Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label IoT devices. Show all posts
Vulnerabilities and Exploits
IoT devices Smart TV Threat Landscape Unauthorized access Vulnerabilities and Exploits

91,000 Smart LG TV Devices Susceptible to Unauthorised Remote Access

 

New vulnerabilities have been discovered in LG TVs that could allow unauthorised access to the devices' root systems, possibly exposing thousands of units worldwide. 

The finding, made as part of Bitdefender's continuing inspection of the popular Internet of Things (IoT) technology, focuses on vulnerabilities in WebOS versions 4-7, which are used in LG sets. The detected flaws allow unauthorised access to the TV's root system by circumventing the permission process. 

Despite its intended use for LAN access only, Shodan, an internet-connected device search engine, has identified over 91,000 devices that expose this service to the internet. 

Among the uncovered flaws, CVE-2023-6317 stands out because it allows attackers to bypass authorization methods, allowing unauthorised access to the TV's root system. Additionally, CVE-2023-6318 enables attackers to extend their access to root privileges, heightening the security risk. 

Furthermore, CVE-2023-6319 allows for the injection of operating system commands, whilst CVE-2023-6320 enables authenticated command injection. The concerned models are LG43UM7000PLA, OLED55CXPUA, OLED48C1PUB, and OLED55A23LA. Devices running WebOS versions 4.9.7 through 7.3.1 have been confirmed to be impacted. 

“Attackers could use the compromised Smart TV as a starting point to launch additional attacks against remote systems or hosts,” noted Thomas Richards, principal security consultant at the Synopsys Software Integrity Group.

According to the cybersecurity expert, if attackers get administrator access to the TV, the user's personal information, including login passwords, can be compromised. 

“Smart TV owners should not have their TVs directly connected to the internet. Keeping the TV behind a router will reduce the likelihood of a compromise since remote attackers will not be able to reach it,” Richards added. “Enabling the automatic update option on the TV will keep the TV up to date with vendor patches to remediate security risks.” 

Bitdefender's disclosure timetable highlighted the approach followed, with vendor notice taking place on November 1, 2023, some months before a fix delivery on March 22, 2024. In the face of emerging threats, prompt patching and upgrades are critical to minimising possible risks, safeguarding user privacy, and enhancing device security.
Read more »
TheMoon
Cyber Security Financial Exploit IoT devices Routers TheMoon

Malware Targets End-of-Life Routers and IoT Devices

 




A recent investigation by Black Lotus Labs team at Lumen Technologies has revealed a concerning trend in cybercriminal activity targeting end-of-life (EoL) routers and IoT devices. The research sheds light on a sophisticated campaign utilising updated malware known as TheMoon, which has quietly grown to infect over 40,000 devices across 88 countries by early 2024.

The primary target of this campaign appears to be small home and small office routers, which are often overlooked when it comes to security updates. Unlike desktop and server computing, where automatic updates are the norm, many IoT devices lack this crucial feature. This oversight leaves them vulnerable to exploitation by cybercriminals.

One of the key findings of the investigation is the emergence of a malicious proxy service called Faceless, which offers anonymity services to cybercriminals for a minimal fee. By routing their traffic through compromised devices, malicious actors can conceal their true origins, making it difficult for law enforcement to track their activities.

According to Jason Soroko, a cybersecurity expert, routers and networking equipment with weak passwords have long been easy targets for cyber attacks. However, what sets this campaign apart is the use of proxy networks to obfuscate command-and-control (C2) traffic, indicating a new level of sophistication among cybercriminals.

The Mechanism Behind The Threat

The malware responsible for these attacks is distributed through a botnet orchestrated by TheMoon. It targets vulnerable EoL routers and IoT devices, infecting them with a loader that fetches an executable file from a C2 server. This file includes a worm module that spreads to other vulnerable devices, as well as a component used to proxy traffic to the internet on behalf of the attacker.

Global Impact: Financial Sector Under Siege

Despite a majority of infected hosts being located in the U.S., the threat extends globally, with devices in 88 countries falling victim to the campaign. The financial sector, in particular, is a prime target for password spraying and data exfiltration attacks, posing significant risks to organisations worldwide.

Recommendations for Defenders

Network defenders are urged to remain vigilant against attacks on weak credentials and suspicious login attempts. Additionally, experts recommend implementing measures to protect cloud assets from communicating with malicious bots and blocking indicators of compromise (IoCs) with web application firewalls.

The advent of this new cyber threat calls for regular security updates and proper maintenance of IoT devices, especially those nearing the end of their lifecycle. Failure to address these vulnerabilities could have far-reaching consequences, as cybercriminals continue to exploit them for financial gain.




Read more »
User Security
Data Safety IoT devices Smart Devices Technology User Security

Three Ways Smart Devices Can Compromise Your Privacy

 

Any gadget that has an internet connection and can be operated by a computer or smartphone is considered a smart device. Home appliances, security cameras, thermostats, doorbells, lighting systems, and other networked gadgets are examples of such devices. 

Smart devices are becoming more prevalent due to the comfort they provide. However, with this ease comes a higher risk to your privacy. 

When people talk about smart gadgets, they are referring to the internet of things (IoT) and its ability to connect all of your devices together. This means that all of the data generated by each device can be viewed and shared with other connected devices, potentially exposing sensitive information about you and your home life. Here are three ways that smart devices might jeopardise your privacy. 

Location tracking 

Many smart devices track and save users' whereabouts, allowing detailed profiles of their behaviours to be created. Without the user's knowledge or consent, this data can then be sold to third parties. 

With smart devices like fitness trackers and smartphones, this has become a serious issue. If you're not careful, your smartphone may be sharing more information than you realise. You may believe that you have control over the data it collects, but this is not always the case. 

