Orange España Mobile Outage
Spanish mobile carrier Orange España has acknowledged that it experienced an outage earlier this week. The incident was caused by a threat actor accessing Orange’s RIPE Network Coordination Center account using a weak password. RIPE, or Réseaux IP Européens, is “the Regional Internet Registry for Europe, the Middle East, and Central Asia.”
According to some reports, the RIPE account used by Orange did not use MFA. At this point, it is inexcusable for a critical infrastructure account like this to not be protected by multi factor authentication. Even highly qualified network engineers may succumb to malware.
This incident highlights the tug between operations management and cybersecurity. From an operations perspective, workflow accounts are often shared and have simple passwords associated with the login. From a security perspective, accountability is important and is reflected in individual accounts with unique passwords. From a risk perspective, better to err on the side of security, especially when it comes to password complexity.
While most popular enterprises offer strong authentication options to their customers and users, for perception of cost and inconvenience, many fail to use this essential measure internally, even, as in this case, for privileged users. Make the implementation of strong authentication a high priority for 2024.
William Hugh Murray
Read more in
Bleeping Computer: Hacker hijacks Orange Spain RIPE account to cause BGP havoc