Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label IoT. Show all posts
Waterfall Security
Data Breach Data Theft IoT IT OT Ransomware Waterfall Security

Rise of Hacktivist Groups Targeting OT Systems

Recent research from Waterfall Security Solutions has revealed important insights into the changing nature of cyberattacks on Operational Technology (OT) organizations. One key finding is the rise of hacktivist groups as major players in targeting OT systems. 

Additionally, the study emphasizes that most disruptions in OT environments do not occur directly through manipulation of OT systems but rather as a result of IT-based attacks, particularly ransomware incidents. In simpler terms, hackers are increasingly using ransomware to disrupt OT operations, and these disruptions are causing significant problems for OT organizations. 

Let’s Understand Operational Technology 

Operational Technology (OT) involves using both hardware and software to control industrial equipment, focusing on how it interacts with the physical world. This includes systems like programmable logic controllers (PLCs), distributed control systems (DCSs), and supervisory control and data acquisition (SCADA) systems. 

OT environments are responsible for overseeing and managing real-world processes in industries like manufacturing, energy, healthcare, building management, and environmental systems. 

Differences Between OT, IT, and IOT 

The blending of Operational Technology (OT) and Information Technology (IT) is changing industries in the era of the Internet of Things (IoT). OT deals with managing physical equipment, while IT deals with data systems. IoT connects ordinary objects to the internet, allowing smooth communication and automation. This merging presents fresh chances for making processes more efficient and fostering innovation in various fields. 

Following the report, it highlights a worrying trend a nearly 20% rise in cyberattacks causing physical consequences. 

As per report, last year, cyber incidents inflicted hefty financial blows on companies like Johnson Controls and Clorox, racking up costs of approximately $27 million and $49 million, respectively. In Massachusetts, MKS Instruments faced a staggering $200 million loss due to a cyberattack that halted its operations temporarily. Moreover, its supplier, Applied Materials Inc. based in California, reported an additional loss of $250 million stemming from the same incident. 

Further it reveals that only about 25% of cyberattacks cause problems for operational technology (OT) but instead compromise other parts of the network infrastructure directly. Various attacks happen by compromising machines in the IT network. 

Andrew Ginter, from Waterfall, explains that companies often shut down their OT systems as a precaution when there is a risk of nearby compromised processes. For example, Hahn Group GmbH turned off its systems after an attack last March, leading to weeks of recovery work. Similarly, UK Royal Mail had printers hijacked to print ransom notes, resulting in nationwide mail export suspensions and £42 million in losses. 

Furthermore, Ginter points out if there is a problem with the IT network, it can affect the OT network and vice versa, potentially leading to disruptions in physical operations that rely on these networks.
Read more »
Technology
Cyber Threats Risk Cyberattacks CyberCrime Device Security Hackers Hacking Rises Internet IoT Operatinoal Technology Technology

Unveiling the Underbelly of IoT: An In-Depth Analysis of Hacking Risks

 


In terms of versatility, the Internet of Things (IoT) is a technology that is easily one of the most versatile technologies in the world today. In the era of the internet, the network connection capacity is increasing and the number and diversity of connected devices are enabling the IoT to be scaled and adapted to meet the changing needs of the user. Among the industries the Internet of Things (IoT) has revolutionized are several sectors such as food production, manufacturing, finance, healthcare, and energy. 

Furthermore, it has led to the development of smart buildings, homes, and even cities at the same time. Generally, IoT attacks are malicious attempts to exploit vulnerabilities in devices connected to the internet, for example, smart homes, industrial control systems, and medical devices. There is a possibility that hackers may gain control of the device, steal sensitive information from it, or use the device as part of a botnet to accomplish other malicious acts. 

The term "IoT hacking" is frequently used by researchers to describe the process of removing gadgets, examining their software, and learning how they work. However, there are more challenges involved with IoT hacking than just technical ones. Cyber threats are evolving to reveal a world of virtual battles that go on behind the scenes. Hackers are increasingly targeting IoT (Internet of Things) and OT (Operational Technology) systems, which are extremely important for the future. 

In addition to tech gadgets, they are also the foundation for many services that keep us running in our society and economy. Hackers are not just messing with machines when they target these systems, they are threatening the very services that nations rely on every day. IoT devices can introduce several new and preventable attack vectors when not properly secured. Researchers who work in cybersecurity keep showing that critical systems are being attacked more frequently than they realize.

The risks are not that complicated to identify and understand, for example, operating systems that are not patched or insecure passwords that make it easy for brute force attackers to find them. A security team must take into account both simple and complex risk factors specific to the world of IoT to manage the operational reliance on these devices in virtually every industry. There are a few security risks and attacks associated with IoT that people should be aware of. 

Botnets 

Since IoT devices have no built-in security mechanisms, they are particularly vulnerable to malware attacks compared to more advanced machines and computers that have these security mechanisms. In general, they are machines that are primarily focused on functionality, which means they usually do not provide the same level of storage space or processing power that computers offer. In light of this, attackers tend to view IoT devices as a low-hanging fruit attack vector that they can easily attack. 

IoT devices should be secured properly to protect them from botnets, and to prevent them from getting into the wrong hands. Companies must keep a plan in place to detect and respond to DDoS attacks, as well as to change default passwords, keep firmware up to date, and limit access to the device. 

Ransomware 

While IoT devices do not typically store valuable data locally, that doesn’t mean they are immune to ransomware attacks. Instead of threatening an organization with a ransom payment, ransomware attacks on IoT devices usually disable their core functionality instead of stealing information. Possibly the best way to accomplish that is to shut down the operation of an industrial device, without which fundamental business operations would not be possible, or to stop the recording of the feed being monitored by a camera or microphone. 

Several security flaws in IoT devices can affect companies. One of the researchers' keen-eyed researchers discovered that a big security hole existed in a popular broadcasting device that sent audio over the internet. It's important to note that the researchers did the right thing, and notified the device manufacturer that the problem was caused by an OS Command Injection, which is a serious issue because hackers can take control of a device by doing so. This was done by researchers who did the right thing since it was an OS Command Injection. 

There was a problem with the software on the device, and they were trying to fix it by updating it so that someone from the outside would not be able to exploit it anymore. Companies often take quick measures to fix security gaps when they find out about them. The problems these companies have faced are similar to putting band-aids on a wound without actually treating it. 