Insecure Wi-Fi 

Wi-Fi is used by many smart gadgets to connect to the internet. This means that if adequate safety measures are not in place, it may be vulnerable to hackers. Hackers can gain access to your device, look into sensitive data like passwords, and even take control of it. 

Hackers have been known to hijack smart devices via Wi-Fi connections and use them to launch cyber-attacks. This is especially important if you travel with smart gadgets such as phones or laptops, as they may connect to unsecured Wi-Fi networks. 

Webcam vulnerabilities 

Smart devices frequently include built-in cameras and microphones that can be hacked to gain access to the user's audio and video records. This has been a major problem in recent years, with cases of "webcam hacking" growing steadily. 

People are increasingly installing cameras in their doorbells, baby monitors, and even televisions. All of these can be hacked into if the user does not take proper safety measures. For example, in some cases, hackers have taken over security cameras and utilised them to spy on unsuspecting individuals in their homes. This is an extreme example of a privacy infringement that can be avoided with adequate safety measures. 

Bottom line 

Smart devices can be a wonderful addition to the home, but you must be aware of the risks that they involve. They can violate your privacy in a variety of ways, including  targeted attacks, location tracking, real-time recording, and so on. 

Furthermore, flaws in your connectivity solution can expose your devices, data, and family or customers to cyber-attacks. Understanding the threats and implementing the required security measures will help you secure your privacy. Early intrusion detection is the most successful method of preventing cyber-attacks, and this is still true in the Internet of Things era.
Read more »
IoT devices
AI Policy Artificial Intelligence Cloud Device Cloud Platform Cyber Security Information Technology IoT devices

AI's Swift Impact on the IT Industry

The integration of Artificial Intelligence (AI) in the Information Technology (IT) industry is poised to bring about rapid and profound changes. As businesses seek to stay ahead in an increasingly competitive landscape, the adoption of AI technologies promises to revolutionize how IT operations are managed and drive innovation at an unprecedented pace.

According to a recent report by ZDNet, the impact of AI on the IT industry is set to be both swift and far-reaching. The article highlights how AI-powered solutions are automating tasks that were once time-consuming and labour-intensive. This shift allows IT professionals to focus on higher-level strategic initiatives, enhancing productivity and efficiency across the board.

IDC, a renowned market intelligence firm, supports this view in its latest research. The report underscores that AI technologies are becoming indispensable tools for businesses seeking to streamline operations and gain a competitive edge. IDC predicts a significant surge in AI adoption across various sectors, underlining the transformative potential of this technology.

Furthermore, the 2023 Enterprise IoT and OT Threat Report by Zscaler ThreatLabz sheds light on the crucial role AI plays in securing the expanding landscape of enterprise IoT and OT devices. As the Internet of Things continues to grow, so do the associated security risks. AI-powered threat detection and response systems are proving to be instrumental in safeguarding networks against evolving cyber threats.

The convergence of AI and IT is driving innovation across domains such as cloud computing, cybersecurity, and data analytics. Cloud platforms are leveraging AI to optimize resource allocation and enhance performance, while cybersecurity solutions are using AI to detect and respond to threats in real-time.

Organizational structures are changing as a result of AI's incorporation into the IT sector. Organizations are reaching new heights in terms of productivity, security, and innovation thanks to the quick adoption of AI technology. Enterprises adopting AI will have an advantage in navigating the opportunities and difficulties presented by the changing IT ecosystem in the future. The revolutionary potential of artificial intelligence is undoubtedly linked to the future of IT.

Read more »
Mirai botnet
Botnet attack Cyber Attacks IoT devices Mirai botnet

Mirai Botnet Variant 'Pandora' Hijacks Android TVs

 

Pandora, a variant of the Mirai botnet, has been identified targeting budget-friendly Android-based television sets and TV boxes. It utilizes these devices as part of a botnet to execute distributed denial-of-service (DDoS) attacks. Mirai is a type of harmful software that goes after everyday devices like smart cameras and home routers. It takes control of them and makes them part of a group of bots that can be controlled remotely. 

Cybercriminals use these groups, known as Mirai botnets, to launch big attacks on computer systems, called DDoS attacks. What sets Mirai apart is that it mainly affects connected smart home gadgets, like routers, thermostats, baby monitors, and even fridges. It does this by targeting the common Linux operating system that many of these Internet of Things (IoT) devices run on. Mirai exploits weaknesses in these smart devices and links them together into a network of compromised devices, which is called a botnet. 

According to the Doctor Web, compromises are prone to happen either through malicious firmware updates or when users install applications for viewing pirated video content. In the realm of alternative distribution methods, there is suspicion that users are being deceived into installing applications meant for streaming pirated movies and TV shows. 

These deceptive websites predominantly target Spanish-speaking users. The roster of apps includes Latino VOD (com.global.latinotvod), Tele Latino (com.spanish.latinomobile), UniTV (com.global.unitviptv) and YouCine TV (com.world.youcinetv). 

Upon installation of the application, it initiates a background service named "GoMediaService." This service is subsequently utilized to extract various files, including an interpreter running with elevated privileges and an installer for Pandora. In its function, Pandora is crafted to establish contact with a remote server. 

It proceeds to substitute the hosts' file on the system with a deceitful version and awaits further directives. These instructions involve executing DDoS attacks utilizing TCP and UDP protocols, along with initiating a reverse shell. 

The central focus of this campaign is directed towards affordable Android TV boxes, such as the Tanix TX6 TV Box, MX10 Pro 6K, and H96 MAX X3. These devices are equipped with quad-core processors sourced from Allwinner and Amlogic, rendering them well-suited for launching DDoS assaults. 

Understanding Botnet Attacks and Effective Prevention Strategies 

Botnet attacks pose a significant cybersecurity risk, with their prevalence and complexity on the rise. As reported by CSO Online, the initial half of 2022 witnessed a staggering 67 million botnet connections originating from more than 600,000 distinct IP addresses. 

