$10 routers led to multi-million dollar attack

Here’s an important reminder to never skimp on hardware.

An Indian bank recently lost $81 million to a cyberattack. The Bangladesh Bank heist could’ve been much worse, too: The attackers were actually trying to siphon off $951 million from its account at the Federal Reserve, but only (only) $81 million was successfully stolen.

A subsequent investigation discovered something interesting, however. This bank didn’t have a firewall and was using second-hand, $10 routers on its networks.

That, obviously, isn’t ideal. Not only did it pose potential security risks, it’s also made it very difficult to conduct post-incident investigations according to sources.

Don’t forget about hardware

With the cloud replacing so much in-house hardware, some companies are starting to forget what it used to be like to have to make huge investments in acquiring and replacing hardware. And while most aren’t going out to buy $10 second-hand equipment, it’s still important to remember not all hardware is equally secure.

Make sure whichever equipment you purchase will continue to get firmware updates and support. Hardware manufacturers are notoriously bad and regular patches and often have built-in passwords or other security shortcomings.

In short, if you’re going to cut costs with hardware, just be ready to have other protections in place and make sure the equipment still meets your security requirements.