Many people have witnessed how a company patched a device so that it looked safe from the outside, but the same problems were still there once people got inside. In some cases, fixes do not solve the problem. They just hide it and do not take care of it. As a result, it is as if one locks the front door and leaves the back door wide open at the same time. 

In today's digital world, ensuring the safety of the IoT world cannot be done by one individual. For this to work, it needs to be a team effort between the manufacturers, security experts, and even the government itself. The biggest priorities should be setting strict security rules, being open about the problems they find, and helping all of the people in the organization understand how they can be protected. 

As people move through the tricky territory of this online and offline world, they must do a lot more to look after the two worlds simultaneously to get the best outcome. To make sure that their connected devices are protected and managed effectively, they must be proactive and take an all-in approach.
Read more »
Vulnerabilities
connected gadgets Cyber Security Cyber Threats Data Privacy IoT Network Security Remote Work Risks Smart Devices Vulnerabilities

Unveiling the Unseen Cybersecurity Threats Posed by Smart Devices

 

The number of smart devices worldwide has surpassed the global population, with a continuous upward trend, particularly amidst remote and hybrid work settings. Ranjit Atwal, Gartner's senior research director, attributes this surge to the increase in remote work. As work mobility grows, the demand for connected devices like 4G/5G laptops rises, crucial for employees to work from anywhere.

Smart devices encompass gadgets connecting to the internet, like smart bulbs, speakers (e.g., Amazon's Alexa), and wearables such as the Apple Watch. They collect data, enhancing user experience but also pose security risks exploited by cybercriminals. Surprisingly, consumers often overlook security when purchasing smart devices, as shown by Blackberry's research.

In response, the European Union proposed the "Cyber Resilience Act" to enforce cybersecurity standards for all connected devices. Failure to comply may result in hefty fines. Margrethe Vestager from the European Commission emphasizes the need for market products to meet robust cybersecurity measures, likening it to trusting CE-marked toys or fridges.

Security vulnerabilities in smart devices pose threats, as seen in TP-Link's smart lightbulb. Exploiting these vulnerabilities could grant hackers access to networks, risking data and enabling potential malware deployment. Even smart homes face numerous entry points for hackers, as illustrated by investigations conducted by Which?, showcasing thousands of hacking attempts in a week.

Mirai botnet targets smart devices, using brute-force attacks to gain access via weak passwords. In a concerning case, a Google Home speaker was turned into a wiretap due to vulnerabilities, highlighting the potential risks associated with unsecured devices.

Securing home networks becomes paramount. Strategies include:

1. Purposeful Device Selection: Opt for devices that suit your needs, avoiding unnecessary interconnected gadgets.
2. Router Security: Update router settings, change default passwords, and enable automatic firmware updates.
3. Password Management:Use password managers to create strong and unique passwords for each account.
4. Multi-Factor Authentication (MFA): Employ MFA to add layers of verification during logins.
5. Wi-Fi Network Segmentation: Create separate networks for different devices to isolate potential threats.
6. Virtual Private Networks (VPNs):Invest in VPNs to encrypt online activities and protect against cyber threats on unsecured networks.

Implementing these measures strengthens overall cybersecurity, safeguarding personal data and devices from potential breaches and threats.
Read more »
Unauthorized access
Data Breach Data Privacy Digital Tokens IoT Personal Data Unauthorized access

Preserving Consumer Trust Through Data Privacy

Data privacy emerges as a crucial cornerstone in preserving consumer trust in today's digitally driven environment when connected devices and seamless online experiences have become the standard. As data-driven technologies proliferate quickly, strict security controls are required to protect sensitive data, preserving customer privacy and maintaining their steadfast trust.

The rise of the internet of things (IoT) and the interconnectedness it brings have transformed the way we live, work, and interact. From smart homes to wearable devices, our daily lives are increasingly entwined with technology that collects and processes personal data. However, this convenience comes with the inherent risk of data breaches and unauthorized access. A breach not only compromises individual privacy but erodes the trust that consumers place in companies handling their information.

As highlighted in Shama Hyder's Inc. article, "Data Privacy Is Key to Upholding Consumer Trust in the Connected World," businesses must prioritize data privacy to foster trust. Establishing stringent protocols and embracing technologies like tokenization, as exemplified by Dwolla's Secure Exchange Solution, can bolster security. Tokenization replaces sensitive data with unique tokens, rendering the original information unreadable to unauthorized users. This practice minimizes the potential fallout of a breach while still allowing seamless transactions and interactions.

The importance of data privacy becomes particularly pronounced when considering fields like genomics. Genomic Data Science, as explained by the National Human Genome Research Institute, holds vast potential for personalized medicine and scientific breakthroughs. However, it entails handling highly sensitive genetic information. Without robust data privacy measures, individuals might be reluctant to contribute their data, hindering the progress of research that could benefit society.

Consumers are increasingly aware of the value of their personal data, making data privacy a pivotal factor in their decision-making. Companies that prioritize privacy cultivate an environment of trust and transparency. Transparent privacy policies, user-friendly data control options, and regular communication about security practices all contribute to an atmosphere where consumers feel valued and protected.

The foundation of customer trust in a connected world is data privacy. IoT, genomics, and other data-driven technologies must balance comprehensive privacy protections with seamless functionality. A privacy-centered approach must include tokenization, open procedures, and constant communication regarding security. Businesses that support data privacy show their dedication to both innovation and the defense of individual rights as we navigate the dynamic digital age. Companies create the way for a future where technology and security go hand in hand by maintaining consumer trust through unshakable data privacy.


Read more »
Vulnerabilities and Exploits.
IoT Mirai botnet Palo Alto Networks' Unit 42 Remote Code Execution Vulnerabilities and Exploits.

Industrial Solar Panels Face Critical RCE Bugs

Several critical Remote Code Execution (RCE) vulnerabilities have recently emerged, posing a significant threat to industrial solar panels and potentially endangering grid systems. These vulnerabilities, if exploited, could have severe consequences for energy organizations and their critical infrastructure. Security experts are raising alarms and urging immediate attention to address these vulnerabilities before they can be exploited by malicious actors.

The discovery of these critical vulnerabilities has prompted concern among industry experts. One of the primary sources of information on this issue comes from a report by Dark Reading, a leading cybersecurity news platform, which highlights the severity of the situation. According to the report, three critical RCE bugs have been identified that specifically target industrial solar panels. These bugs, if successfully exploited, could allow attackers to gain unauthorized access and control over the panels, potentially leading to widespread disruption of the power grid.