Common Botnet Attacks: 

• DDoS: Overwhelm with traffic
• Credential Theft: Steal login details 
• Spam & Phishing: Mass emails for deception 
• Ad Fraud: Fake user activity 
• Crypto Mining: Hijack processing power. 

In the face of botnet attacks as a significant cybersecurity threat, organizations have an array of prevention techniques at their disposal. These include: 

• Implementing advanced antivirus and antimalware solutions, and ensuring they remain up-to-date. 

• Consistently applying software and operating system updates, along with timely bug fixes. 

• Educating staff on identifying suspicious emails and attachments, and emphasizing the importance of refraining from clicking on them. 

• Strengthening security with robust passwords and employing multi-factor authentication to deter unauthorized access. 

• Enforcing comprehensive cybersecurity training programs for employees, equipping them with the knowledge to recognize and respond to botnet attacks effectively.
Read more »
UK Hospitals Medical Records
Data Breach Data Safety IoT devices NHS UK Hospitals Medical Records

NHS: Hackers have Complete Access to Millions of Medical Devices in UK Hospitals

 

In England's NHS Trust hospitals, millions of medical devices are now entirely vulnerable to ransomware attacks by cybercriminal groups. 

These ostensibly safe online gadgets, such surveillance cameras and blood pressure monitors, are either unable to run security software or rely on outdated versions. They frequently receive no monitoring at all. 

When hackers leapfrog from these devices into the key areas of hospital networks, they can bring down entire hospital systems and leave a path of technological carnage in their wake. 

There have already been significant instances in North America and other parts of the world where security specialists were called in to deal with the fallout from these scenarios, some of which were the result of human error. 

This is a ticking time bomb, and the actual magnitude of the threats was revealed earlier this week by Armis Security, a US cybersecurity firm that sent freedom of information (FOI) requests to 150 NHS Trusts in England.

Armis Security inquired about how hospitals catalogue and monitor their medical devices, namely laptops, desktop computers, MRI machines, CT scanners, drug distribution stations, pacemakers, linked inhalers, and heart-rate and blood-pressure monitors. 

Only 71 NHS Trusts answered with data, but what they stated was eye-opening: one in five hospitals admitted to manually tracking each medical device added to their networks, and nearly one in six hospital networks are not checked for cybersecurity concerns at all. 

While this report focuses on the NHS, Armis stated that it is pushing for international healthcare industry action because the problem is hurting hospitals all around the world. 

Hackers usually want to steal data from businesses or encrypt it and demand a ransom payment. With healthcare, there is an additional risk that patients' lives would be impacted, both by interruption caused by cyberattacks and network failures, as well as by hacking attempts on medical devices, which may cause them to malfunction.

"NHS trusts are responsible for their own cybersecurity and must maintain a register of medical devices connected to their network, including information on their data security assurance process," said a spokesman for NHS England.“The NHS will continue to review the requirements for cybersecurity relating to connected medical devices and take action to make improvements where appropriate.” 

Why should hospitals monitor all IoT devices? 

Trend Micro, a global cybersecurity firm, interviewed 145 healthcare companies worldwide in January and discovered that more than half of them had been damaged by ransomware attacks in the previous three years. One-fourth of those surveyed stated the hacks were so severe that they had to suspend operations entirely.

In addition, the Ponemon Institute's 2022 study indicated that more than half of the 517 healthcare practitioners polled saw their institutions endure greater death rates as a result of cyberattacks. The latest known large ransomware assault on the NHS was the WannaCry ransomware strikes in 2017. However, this does not mean that we are out of the woods. 

"The reason we're good at tracking laptops and desktops is that the IT department buys them and, when we receive them, we install security tools," Mohammad Waqas, principal solutions architect at Armis, explained at Infosecurity Europe 2023.

“With medical devices, the IT team is not involved, it’s the medical departments buying and installing them. But even if I was aware this department bought 10 CT scanners or 10 ultrasound machines, I still can't install my traditional security [software] on the machines to track them.” 

Many medical devices use an open-source Linux operating system, similar to Windows or Android OS on your computer or smartphone. None of these devices are "computers" in the classic sense, yet because they run Linux, CCTV cameras and wireless glucose monitors are just as vulnerable to hackers as traditional computers. 

Armis estimates that 25,000 devices are active on any single hospital network around the world on a daily basis.
Read more »
VMware ESXi
Cyber Security IoT devices Linux Security Online Safety Operating system Server Hack VMware VMware ESXi

Here's Why Cybercriminals are Targeting Linux Operating Systems

 

Internal strife is common among ransomware gangs. They argue, they fight, and they establish allies only to rapidly break them. Take, for instance, the leak of malware code from Babuk, which was compromised in 2021 by hackers enraged at being duped by the infamous ransomware gang. 

The outcomes of this intramural warfare are frequently fruitful for cybersecurity experts. Ten other ransomware gangs used the code to attack VMware and ESXI servers after that, and a number of versions were produced that researchers have been busy updating ever since. 

However, what made this particular family of malware noteworthy was that it specifically targeted Linux, which has quickly become a favourite of developers working on creating virtual machines for cloud-based computer systems, hosting for live websites, or IoT devices. With an estimated 14 million internet-facing gadgets, 46.5% of the top million websites by traffic, and an astounding 71.8% of IoT devices using Linux on any one day, its use has increased significantly in recent years. 

That's excellent news for advocates of open-source software development, for whom Linux has always served as an illustration of what can be accomplished when coding communities work together without being constrained by anything as odious as a corporate culture or a profit motivation. 

