LACNIC Members: Importance of Protecting Your Access Credentials

01/07/2024

By Graciela Martínez and Alfredo Verderosa

During LACNIC 41, we presented an update of the two-factor authentication (2FA) system. The goal was to stress its importance and raise awareness among LACNIC members.

Why is this cause for concern? Because we discovered that more than 574 access credentials to various LACNIC systems were for sale on different black markets.

In addition, at the beginning of this year we detected 120 successful logins by unauthorized third parties to MiLACNIC (the platform for LACNIC members) and immediately created a working group to manage the incident appropriately.

Compromised Accounts

Of the 574 compromised accounts we detected, nearly 80% were using weak or very weak passwords.

Therefore, in addition to using stronger passwords, it is essential to include another authentication factor in the authentication process.

Incorporating multiple authentication factors to verify the user’s identity adds an additional layer of security.

Consider the following best practices to protect access to your accounts:

• Don’t use the same password across different platforms
• Don’t share your credentials
• Use password managers
• Make sure to update your systems
• Only use official apps
• Keep an eye out to detect potentially compromised credentials
• Use strong passwords and implement 2FA

Our call to action? Use strong passwords and a second authentication factor.

What did LACNIC do to contain the incident?

In the case of the security incident, none of the compromised accounts were using two-factor authentication to access MiLACNIC.

Of the 120 unauthorized logins, 20 occurred in accounts used for managing resources. This means that we were at high risk of experiencing an incident similar to the one that affected Orange España (the company suffered an outage due to a compromised password).

To contain the incident, LACNIC immediately implemented several actions:

1. We blocked the compromised accounts.
2. We contacted each organization to restore access.
3. We launched an investigation into the incident and sent a message to all our members urging them to enable 2FA due to the suspicious activity.

The investigation concluded that there was no evidence of a brute force attack and that none of LACNIC’s systems had been compromised. We also concluded that the attack had been the result of compromised credentials for sale on the black market.

Why implement 2FA?

We believe the immediate activation of two-factor authentication is essential, as a security breach could affect multiple services. For example, it could lead to the creation or deletion of ROAs, modification of reverse DNS delegations, changes in geolocation data, sub-assignments, and IP transfers, among others.”

LACNIC’s Action Plan

In light of this situation, LACNIC has decided to implement an action plan.

1. First, a survey will be conducted to understand why one in five members are not using 2FA.
2. If the survey doesn’t identify any justified impediments, we will proceed to implement a phased mandatory implementation plan. In the first phase, 2FA will become mandatory for Large members, followed by Medium and Small members in a second phase.
3. In parallel, we are working to systematize alerts when we detect that user passwords are for sale on the black market.

We invite you to watch a two-minute video explaining how easy it is to enable two-factor authentication.

Finally, we would like to ask you to inform your organizations about this situation and collaborate in raising awareness. It is important that we protect our access credentials, especially when managing valuable information assets for our organizations.