The vulnerabilities have caught the attention of prominent cybersecurity research organizations, such as Palo Alto Networks' Unit 42. In their analysis, they mention the emergence of a new variant of the infamous Mirai botnet that specifically targets Internet of Things (IoT) devices, including solar panels. This variant utilizes known exploits, including those related to the identified RCE bugs, to compromise vulnerable systems and recruit them into its network of compromised devices.

The implications of these vulnerabilities are far-reaching. SolarView, a company that specializes in monitoring and managing solar energy systems, acknowledged the existence of RCE vulnerabilities in their product. They have promptly taken action to address the issue and have released patches to mitigate the risks. In an official blog post, SolarView emphasizes the importance of promptly applying these updates to protect against potential attacks.

Energy organizations and critical infrastructure providers must recognize the gravity of these vulnerabilities. According to a report from GreyNoise Intelligence, the cyber threat intelligence company, the impact of these RCE bugs extends beyond SolarView systems, potentially affecting other industrial solar panel solutions as well. The report urges heightened vigilance and emphasizes the importance of sharing intelligence to protect against attacks that exploit these vulnerabilities.

The severity of these vulnerabilities and their potential impact on critical infrastructure has prompted industry experts to issue warnings and urge organizations to prioritize vulnerability management. As Ryan Olson, Vice President of Threat Intelligence at Palo Alto Networks, stated, "Energy organizations must remain vigilant and take immediate steps to identify and patch any vulnerable solar panels to prevent potential attacks."

Grid systems and energy companies are seriously at risk due to the appearance of three key RCE viruses that target industrial solar panels. Companies must act quickly to patch these vulnerabilities and implement effective vulnerability management procedures. Organizations can protect their crucial infrastructure and reduce the risks brought on by these exploitable vulnerabilities by taking proactive measures.
Read more »
Technology
Cloud Devices IoT online threats Remote Work Technology

Remote Work and the Cloud Create Various Endpoint Security Challenges

At the recent Syxsense Synergy event, cybersecurity experts delved into the ever-evolving challenges faced by security and endpoint management. With the increasing complexity of cloud technologies, advancements in the Internet of Things, and the widespread adoption of remote work, the landscape of cybersecurity has become more intricate than ever before. 

These experts shed light on the pressing issues surrounding this field. Based on a survey conducted by the Enterprise Strategy Group (ESG), it has been discovered that the average user presently possesses approximately seven devices for both personal and office use. 

Moreover, the ESG survey revealed a notable connection between the number of security and endpoint management tools employed within an enterprise and the frequency of breaches experienced. Among the organizations surveyed, 6% utilized fewer than five tools, while 27% employed 5 to 10 tools. 33% of organizations employed 11 to 15 tools, whereas the remaining organizations implemented more than 15 tools to manage their security and endpoints. 

Understand the concept of Endpoints and why their security is important while working remotely?

Endpoints encompass various physical devices that establish connections with computer networks, facilitating the exchange of information. These devices span a wide range, including mobile devices, desktop computers, virtual machines, embedded devices, and servers. 

Additionally, endpoints extend to Internet-of-Things (IoT) devices such as cameras, lighting systems, refrigerators, security systems, smart speakers, and thermostats. When a device establishes a network connection, the transmission of information between the device, such as a laptop, and the network can be linked to a conversation taking place between two individuals over a phone call. 

Endpoints are attractive targets for cybercriminals due to their vulnerability and their role as gateways to corporate data. As the workforce becomes more distributed, protecting endpoints has become increasingly challenging. Small businesses are particularly vulnerable, as they can serve as entry points for criminals to target larger organizations, often lacking robust cybersecurity defenses. 

Data breaches are financially devastating for enterprises, with the global average cost being $4.24 million and $9.05 million in the United States. Remote work-related breaches incur an additional average cost of $1.05 million. The majority of breach costs are attributed to lost business, including customer turnover, revenue loss from system downtime, and the expenses of rebuilding reputation and acquiring new customers. 

With the increasing mobility of workforces, organizations face a range of endpoint security risks. These common threats include: 

Phishing: A form of social engineering attack that manipulates individuals into divulging sensitive information. 

Ransomware: Malicious software that encrypts a victim's data and demands a ransom for its release.

Device loss: Leading to data breaches and potential regulatory penalties, lost or stolen devices pose significant risks to organizations. 

Outdated patches: Failure to apply timely software updates leaves systems vulnerable, enabling exploitation by malicious actors. 

Malware ads (malvertising): Online advertisements are used as a medium to distribute malware and compromise systems. 

Drive-by downloads: Automated downloads of software onto devices without the user's knowledge or consent. 

According to Ashley Leonard, Syxsense founder, and CEO, the biggest reason behind increasing challenges related to endpoint security is lack of training. “If people are not properly trained and grooved in on their endpoint and security tools, you are going to find devices and systems misconfigured, not maintained properly, and with critical patches undeployed. Training is vital, but it is much easier to train people on a single tool,” he further added.
Read more »
Vulnerabilties and Exploits
Application Security Endpoint IoT Vulnerabilties and Exploits

From BMW to Ferrari, Automotive Industry Flooded with Vulnerabilties


Automakers struggling with vulnerabilities

A range of automakers from Toyota to Acura is affected by vulnerabilities within their vehicles that can let hackers steal personally identifiable information (PII), lock owners out of their vehicles, and even control functions like starting and stopping the vehicle's engine. 

A team of seven security experts said vulnerabilities in the automakers' internal applications and systems gave them a proof-of-concept hack to send commands using only the vehicle identification number (VIN), which can be seen through the windshield outside the vehicle. 

Experts found security loopholes in the automaker industry

The team has found serious security loopholes from automakers like BMW, Ford, Volvo, Ferrari, and various others throughout Europe, the US, and Asia. It has also found problems with suppliers and telematic companies like Spireon, which makes Gps-based vehicle tracking solutions. 

BMW said that IT and data security are the top priorities for the company, and it continuously monitors its system landscapes for potential security threats or vulnerabilities. 

"The relevant addressed vulnerability issues were closed within 24 hours and we have no indication of any data leaks. No vehicle-related IT systems were affected or compromised. No BMW Group customers or employee accounts were compromised," a spokesperson at BMW said. 