It's also really alarming for some cybersecurity specialists. Not only is there a significant dearth of ongoing research into the security of Linux-based systems in comparison to those based on more mainstream operating systems, but there is also no official, overarching method for patching the vulnerabilities in this OS. Instead, as befits an open-source product, 'flavours' of Linux are patched on an ad hoc basis by developers with time and intellect to spare - a valuable resource in the face of a real tsunami of cybercrime. Attackers are taking note. AtlasVPN discovered over 1.9 million new malware threats last year, representing a 50% rise year on year.

Shifting trend 

It wasn't always like this. Bharat Mistry recalls a time when hackers were more interested in cracking open old Windows computers. "I believe cybercriminals stayed away because they believed the popularity wasn't there," says Trend Micro's technical director for the UK and Ireland. Linux had a reputation for being secure by design, with reduced default access levels and other characteristics designed to hinder the easy spread of malware. "But over the last six years, certainly with cloud usage, it's [usage has] exponentially grown," says Mistry, increasing the amount of possible vulnerabilities. 

According to Mistry, this is largely due to the fact that it offers a cheap and cheerful alternative to the dominant OS brands, with many different flavours of unlicensed Linux accessible. "When you look at things like web servers that are hosted in the cloud, [why] should I pay for a Windows licence?" Mistry asks, speaking from the perspective of a savvy, money-conscious company. A Linux alternative is "as cheap as chips and does exactly what I need it to do." I can install Apache on it... and have the performance I want without the extra cost." 

Unfortunately, if an operating system is designed and maintained according to open source principles, hackers looking to exploit it can simply source it on GitHub and other software forums. Ensar Seker, for one, is concerned about the consequences for the use of virtual machines (VMs) in the cloud. "Virtual machines often lack the same level of security monitoring as physical systems, making it easier for attackers to go undetected for a longer period of time," says the chief information security officer at digital risk protection platform SOCRadar. 

The fact that the vast majority of software on IoT devices is based on Linux should also be cause for concern, according to the researcher, especially considering the rate of development expected for the smart device market over the next decade. More concerningly, Mistry continues, "we're seeing Linux being used more and more in critical systems," owing to how easy it is to branch and customise variants of the OS to suit particular jobs compared to its mainstream counterparts.

Given hackers' access to the source code of the operating system, malware designed to break open-source versions of these systems is frequently created to a higher standard than its Windows-targeting counterparts. It's also popular among a wide range of cybercriminal gangs. Tilted Temple, a Chinese cyber group, has utilised Linux-based malware to infiltrate important national infrastructure on three continents. 

Major players in the cybercriminal underworld, such as Black Basta, Lockbit, and Hive, have all been identified as deploying targeted Linux-chomping malware to breach online infrastructure. Another such gang, RTM, has been found on dark web forums as trading in harmful, Linux-targeting software. 

It's unclear how prepared cybersecurity providers are for this new threat. After all, until recently, these companies spent far more time fixing vulnerabilities in more widespread operating systems. Far fewer have investigated how vulnerable Linux systems can be to hacking - a squandered opportunity, according to Mistry. "Everyone's been so focused on Windows over the last few years because it's been the predominant operating system that all enterprises use," he explains. "But, in the background, Linux has always been there." 

Future threats 

Mistry does not believe the current wave of Linux attacks will abate anytime soon. He feels it will be some time before consumers and developers become aware of the risks and alter their behaviours. "The vulnerabilities in Linux platforms are massive," Mistry adds. "No one is actively controlling the vulnerabilities and patching them on a daily basis." 

Does this imply that its open-source framework contributes directly to Linux's lack of security? Certainly less, says Mistry. "You've got the openness, you've got the mass flexibility - the problem is when it comes to support," explains Mistry. 

Organisations developing new software on Linux should educate themselves on the trade-offs involved in adopting the operating system. The communities of developers modifying and patching this or that variant of Linux have "got people who will do things, but there's no kind of set body to say, 'This is the kind of direction we're going [in.]," adds Mistry, let alone any built-in regime mandating security standards. As a result, firms would be advised, according to the TrendMicro researcher, to install their own regime or create a viable audit trail for products built on some of the more unusual varieties of Linux. 

So, are the days of Linux as a popular OS alternative numbered? Probably not in the short term, and many cybersecurity vendors are becoming aware of the threat posed by Linux-based systems, according to Mistry. Nonetheless, according to Seker, each new security event involving Linux-targeting malware only serves to erode its reputation as an economical, secure, and open-source alternative to the monolithic Windows and iOS. "Even a single high-profile incident can quickly change a perception if the security community does not respond to threats promptly and effectively," he says.
Read more »
Vulnerabilities and Exploits
IBM Security X-Force IoT devices JSON Web Token Signing key ThingsBoard ThingsBoard version 3.4.2 Vulnerabilities and Exploits

ThingsBoard: Default Static Key in IoT Platform Gives Attackers Admin Access


The developers of ThingsBoard, an open-source platform used for managing IoT devices for various industry sectors have recently patched a flaw that could apparently enable attackers to acquire administrative access to a server and send requests. 

The vulnerability, identified as CVE-2023-26462, was detected and reported by IBM Security X-Force researchers. Attackers could fake valid requests that would allow them to appear to the system as higher privileged users, with knowledge of that key, which is much easier to obtain. 

"Because ThingsBoard allowed the default key to be used without requiring administrators to change it, and because that default key was also exposed publicly in the configuration files, the door was opened for attackers to gain unauthorized access in excess of what is intended," stated the X-Force researchers in a report. 

The flaw was later patched in ThingsBoard version 3.4.2 by establishing a random key for each new installation or by upgrading to version 3.4.2 or later. If administrators are unable to upgrade immediately, they can manually alter the earlier versions' default signing key in the configuration file or via the admin dashboard. 

