty information.” YES…..Service Tag!
How Does This Affect Your Business?
So, what does this mean? If you are a business owner and you are not being PROACTIVELY Managed, I hope you find this and act on it ASAP! Let's break it down. Imagine you've invested in a Dell PowerEdge server, a hefty $8-$20K + investment, to manage critical aspects of your company like a Domain Controller, Web Server, File Server, etc. - all containing company wide, sensitive data and trade secrets. Now, here's where it gets tricky. Since these environments can't all run on one server, IT companies typically create virtual machines (VMs), essentially multiple servers within one physical server. These VMs handle various tasks like running your email server and hosting applications (like Quickbooks), with some even providing remote access via Remote Desktop Protocol (RDP) servers. Now, here's the kicker: RDP servers often have ports 3389 and 3390 wide open, making them vulnerable targets for hackers when they get their hands on your server's Service Tag. These represent high-risk targets for your business, enabling criminals to advance one step closer to crippling your business operations. They initiate automated scans to hunt for these open ports and launch attacks such as brute force to exploit vulnerabilities.
Another takeaway related to the information that Dell released is to convey how easily hackers can exploit a server. Dell offers a Support Assist portal, enabling remote deployment of drivers. Dell's service makes it simple to grant them remote access, depending on your service or warranty plans. Currently, bypassing Dell's gatekeeper isn't challenging—just call them, provide the information that Dell said was exposed and available on their warranty site. The Hackers will also have access to the express code at this point.
What Actions Can I Take?
So, if you received an email from Dell about this Breach, it is up to you as a business to take the next steps to proactively manage your risk. Close the GAPS! Update your BIOS, change standardized passwords to iDRAC, and delete inactive usernames. Look out for Phishing Emails that seem like they are coming from DELL. Be very cautious and do not click on any links. Do not fall victim to Business Email Compromise.
This problem will have a cascade of downstream effects. Do not sit around and wait for solutions, take action. This breach exposes yet another major vulnerability that hackers have used to add to their income stream. If you do not have a provider to turn to, Ciprian IT will help you plan accordingly to address your security issues. We help small businesses manage their risk and help reduce downtime and increase efficiency. Proactive Management is key to addressing these issues before they arise so you have a plan for when you are affected by a Breach, even when it originates from a vendor. Stay Informed and look for updates as we post about this major event.
Comments