This is the most recent security threat that surfaced, in March last year, telemetry from industrial systems security firm Dragons found Emotet command-and-control servers in contact with various automotive manufacturer systems. 

In December, experts found vulnerabilities in three mobile apps that let drivers remotely unlock or start their vehicles. These bugs allowed unauthorized malicious actors to perform the same commands from afar. 

Automakers slow to identify threats

Security vulnerabilities have been a challenge in the automotive industry for a long time, and automakers are not very proactive in identifying the potential severity of the threat developments. 

Experts believe that while automakers are slowly changing into software developers, they find it difficult to address all points of the development cycle- which includes security. 

One very simple notion is if you're not good at software, you're probably not going to be very good at making that software safe. That is guaranteed." "Automakers look at this in a more reactive way than a proactive way, basically saying we'll address the small number of customers affected and solve the issue and then everything goes back to normal," he says. "That's the way of thinking for many carmakers," said Gartner automotive industry analyst Pedro Pacheco.

When automakers make more sophisticated ecosystems that connect customers with app stores and connect them with their smartphones and other connected devices, the stakes also get high. 

"This is the reason why cybersecurity is going to become more and more of a pressing issue," said Pedro. "The more the vehicle takes over driving, then of course the more chances there are that this can be used against the customer and against the automaker. It hasn't happened yet, but it could very well happen in the future."






Read more »
Technology
Artifical Inteligence Darktrace IoT saaS Technology

How Can AI Understand Your Business Needs and Stop Threats?


AI in threat detection

In the current complicated cybersecurity scenario, threat detection is just a needle in the haystack. 

We have seen malicious actors exploiting everything they can get their hands on, from AI tools, to open-source code to multi-factor authentication (MFA), the security measures should also adapt from time to time across a company's entire digital landscape. 

AI threat detection, simply put is an AI that understands your needs- is essential that can businesses in defending themselves. According to Toby Lewis, threat analysis head at Darktrace, the tech uses algorithmic structures that make a baseline of a company's "normal." 

After that, it identifies threats, whether it's new or known, and in the end, makes "intelligent micro-decisions" about possible malicious activities. He believes that cyber-attacks have become common, rapid, and advanced. 

In today's scenario, cybersecurity teams can't be everywhere all the time when organizations are faced with cyber threats. 

Securing the digital landscapes 

It is understandable that complexity and operational risks go hand in hand as it is not easy to control and secure the "sprawling digital landscapes" of the new organizations. 

Attackers are hunting down data in the SaaS and cloud applications, the search also goes to the distributed infrastructure of endpoints- from IoT sensors to remotely-used computers to mobile phones. The addition of new digital assets and integration of partners and suppliers have also exposed organizations to greater risks. 

Not only have cyber threats become more frequent, but there is also a concern of how easily malicious cyber tools can be availed nowadays. These tools have contributed to the number of low-sophistication attacks, troubling chief information security officers (CISOs) and security teams. 

Cybercrime becoming a commodity

Cybercrime has become an "as-a-service" commodity, providing threat actors packaged tools and programs that are easy to install in a business. 

Another concern is the recently released ChatGP by OpenAI. It is an AI-powered content creation software that can be used for writing codes for malware and other malicious activities. 

Threat actors today keep on improving their ROI (return on investments), which means their techniques are constantly evolving, and security defenders are having problems predicting the threats. 

AI heavy lifting

AI threat detection comes in handy in this area. AI heavy lifting is important to defend organizations against cyber threats. AI is always active, its continuous learning capability helps the technology to scale and cover the vast volume of digital assets, data, and devices under an organization, regardless of their location. 

AI models focus on existing signature-based approaches, but signatures of known attacks become easily outdated as threat actors constantly change their techniques. To rely on past data is not helpful when an organization is faced with a newer and different threat. 

“Organizations are far too complex for any team of security and IT professionals to have eyes on all data flows and assets. Ultimately, the sophistication and speed of AI “outstrips human capacity," said Lewis. 

Detecting real-time attacks

Darktrace uses a self-learning AI that is continuously learning an organization, from moment to moment, detecting subtle patterns that reveal deviations from the norm. This "makes it possible to identify attacks in real-time, before attackers can do harm," said Lewis. 

Darktrace has dealt with Hafnium attacks that compromised Microsoft Exchange. In March 2022, Darktrace identified and stopped various attempts to compromise the Zobo ManageEngine vulnerability, two weeks prior to the discussion of the attack publicly. It later attributed the attack to APT41- a Chinese threat actor. 

War of algorithms- using AI to fight AI 

Darktrace researchers have tested offensive AI prototypes against its technology. Lewis calls it "a war of algorithms" or fighting AI with AI. 

Threat actors will certainly exploit AI for malicious purposes, therefore, it is crucial that security firms use AI to combat AI-based attacks.


 




Read more »
User Security
Cyber Attacks Financial Loss IoT UK UK Businesses User Security

Nearly Half of UK Businesses Suffered Cyber-Assaults in the Past Year

 

The latest findings from the manufacturers' association Make UK and the security software and services company BlackBerry revealed that 42% of UK firms have experienced cyber-attacks in the last year. The survey found that 26% of respondents had significant financial losses as a result of an attack, with losses ranging from £50,000 to £250,000. 

According to the study, production halts were the most frequent impact of cyberattacks (reported by 65% of those impacted), followed by reputational damage (43%). The majority of those who were attacked, 74%, claim that strong cyber-security measures shielded their companies from any harm. 

The Cybersecurity: UK Manufacturing report, which was based on a survey of 112 businesses representing a wide range of sizes and industries, manufacturers face a variety of cyber-security risks, from straightforward employee mistakes to intricate targeted attacks. Maintaining legacy IT (45%), a lack of cyber-skills (38%), and granting access to outside parties for monitoring and maintenance (33%) are listed as the top three cyber-security concerns. 

The industrial Internet of Things (IoT) and Industry 4.0 are seen as the primary drivers of cyberattacks by nearly one in three organizations (30%). A little more than a third (37%) claim that their organizations’ reluctance to adopt new connected technologies has limited their ability to increase efficiency and stifled their ability to expand. 