Insecure Implementation of JSON Web Tokens 

JSON Web Token is an internet standard for stateless authentication. It is widely used in mobile and web applications, significantly used if the interactive authentication is impractical, like machine-to-machine or service-to-service communication. Stateless authentications do not require users’ passwords or usernames to be imputed and store the state of a user's session on the server. Instead, it makes use of tokens or tickets that include statements or claims about a user that the server is confident are accurate. 

With the help of JWT, the server generates a token for clients and signs it with its secret key. The payload of that token contains information about the user's identity and permissions. The user or client must provide their signed token along with every request they make in order to execute an operation on the server. 

Through this approach, it is simple to understand the significance of securing the signing key. If not, someone who has access to the server's key might take a payload that is already signed and modify its contents before re-signing it with the server's key and getting it to be recognized as genuine. 

In ThingsBoard’s case, a hacker has the ability to alter the scope value from the JWT, which indicates the user's position on the server and, consequently, the capabilities they are granted. The high-privileged scopes include ones like SYS ADMIN and TENANT ADMIN. On the platform, tenants are subsets of an organization, and a tenant's admin can control all of their devices. Yet, system administrators are in charge of the entire system and can manage every tenant. 

"By editing this role value and generating a new, valid signature for the payload, a user can escalate privileges within the platform to the highest level[…]This grants access throughout the entirety of the platform, including other tenants, users, and devices not affiliated with the original account," the researchers said. "ThingsBoard is just one among many IoT platforms which, much like the devices that connect to them, all deserve further research and scrutiny[…]Adoption of IoT devices in all industries will only continue to grow, and with it the need to ensure security in the platforms managing devices and collecting data."

Read more »
User Security
AI AI Chatbot Cyber Security Cyberwarfare IoT devices Threat Intelligence User Security

Attacks are Being Outmanoeuvred by AI Cybersecurity in Novel Ways

 

These days, chatbots that use artificial intelligence (AI) are the hot topic. Yet, AI cybersecurity is one of the software program's most rapidly expanding functions. That's because real-time detection and defence against cyberattacks saves money for businesses, governments, and people alike. 

According to MarketsandMarkets Research, the global AI cybersecurity market is worth $22.2 billion this year. However by 2028, it's projected to grow to $60.6 billion. A 21.9 percent compound annual growth rate applies to that. 

An increase in cyberattacks 

Cybercrime affects 97 people or businesses every hour, the report by SurfShark reads. Due to this, 2,328 successful cyberattacks will be launched on the day you read this, causing millions of dollars in losses. 

According to Cybersecurity Ventures, those losses should rise by 15% annually. By 2028, it is anticipated that yearly losses will amount to $10.5 trillion. 

“If it were measured as a country, then cybercrime would be the world’s third-largest economy after the U.S. and China,” stated Steve Morgan, founder of Cybersecurity Ventures. 

Expanding AI cybersecurity response 

AI and its partner machine learning are the officers on the beat to stop this growing cybercrime wave (ML).

“AI is big data,” explains Mansour Khatib, CEO of GBT Technologies, Inc., Santa Monica, CA. “AI manages massive amounts of data to detect something that’s suspicious. It can stop an attack and, based on the data it has gathered, it can know the attack’s next move.” 

Global cyberattack data is continuously gathered by AI. ML can comprehend industrial and worldwide risks to thwart an attack using the knowledge gathered by AI. 

Flexibility in AI cybersecurity 

In theory, humans are capable of doing the same tasks as AI cybersecurity. People don't notice a system is under attack for a very long time, though. There have been numerous successful attacks on systems run by AI that went unnoticed for days. Cybersecurity in the past has its limitations. After malware is discovered, it is blacklisted and information is analysed on it. This approach might thwart attacks from that particular malware, but it cannot identify brand-new, original threats. 

In addition to being faster and more powerful, AI is also more adaptable than conventional cybersecurity techniques. An AI cybersecurity system uses ML to identify new attacks and attackers based on similarities to past ones, learn patterns, and identify correlations between patterns. In other words, AI may change as needed. 

Cybersecurity's future with IoT And AI

The use of physical devices that send and receive information via the internet is enabling an increase in global connectivity. The Internet of Things is therefore used to describe that. Cell phones, automobiles, thermostats, and even refrigerators are among examples.

Today's refrigerators can alert you when you run low on something or are out of it so you may replenish it, claims Khatib. The fridge can communicate with your smartphone or home assistant, such as Google Assist or Amazon, by sending messages via Wi-Fi. Cyber criminals have new ways to steal your financial and personal information as more objects are connected to the internet. 

It's possible that you own a smart bulb, Khatik speculates. This lightbulb transmits data to you via your router. By accessing the light bulb, someone may take control of your router. They might then access your computer and obtain a variety of information from there. 

Such attacks might be thwarted using AI cybersecurity. Can you afford it, though? Khatib responds, "Definitely. Protection for your house and personal devices is getting more affordable in today's society. An inexpensive PC with fingerprint recognition is available right now." 

According to CujoAl's analysis of 1.7 billion connected devices in North America between April 2021 and April 2022, almost half of them are unable to operate antivirus software. To secure all of the devices connected to a network, AI cybersecurity can be included into a router.
Read more »
Zero Trust
API Keys Firewall IoT devices Microsoft Azure Privacy Threat actors VPN Zero Trust

A Zero-Trust Future Encourage Next-Generation Firewalls

The future of Zero Trust security relies greatly on next-generation firewalls (NGFWs). NGFWs are classified by Gartner Research as "deep packet inspection firewalls that incorporate software inspection, intrusion prevention, and the injection of intelligence from outside the firewall  in addition to protocol inspection and blocking."  As per Gartner, an NGFW should not be mistaken for a standalone network intrusion prevention system (IPS) that combines a regular firewall and an uncoordinated IPS in the same device.

Significance of Next-Generation Firewalls

1. Substantial expense in ML and AI

As part of zero-trust security management goals, NGFW providers are boosting their assets in ML and AI to distinguish themselves from competitors or provide higher value. Analytical tools, user and device behavior analysis, automated threat detection and response, and development are all focused on identifying possible security issues before they happen. NGFWs can continuously learn and react to the shifting threat landscape by utilizing AI and ML, resulting in a more effective Zero Trust approach to defending against cyberattacks.

2. Contribution of a Zero Trust 

By removing implicit trust and regularly confirming each level of a digital transaction, the zero trust approach to cybersecurity safeguards a business. Strong authentication techniques, network segmentation, limiting lateral movement, offering Layer 7 threat prevention, and easing granular, least access restrictions are all used to defend modern settings and facilitate digital transformation. 

Due to a lack of nuanced security measures, this implicit trust means that once on the network, users, including threat actors and malevolent insiders, are free to travel laterally and access or exfiltrate sensitive data. A Zero Trust strategy is now more important than ever as digitalization accelerates in the shape of a rising hybrid workforce, ongoing cloud migration, and the change of security operations. 

3. Threat monitoring to enforce least privilege access

Device software for NGFWs, such as Patch management tasks can be handled by IT teams less frequently because updates are distributed in milliseconds and are transparent to administrators.

NGFWs that interface with Zero Trust environments has automated firmware patch updates, IPS, application control, automated malware analysis, IPsec tunneling, TLS decryption, IoT security, and network traffic management (SD-WAN) patch updates.  

NGFWs used by Microsoft Azure supply Zero Trust

By enabling businesses to impose stringent access rules and segment their networks into distinct security zones, Microsoft Azure leverages next-generation firewalls (NGFWs) to deliver zero-trust security. This enhances the overall network security posture.

Azure Firewall can be set up to monitor traffic in addition to regulating it, looking for risks and anomalies, and taking appropriate action. In an effort for this, malicious communications can be blocked, infected devices can be quarantined, and security staff can be made aware of potential dangers.


NGFW firms are investing more in AI and ML to further distinguish their solutions. Companies must continue to enhance API connections, particularly with IPS, SIEM systems, and Data Loss Prevention (DLP) solutions. They must also concentrate on how software-defined networking (SDN) might increase adaptability while supplying finer-grained control over network traffic. A well-implemented Zero Trust architecture not only produces improved overall security levels but also lower security intricacy and operational overhead.
Read more »
Windows
Botnet Cyber Security Endpoint FortiGuard IoT devices Protocol Windows

Several Security Breaches Exploited by Zerobot Botnet

 

FortiGuard Labs discovered a special botnet named Zerobot that was seen in the field spreading by exploiting nearly twenty security flaws in IoT devices or other programs.

Prior to downloading a script for further propagation, Zerobot targets multiple vulnerabilities to obtain access to a device. Zerobot targets several different architectures, such as i386, amd64, arm, mips, mips64, mipsle, ppc64, ppc64le, riscv64, and s390x. Zero is the filename used to save the bot.

On November 18, 2022, the malware made its first public appearance, mostly affecting Windows and Linux-powered computers.

Prior to November 24, the first one was simply equipped with the most fundamental features. The newest version now has a 'selfRepo' module that allows it to replicate itself or infect more endpoints using various protocols or security holes.

The bot connects the remote command-and-control (C2) server after infecting the machine and waits for further instructions. There are 21 exploits in Zerobot.This includes flaws affecting,  Spring Framework, D-Link DNS-320 NAS, Hikvision cameras, FLIR AX8 thermal imaging cameras, Zyxel firewalls, TOTOLINK routers, and F5 BIG-IP.

"The botnet includes a variety of modules, including assaults for various protocols, self-replication, and self-propagation. This also uses the WebSocket protocol to connect with its command-and-control server." Researcher Cara Lin from Fortinet FortiGuard Labs remarked.

The Go programming language was used to create the new botnet  Zerobot. The WebSocket protocol is used for communication. Users should be alert to this new danger, update any compromised systems connected to their network, and aggressively deploy updates as soon as they become available.




Read more »
VPN
Data Safety IoT devices Malicious Apps malware Malware Threats User Security VPN

Evolution of Malware and Its Ever-Expanding Landscape

 

Whether you are a large corporation or just a regular user, the internet can be deadly. And although digital technologies offer new opportunities, fraudsters are becoming increasingly skilled at exploiting them.

CrowdStrike's 2022 Global Threat Report indicates that there were 82% more ransomware-related data breaches in 2017 than there were in 2016. Iranian hackers who are supported by the government were recently uncovered to have spied on people using phoney VPN apps. Phishing operations are frequently the easier method to strike, like the current one that targeted shoppers over Black Friday. 

All of these assaults have one thing in common: malicious software that is able to get past one or more devices' security measures and harm the users of those devices. That is what is referred to as malware in technical lingo. 

You might be tempted to believe that all you need to do to protect your data is download one of the top antivirus programmes. However, the reality is more complicated when it comes to really safeguard your device from infection. 

Because malware can take many different forms, your security strategy must also be varied. A simple mix of protection software is not the best defence against malware, either. Before you can defeat an adversary, you must understand it. Knowledge and safety measures are the first lines of defence! 

Most Typical Forms of Malware 

Ransomware: When it infects a device, it encrypts the data and systems of the users, making it impossible to access them until a ransom is paid. It frequently spreads through malicious files, and it typically targets companies rather than individuals. 

Spyware: As its name implies, this category of software tries to gather information for secretly monitoring users. Keyloggers are a type of spyware that, for instance, tracks user activity. Spyware frequently accesses devices using both fraudulent and real apps. 

Trojans: These are programmes that appear to be trustworthy while secretly carrying out malicious attacks on users' systems. They can be discovered in a variety of software programmes, such as games or other well-known apps, as well as an attachment to a malicious email. 