Smaller businesses are frequently more susceptible to targeted cyberattacks, yet many do not provide staff training on cyber security. A formal cyber-security procedure is now in place for over two-thirds (62%) of manufacturers, which is an increase of 11% from a year ago. Over half (58%) have elevated this obligation to the board level, while a comparable percentage has given a senior manager responsibility for cyber-security. 

Businesses are exposed to increased cyber-security concerns as they use more digital technologies. Ninety-five percent of respondents said they thought their businesses needed cyber-security measures, and two-thirds said that importance had increased over the previous year. 

However, while implementing new technology to increase output, the majority (54%) have chosen not to take any further cyber-security precautions. Along with the cost of maintaining security systems, the initial outlay on cyber-security measures is considered the biggest obstacle (mentioned by 40% of businesses). 

Russia, followed by China, according to three-quarters (75%) of those polled as the biggest cyber threat to their companies. 38% of people worry about threats coming from the UK. 

“Digitisation is revolutionizing modern manufacturing and becoming increasingly important to drive competitiveness and innovation. While cost remains the main barrier to companies installing cyber-protection, the need to increase the use of the latest technology makes mounting a defense against cyber threats essential,” stated Make UK CEO, Stephen Phipson. No business can afford to ignore this issue and while the increased awareness across the sector is encouraging, there is still much to be done.
Read more »
User Privacy
API Cyber Crime HTTP Attacks IoT Logs SSL TLS User Privacy

Must Follow Guidelines for API Security

An online store can collect payments via the PayPal API, for instance, rather than developing their own payment gateway. APIs serve the required function while sparing business time and effort, which is why it is evident they are useful. 

Protecting these APIs from security risks and breaches entails securing them together with all linked apps and users. 

APIs are used by businesses to link services and move data. Major data breaches are caused by compromised, broken, or exposed APIs. They make private and delicate financial, medical, and personal information available to the public. However, not all data is created equal, and not all data should be safeguarded in the same way. The type of data being exchanged will determine how you should approach API security. 

In the last 12 months, 95% of firms encountered an API security issue, according to the most recent Salt Labs State of API Security report. Additionally, during the past year, a variety of businesses—including Facebook, Experian, Starbucks, and Peloton—have experienced public API problems. Clearly, APIs need more protection against intrusions than the present crop of application security approaches can provide.

Security leaders need to carefully examine the way they are currently approaching API security to fix the issue. Understanding how a third-party application is sending data back to the internet is important if user API connects to one. 

Strategies for API Security

  1.  Put a secure authentication and authorization protocol into action: The first stage in an API security approach is authenticating and authorizing the appropriate users.
  2. Implement the "Least Privilege" Principle: The attack surface is decreased by restricting access to only essential tasks, which helps reduce the exposure to security breaches.
  3.  Constrain Data Sharing: To find weak spots, keep track of the data shared between apps, APIs, and users, and then secure them by restricting the shared data.
  4. Not utilize HTTPS: In order to communicate data securely, APIs employ HTTP connections and require Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption.
  5.  Implement a policy of zero trust: We can leave out the zero-trust policy when discussing API security advice. It operates under the premise that no user, device, or server should be trusted until proven otherwise.
  6. Implement data logging: Logs provide admins with a wealth of information that can be utilized to enhance API security and assist with manual inspection and monitoring.
Security requires ongoing work in the age of technology and the internet. Unfortunately, security problems would not disappear, and as IoT technology grows more widespread, the dangers and vulnerabilities will only become worse. Beware of such ineffective strategies for API security. The security strategy must broaden to keep up with attackers' growing skill sets. 

Being proactive is vital, which means keeping an eye on current technology, patching up any flaws, and implementing cutting-edge cybersecurity measures.
Read more »
SSH
Brute Force Attacks DDOS Attacks IoT malware Mirai botnet SSH

FortiGuard Labs: Evolving RapperBot IoT Malware Detected

Since June, FortiGuard Labs has been monitoring the "RapperBot" family of revolving IoT malware. Although the original Mirai source code was greatly influenced by this family, it differs from other IoT malware families in that it has the capacity to brute force credentials and connect to SSH servers rather than Telnet, which was how Mirai implemented it. 

The malware is alleged to have gathered a series of hacked SSH servers, with over 3,500 distinct IP addresses used to scan and brute-force its way into the servers. The malware is named from an encoded URL to a YouTube rap music video in an early draft.

Analysis of the malware

According to the Fortinet analysis, the majority of the malware code implements an SSH 2.0 client that can connect to and brute force any SSH server that supports Diffie-Hellmann key exchange with 768-bit or 2048-bit keys and data encryption using AES128-CTR.

RapperBot turned out to be a Mirai fork with unique features, its own command and control (C2) protocol, and unusual post-compromise for a botnet. RapperBot was created to target ARM and MIPS and has limited DDoS capabilities.

The attempt to create durability on the compromised host, which effectively allows the hacker to keep ongoing access long after the malware has been uninstalled or the unit has been restarted, serves as further proof of how Mirai has deviated from its usual behavior.

RapperBot used a self-propagation technique via a remote binary downloader, which was eliminated by the hackers in mid-July, as per Fortinet researchers who watched the bot and proceeded to sample new variants.

The recent versions in circulation at the time included a shell command that switched the victim's SSH keys for the hackers. A unique file named "/.ssh/authorized keys" is used to get access by inserting the operators' SSH public key. This enables the attacker to log in and authenticate to the server using the associated private key without providing a password.

The root user "suhelper" is added by the bot to the compromised endpoints in the most recent samples that the researchers have examined. The bot also sets up a Cron job to add the user again every hour if an administrator finds the account and deletes it.

Observations 

As per Fortinet, analysts observed no new post-compromise payloads transmitted during the monitoring time, so the virus simply lays dormant on the affected Linux systems. 

Despite the botnet abandoning self-propagation in favor of persistence, it is said that the botnet underwent substantial alterations in a short period of time, the most notable of which being the removal of DDoS attack elements from the artifacts at one point, only to be reinstated a week later.

At best, the campaign's ultimate goals are still unclear, and little more action is taken after a successful compromise. It is evident that SSH servers with pre-configured or easily guessable credentials are being gathered into a botnet for some unknown future use.

Users should set secure passwords for their devices or, turn off password authentication for SSH to protect themselves from such attacks.