Mitigation Tips 

Because there are many various types of malware on the internet that behave differently, an effective defence against it needs to be varied to protect your device from all potential threats. Here are some recommendations you might want to adopt on a regular basis. 

Use a reliable antivirus 

It goes without saying that every user should have a trustworthy antivirus programme installed on their devices, including antivirus for Mac. This is because, before installation, it will ensure that all files and programmes are clean of malware. You may schedule routine scans and adjust monitor settings simultaneously based on your requirements. Just be aware that some malware may manage to evade its control. 

Maintain software updates 

Attacks are frequently launched by cybercriminals using OS and app vulnerabilities. In order to reduce hazards, it is crucial to maintain your system and software updated. To ensure that you don't miss any changes, enable automatic updates. 

Frequently backup your data 

We talked about the risk that cyberattacks like ransomware or file-wiper software pose to your data. While the latter instantly delete all the content on your device, the former frequently prevents you from regaining control of your data even after you agree to pay. Therefore, the best line of defence in case you become targeted is to periodically back up your contents on an external hard drive or encrypted cloud storage. 

Pay attention to warning signs 

Malware may infiltrate your device even if you take precautions and download the proper protection software. In these situations, your chances of reducing the hazards increase with the speed of your response. To find a cure for any sickness, you must pay close attention to the symptoms. These include emails that are sent without your knowledge, your device stalling or crashing, programmes running on their own, an unexpectedly full hard disc, and more.
Read more »
User Security
business risks Cyber Security data security Data Theft IIoT IoT devices User Security

IoT Security: A Major Concern for Businesses Worldwide

 

As technology continues to evolve and more industries across the globe become connected, understanding the security challenges linked with the industrial internet of things (IoT) deployments is increasingly important. 

Businesses planning to roll out a manufacturing or industrial IoT initiative, or link existing technology for automated and remote monitoring or access, will need to consider all of the potential threats and attack vectors linked with those decisions. The most common security challenges with industrial IoT security are as follows: 

Security Breach Via Old Systems 

The surge in the volume of IoT apps has made it easier for malicious hackers to identify vulnerabilities to infiltrate organizational data. The operation of multiple IoT devices through the same internet connection makes it easier for attackers to exploit them as a point of illegal access to other resources. This lack of network segmentation can be devastating, as one successful assault on an IoT device can open the door to attackers to siphon sensitive data. 

To safeguard IoT-powered enterprises from data breaches, it’s important to boost the security of the devices with a hardware-based VPN technology and execute a real-time monitoring solution that will continuously scan and report the behavior of the linked devices. 

DDoS Attack 

The hackers can target businesses' endpoint devices by flooding them with overwhelming traffic so that they cannot complete the work they were intended to do. 

For example, when an industrial thermostat is linked to unprotected internet, a coordinated DDoS attack on the entire system could lead to system downtime. One of the best ways to mitigate this type of IIoT threat is to safeguard internet connection with a firewall. 

Device Spoofing  

In IIoT, a device spoofing assault is launched when the hackers pose themselves as a legitimate device to send information between businesses' centralized network and the IIoT endpoint device. For example, the hacker can pose a trusted IoT sensor to send back false information that could alter an organization’s manufacturing process. However, this risk can be mitigated by employing a hardware-based security solution.

Device Theft 

Another common issue, particularly with devices out in the field, is the theft of the physical devices themselves. This threat increases when endpoint devices are storing critical data that may cause concern if that information is stolen by the attackers. 

To minimize the threat, it’s necessary to avoid storing sensitive information on endpoint devices and use cloud-based infrastructure to store critical data. 

Data Siphoning 

The smooth deployment of data by endpoint devices can be blocked via an eavesdropping attack. What the hacker does here is eavesdrop on the network traffic from the endpoint device to secure access to collected data. 

The industries most impacted by this type of IoT attack are the health, security, and aerospace industries. To mitigate the threat, organizations must have a security policy ensuring that all transmitted data is adequately encrypted using the best encryption software. 

“Organizations need to think through this. There are a lot of requirements and they need to figure out a strategy. When looking at product security requirements, I see this as a challenging aspect as organizations get a handle around what they are manufacturing,” Robert M. Lee, CEO at Dragos Incorporation raised a concern regarding organizations' security. 

“There are organizations for example in industries such as health care, medical devices, and power and utilities that are starting to ask questions of their suppliers as they consider security before they deploy devices into their customer ecosystem. Where I see a lot of organizations struggle is in understanding system misconfiguration or not having the architecture, they thought they did in order to make sure their manufacturing environment is reliable.”
Read more »
User Security
Camera Hack Camera Spy Cyber Security IoT devices User Privacy User Security

Boost Your Internet-Linked Cameras Security Before It’s Too Late

 

The smart security camera is a great device for keeping an eye on our homes, whether for package deliveries, critters searching our garbage cans, or intruders snooping around our homes. But an Internet-linked camera without robust security might be an easy target for hackers, potentially allowing a stranger to spy on your home. 
According to the 2021 Statista Global Consumer Survey, 28 percent of U.S. consumers are worried that hackers could spy on them via their smart home devices. 

Last year in March, a hacking group claimed they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., securing access to live feeds of 150,000 surveillance cameras inside Tesla factories and warehouses, Equinox gyms, Cloudflare offices, hospitals, jails, schools, police departments, and Verkada’s own offices. 

Methodology to Hack Security Cameras 

The common way to hack security cameras is through a technique called “credential stuffing.” Malicious actors employ usernames and passwords from other data breaches to secure access to accounts. The combination of large data breaches, such as those at Equifax and Target, and individuals reemploying the same password across multiple online services make the job easy for intruders. 