Read more »
Vulnerabilities anfd Exploits
Bugs Chinese Vendor Infiray IoT Vulnerabilities anfd Exploits

Critical Flaws Identified in InfiRay Thermal Camera

 

Security bugs in InfiRay thermal cameras might enable hackers to tamper with industrial processes, such as halting production or making changes that lead to lower quality products. 

InfiRay is a product of China-based iRay Technology that designs optical components. With products shipped in 89 nations and territories, InfiRay specializes in researching and designing infrared and thermal imaging devices. 

Analysts from SEC Consult, an Austrian cybersecurity company, discovered that at least one of the vendor’s thermal cameras, the A8Z3, is susceptible to many potentially catastrophic vulnerabilities. The A8Z3 device, sold on the Chinese marketplace Alibaba for approximately $3,000, is meant for a wide range of IoT applications. 

According to security analysts, InfiRay is susceptible to five categories of potentially critical bugs and hardcoded credentials for the camera’s web application are one concern. Since these accounts cannot be shut down and their passwords cannot be modified, they can be termed backdoor accounts that can provide a hacker access to the camera’s web interface. Subsequently, a malicious actor can exploit another loophole to implement arbitrary code. 

Additionally, the researchers spotted a buffer overflow in the firmware and several obsolete software components that are known to contain bugs. They also identified a Telnet root shell that is not password protected by default, allowing a local network hacker to execute arbitrary commands as root on the camera. 

According to SEC Consult, none of these thermal cameras have been exposed on the internet. However, an attacker who can secure unauthorized access to a device could exploit the vulnerabilities to cause considerable damage. 

“The camera is used in industrial environments to check/control temperatures. The test device was located in a factory, where it verified that metal pieces arriving on a conveyor belt were still hot enough for the next process step,” stated Steffen Robertz, an embedded systems security analyst at SEC Consult. 

“An attacker would be able to report wrong temperatures and thus create inferior products or halt the production. The temperature output might also be fed into a control loop. By reporting a lower temperature, the temperature of, for example, a furnace might be increased automatically.” 

The analysts did not perform any tests on any other devices from this vendor, but identical bugs are likely to impact other devices as well, based on historical experience. SEC Consult notified the Chinese firm of its discoveries over a year ago, but the vendor has been unresponsive, therefore it remains unknown whether updates are available or not.
Read more »
Remote Code Execution
Crypto Mining Forescout Research Labs IoT IT Network malware PoC Exploit Code Ransomware Attacks. Remote Code Execution

IoT and OT Impacted by Forescout Proof-of-Concept Ransomware Attack

 

Attackers will grow as defenders improve at resisting double extortion. Rather than focusing on IT, an option is to target operational technology (OT). Attacks on OT are not only harder to execute, but their consequences are also more difficult to mitigate.

Vedere Labs, a division of Forescout, has released a proof of concept (PoC) for a 'ransomware' attack that employs IoT for access, IT for traversal, and OT for detonation. Commonly known as R4IoT, it's the latest version of ransomware. R4IoT's ultimate purpose is to get an initial foothold by exploiting exposed and unprotected IoT devices like IP cameras, then installing ransomware in the IT network and using poor operational security procedures to enslave mission-critical systems. 

"It basically comes out of our observation of the shifting nature of the threat actors involved in ransomware — they've been changing strategies in the last couple of years," Daniel dos Santos, head of security research at Forescout's Vedere Labs, explained. The tipping point for thieves to start attacking such devices for ransomware assaults, according to dos Santos, "will most likely be when the IT and OT devices cross 50%." "And that'll be very soon. It will take between one and two years." 

According to the survey, Axis and Hikvision account for 77% of the IP cameras used by Forescout's 1,400 global customers. Axis cameras alone were responsible for 39% of the total. "This shows that exploiting IP camera flaws as a repeatable point of entry to a variety of businesses is a possibility," stated dos Santos in a report. 

In a neutral setting, this may mean infiltrating a corporate network system to drop ransomware and retrieve other payloads from a remote server to deploy cryptocurrency miners and perform DoS assaults against OT assets. Organizations should identify and patch vulnerable devices, enforce network segmentation, adopt strong password rules, and monitor HTTPS connections, FTP sessions, and network traffic to reduce the possibility and impact of possible R4IoT incidents.

"Ransomware has been the most frequent threat in recent years, and it has largely crippled enterprises by exploiting flaws in traditional IT equipment," the researchers noted. Dos Santos advised using the NIST Cybersecurity Framework and zero-trust architecture, as well as effective network segmentation.
Read more »
WhatsApp
Artificial Intelligence Banking Malware Brazilian Cyber Army Cyber Security Cybersecurity IoT WhatsApp

Brazilian Banks Place a Priority on A.I. and Cybersecurity

 

According to a new survey, artificial intelligence (AI) and cybersecurity are some of the top concerns for banking institutions in Brazil's technology strategy. Analysis of data and the complexity of data analysis strategies relating to evidence gained through the ongoing Open Finance initiative are also a top priority for 78 percent of participants, according to the yearly basis research published by the Brazilian Banking Federation (Febraban) in collaboration with Deloitte.

"It merely came to our attention at the time." For the past 3 decades, it has been Brazilian banks, not fintech or startups, who are at the forefront and remain to be at the stage of international banking technology. Banks have always been digital, innovative, and sophisticated, but most importantly, safe and dependable. "We are not dedicated to it," says FEBRABAN President Isaac Sidney. 

Other innovations have been cited as vital, in addition to AI and cybersecurity, which were cited as key priorities and main areas of concentration in 2021 and remain so this year. 

Public cloud (94 %), Big Data (94 %), process mining (78 %), IoT (75 %), blockchain (67 %), and quantum computing (50 %) were all highlighted by IT decision-makers as current priorities. 

Other goals mentioned by the CEOs in the report were the creation of super apps or superstores (39%) and data-driven financial counseling (35%) as well as store transformation (30%) and WhatsApp-based transactions (30%). Initiatives focused on boosting customer trust in data sharing (22 percent) and expanding chatbot-based transactions are at the bottom of the list (17 percent ).
 
Other objectives highlighted by CEOs in the research included the construction of mega apps or superstores (39%) and data-driven financial advice (35%), as well as shop transformation (30%) and WhatsApp-based trades (30 percent ). At the bottom of the list are initiatives aimed at increasing trust in data sharing (22%), as well as extending chatbot-based transactions (17%).

For the study, Febraban polled 24 firms via a questionnaire, representing 90% of the Brazilian banking industry. The qualitative study enlisted the participation of 34 executives. During November and December 2021, one of three phases of research was completed. 

Banks are widely regarded as pioneers in digital transformation efforts. "If you look at that market, they have complexity in what they have," EY's Errol Gardner said in a recent interview with TechInformed. "But they are putting tremendous investment into digital and the services which wrap around it ." However, many banks continue to be particularly focused on the conventional, local branch network, methods of operating."
Read more »
Wyze
CVE vulnerability IoT Memory Cards Remote Code Execution Vulnerability and Exploits. Wyze

For Three Years, the Flaws in Wyze Cam Devices Have Gone Unpatched

 

Several vulnerabilities have been uncovered in popular Wyze Cam devices, as per new research from cybersecurity firm Bitdefender. The vulnerabilities have been enabling threat actors unlimited access to video feeds and SD cards stored on local memory cards, and have been unfixed for nearly three years.

Wyze was told by Bitdefender it planned to expose the vulnerabilities in September 2021, and on January 29, 2022, the team released a firmware update to fix the SD card issue. Remote users may acquire the contents of the SD card in the camera via a website operating on port 80 without requiring authentication, as per flaw. 

  • CVE-2019-9564, a remote control execution problem caused by a stack-based buffer overflow provides threat actors complete control of a device, such as the ability to control its mobility, disable recording, turn on or off the camera, and more. 
  • Unauthenticated access to the contents of an SD card all affected Wyze Cam lines.
  • CVE-2019-9564 does not allow users to watch the live audio and video feed, but when paired with CVE-2019-12266, exploitation is "relatively straightforward". 

Once users insert an SD card into the Wyze Cam IoT, the webserver creates a symlink to it in the www directory, which is hosted by the webserver but has no access restrictions. The SD card usually includes video, photos, and audio recordings, but it can also contain other types of data manually saved on it. The device's log files, which include the UID (unique identifying number) and the ENR, are also stored on the SD card (AES encryption key). Such revelation could lead to unrestricted remote access to the device. 

Wyze Cam version 1 has been retired and will no longer get security updates, however Wyze Cam Black version 2 and Wyze Cam version 3 have been updated to address the flaws. Wyze published an upgrade for its Cam v2 devices on September 24, 2019, which fixed CVE-2019-9564. By November 9, 2020, Wyze had issued a fix for CVE-2019-12266. Although most Internet-connected devices are used with a "set and forget" mentality, most Wyze Cam owners may still be executing a vulnerable firmware version. 

The security updates are only for Wyze Cam v2 and v3, which were published in February 2018 and October 2020, in both, and not for Wyze Cam v1, which was released in August 2017. The older model were phased out in 2020, and because Wyze didn't solve the problem till then, such devices will be open to exploitation indefinitely. 

If you're using a Wyze device it's still being actively supported, be sure to install any available firmware upgrades, deactivate your IoTs when they're not in use, and create a separate, isolated network just for them.
Read more »
Technology
Internet of Things IoT IoT devices Technology

Researcher Release Report on Internet of Things and Malware Security

With the fast usage of IoT devices, also becoming a lucrative target for threat actors, the reason being these devices are equipped with higher processing power and capability of running a fully functional OS, recent studies aim to better malware research to decrease potential security risks. These results were brought out by a group of researchers from IRISA (Research Institute of Computer Science and Random Systems) at the Annual Computer Security Applications Conference (ACSAC). 

"Electromagnetic emanation that is measured from the device is practically undetectable by the malware," academicians Duy-Phuc Pham, Damien Marion, Matthieu Mastio, and Annelie Heuser said in their research paper. "Therefore, malware evasion techniques cannot be straightforwardly applied unlike for dynamic software monitoring. Also, since a malware does not have control on outside hardware-level, a protection system relying on hard]ware features cannot be taken down, even if the malware owns the maximum privilege on the machine," they further mentioned. 

The aim is to get benefits from the side channel information to find out flaws in emissions when they deviate from earlier observed paths and raise an alarm if a malicious pattern emulating the virus is observed in contrast to the device's normal behavior. The process doesn't require any modifications on selected systems, the framework given in the paper allows finding and classifying stealthy malware like kernel-level rootkits, DDoS (distributed denial of service) attacks, ransomware and, other variants. 

The process takes place in three stages, side-channel stage involves measuring electromagnetic emanations while performing thirty different malware and executing video, music, camera, and picture-related tasks for training convolutional neural network (CNN) model for categorizing real-world malware samples. "By using simple neural network models, it is possible to gain considerable information about the state of a monitored device, by observing solely its electromagnetic emanations," the report says.
Read more »
WiFi
Cyber Security News IoT Vulnerabilities and Exploits WiFi

Experts Discovered 226 Security Flaws in Nine Wi-fi Routers

 

Security experts and editors at CHIP (a German IT) have found 226 potential security faults in nine wi-fi routers from authentic manufacturers like AVM, Netgear, Asus, D-Link, TP-Link, Linksys, Edimax, and Synology. TP-Link Archer AX6000 router was the most affected by the flaws, according to cybersecurity experts, besides this, they also found 32 flaws, along with Synology RT-2600ac with 30 defects, and Netgear Nighthawk AX12 having 29 bugs. Experts also discovered around ten vulnerabilities in Netgear Nighthawk AX12, Edimax BR-6473AX, Asus ROG Rapture GT-AX11000, Linksys Velop MR9600, AVM FritzBox 7590 AX, and AVM FritzBox 7530 AX. 

The experts analyzed these network systems with the help of IoT Inspector's security platform, which searched around 1000 CVEs and security vulnerabilities. IoT CEO Jan Wendenburg said "changing passwords on first use and enabling the automatic update function must be standard practice on all IoT devices, whether the device is used at home or in a corporate network. The greatest danger, besides vulnerabilities introduced by manufacturers, is using an IoT device according to the motto ‘plug, play and forget.” 

The most commonly found issues, according to cybersecurity researchers are out-of-date Linux kernel in the firmware, multimedia, and VPN features, existing hard-coded credentials, use of unsafe communication protocols, and weak security passwords. According to the security affairs advisory, "some of the security issues were detected more than once. Very frequently, an outdated operating system, i.e. Linux kernel, is in use. Since the integration of a new kernel into the firmware is costly, no manufacturer was up to date here. 

The device software used is also commonly found to be outdated, as it all too often relies on standard tools like BusyBox.” Experts observed that not all these faults can be compromised, false positives were also found. Experts discussed their findings with the manufacturers too, most of these vulnerabilities have been patched. Users are suggested to modify factory settings, make sure that devices install auto-updates, and stop functions that are not important.
Read more »
Technology
Artificial Intelligence Cloud Edge Internet of Things IoT Technology

The Future Comes With Promising Edge Technology, Say Experts

 

The huge amount of data continuously collected via billions of sensors and devices that comprise the IoT can pose a serious threat for organizations that depend on primitive intelligence and analytics tools. Since the beginning, these devices have not been much effective and needed central servers to process data, mostly cloud-based servers (public) which could be far away. Currently, however, for the same price, you can get more computing power, making way for AI-powered, and edge located devices that make their own commands. 

As per the experts, by 2025, 75% of organization-generated data would be created and processed by an edge. From driverless cars capable of processing and analyzing real-time traffic data (without cloud), to factory systems that can process sensor data for future maintenance. This rapid development in the age of smart devices at the edge will provide vast opportunities in businesses and for users. The capability to create automated and store data for analysis linked to the source is most likely to give operational advantage, produce new and effective services, enhance scalability and transfer data away from central servers. 

Along with this, the fast edge development requires that security leaders adhere to discipline even though the distribution of data that seems to be on the horizon. It must be important for the user to understand the relation between edge and IoT (Internet of Things), the edge allows computation to run on device/ local network rather than sending data to be analyzed on public cloud servers or central data centers, which is time-consuming and also costs resources. 

After that, the analyzed data can be sent to its endpoint. Hence, edge computing lowers the bandwidth risks and analyses data within proximity. It is very crucial in IoT as there exist billions of sensors and systems across the world that produce processed data, let it be inter-connected home devices, health wearables, or industrial machinery. "Especially for use cases like healthcare monitoring and safety apps – where milliseconds count – edge computing and cheaper, more powerful AI-powered devices are emerging as perfect partners to process the massive amounts of information generated by connected devices," reports HelpNetSecurity.
Read more »
Vulnerability report
Cybersecurity Home Camera IoT Vulnerabilities and Exploits Vulnerability report

Hackers Exploit Camera Vulnerabilities To Spy On Parents

 

Various zero day vulnerabilities in home baby monitor could be compromised that lets threat actors hack into camera feed and put malicious codes like malware. The security issues were find in the IoT gadgets, made by China based developer Victure, that were found by BitDefender experts. In a security report, BitDefender revealed about the stack-based buffer flaw present in ONVIF server Victure PC420 component camera that allows hackers to plant remote codes on the victim device. When compromised, hacker can discover cameras (not owned by them) and command devices to broadcast camera feeds to third party and exploit the camera firmware. 

"When choosing a baby monitor, the security aspect should trump features or price point.This is because similar vulnerabilities have been used in the past by threat actors to directly communicate with children, thus exposing them to interactions with adults outside the family’s circle of trust," Daily Swig reports. As of now, Victure isn't aware about the complete attack scenerio, but it believes that the hacker could exploit the vulnerabilities and spy on residents using these cameras constantly or let other users do the same. 

Cloud users rely on using camera and cloud features and according to experts, around 4 million cameras across the world are impacted by the issue. The vulnerability impacts Victure PC420 firmware variants 1.2.2 and earlier. BitDefender released a report on the vulnerabilities after trying to contact Victure to inform them about the issues. BitDefender tried to make various attempts to get in touch with the company to offer them assistance to deal with the issues. The firm then decided to release a report on the issue to let users know about the vulnerabilities, as their privacy is on stake when their devices are connected. 

Experts advice users to stop using devices immediately and residents should give security priority rather than device." We have been warning about the dangers of vulnerable video equipment for years and we started this vulnerability research project to help parents protect their privacy, as well as their children’s. Sometimes, vendors choose to ignore these gaping holes and leave customers exposed instead" said the researcher to Daily Swig.
Read more »
Wifi vulnerability
IoT Vulnerability and Exploits Wifi vulnerability

Vulnerabilties Found in Realtek Module

A new type of severe rated vulnerabilities has been revealed in the Realtek RTL8170C Wi-Fi module. A hacker could exploit these vulnerabilities to gain access to a device and attack wireless communications. According to experts Vdoo, an Israeli tech IoT firm, if an exploit is successful, it would result in control of complete WiFi module possible root access in the Linux or Android OS, of the embedded devices using this module. 

Hacker News reports "Realtek RTL8710C Wi-Fi SoC underpins Ameba, an Arduino-compatible programmable platform equipped with peripheral interfaces for building a variety of IoT applications by devices spanning across agriculture, automotive, energy, healthcare, industrial, security, and smart home sectors." These vulnerabilities impact all IoT and embedded devices that use the module for connecting to Wi-Fi networks and the hacker would have to be on the same Wi-Fi network. It is because the firmware knows the network's pre-shared key (PSK) or uses the RTL8710C module. 

PSK, as the name suggests, is a cryptographic code that is used to verify wireless devices on LANs. "In the same vein, the RTL8170C Wi-Fi module's WPA2 four-way handshake mechanism is vulnerable to two stack-based buffer overflow vulnerabilities (CVE-2020-27301 and CVE-2020-27302, CVSS scores: 8.0) that abuse the attacker's knowledge of the PSK to obtain remote code execution on WPA2 clients that use this Wi-Fi module," reports The Hacker News. An earlier investigation in February revealed similar vulnerabilities in the Realtek RTL8195A Wi-Fi module, the primary one being a buffer overflow vulnerability (CVE-2020-9395). 

It allows a hacker who is in the range of an RTL8195 module to completely hijack the module, without needing a Wi-Fi password. In a possible real-world attack situation, experts performed a PoC (proof of concept) exploit where the hacker disguises as an authorized access point and sends an infected encrypted GTK (group temporal key) to the supplicant (client) with the help of WPA2 protocol connection. GTK is used for securing broadcast and multicast traffic. "During the analysis, we have discovered and responsibly disclosed six major vulnerabilities in Realtek’s RTL8195A Wi-Fi module that these devices were based on," said Vdoo.

Read more »
Subscribe to: Posts (Atom)