Earlier this year in January, New York Attorney General Letitia James reported that the credential stuffing scheme compromised more than 1.1 million accounts in cyberattacks at 17 well-known firms. These included online retailers, restaurant chains, and food delivery services. 

This type of hack doesn’t need to infiltrate a firm’s security camera system, so every brand is at risk. “These companies aren’t technically at fault,” stated Fred Garcia, who manages CR’s privacy and security testing for home security cameras. “Most companies offer a two-factor authentication system that acts as an extra deterrent against attacks like this. But there is more that these companies could do, like encouraging people to use that added security feature by default.” 

The other sophisticated technique employed by hackers is the modification of security camera settings. Sneaky hackers won’t want you to know they’re in your network, hence, they’ll quietly change your password. Some overconfident hackers might even alter your camera name to “Change your password” or “Upgrade your firmware” as a sign of mockery and disrespect. 

How to Safeguard Your Privacy 

While no system is impervious to cyber attacks, some safety measures can mitigate the risks of being hacked and safeguard your privacy in the case of a hack. 

• Employ cameras from reputable manufacturers, whether they are part of a professionally monitored security system or a DIY device. 
• Keep your camera’s firmware up to date. 
• Use security cameras with high-level, end-to-end encryption. 
• Use complex passwords that cannot easily be guessed (in particular, avoid using passwords you already use for other online accounts). 
• Employ two-factor authentication.
Read more »
User Privacy
Cyber Security data security IoT devices Sceurity Risks User Privacy

Security Challenges for your Internet Linked Devices

 

The security of IoT devices has been a major cause for concern over the past few years. Due to easy access from any part of the globe IoT devices are vulnerable to multiple cyberattacks. Malicious hackers can use this access to siphon private data or disrupt or damage the device. 

In this article, we will take a look at some best techniques to enhance the securing of your IoT devices. 

Why is IoT security so important? 

There is no doubt that IoT devices have helped users in making their life comfortable. By using smart devices, you can make your coffee ready for when you get up and get your oven to heat your dinner up for when you get home, and even keep an eye on the house while you're away all from your smartphone. 

Additionally, organizations are using IoT devices for data gathering, edge computing, real-time insights, and measurement abilities. However, with this level of growth comes the inevitable security concerns. Hackers mainly employ the following attacks to secure access to IoT devices: 

• Malware assault: Threat actors employ malware attacks to insert malicious code into an IoT device and take advantage of its vulnerabilities. This type of attack can infect the device and allow unauthorized access to it.
 
• Cyber Attack: In these types of assaults, an intruder secures access to a user’s IoT device by abusing security bugs in the system.
 
• Data Leak: Data breach occurs when a threat actor siphons data from an IoT device or system. This mainly occurs when the data stored on an IoT device is not properly secured or when it is mistakenly made available online. 

IoT security concerns 

IoT devices face multiple security challenges that pose a threat to individuals and organizations using them. This includes improper management of device-related security threats, which primarily emerge because these devices don’t get regular updates. 

Moreover, weak credentials and default passwords make devices susceptible to brute force attacks or password hacking. The use of IoT botnets for mining cryptocurrency also risks the confidentiality, integrity, and availability of data in IoT devices. 

Mitigation Tips 

First and foremost, there is no one-size-fits-all solution when it comes to guarding IoT systems, as the nature of these devices and their connections makes them susceptible to a variety of assaults. However, there are a number of best practices that can assist in limiting the risk of malicious actors exploiting the IoT system. 

1. Control access: Execute a secure network architecture and only allow authorized IoT devices you know to join the network and limit those devices’ access. 

2. Monitor your network: Have a real understanding of what "normal" activity looks like. Make sure you deploy device security measures such as firewalls and intrusion detection/prevention systems (IDPs) to protect against unauthorized activity on your devices. 

3. Automate your response time: Limit the time you are exposed to by employing an automated response. If through monitoring, you unearth that a connected device is vulnerable, an automatic follow-up to contain and repair the issue will greatly reduce the risk of exposure. 

4. Stop using public Wi-Fi: When you're accessing your IoT network via your laptop or smartphone, avoid using Wi-Fi networks offered in coffee shops and hotels, or any other public place. 

5. Enable Encryption: One of the most important steps you can take to ensure the security of your IoT devices is to enable encryption. Encryption protects your devices from unauthorized access, and it also helps to protect the data that is stored on them.
Read more »
Water Tank Bug
IoT devices Ireland Firm security threat Vulnerabilities and Exploits Water Tank Bug

Critical Bug Identified in Kingspan TMS300 CS Water Tank Management System

 

Malicious hackers can remotely exploit a critical vulnerability in a water tank management system utilized by organizations in over 40 countries worldwide, and the manufacturer has not shown any inclination towards fixing the bug. 

The compromised product is designed by the water and energy wing of Kingspan building materials firm headquartered in Ireland. The Kingspan TMS300 CS water tank management system employs multiple mediums including screen, web server, application, online portal, or email to offer information on its products. It features wired and wireless multi-tank level measurements, alarms, and internet or local network connectivity. 

 Kingspan security bug

Earlier this week, Maxim Rupp, a researcher at CISA published an advisory regarding the product impacted by a critical vulnerability due to the lack of adequately implemented access-control guidelines, which allows an unauthenticated hacker to view or alter the product’s settings. 

The vulnerability paves a path for a hacker to access the product’s settings without verifying, and by merely searching for specific URLs. These URLs can be identified by browsing the web interface or via a brute force attack, the researcher explained. The flaw tracked as CVE-2022-2757 has received a CVSS score of 9.8. 

The malicious hacker attacker can exploit the security bug to alter various settings, including ones related to sensors, tank details, and alarm thresholds virtually from any part of the world, as long as they have access to the device’s web interface, Rupp explained. 

According to CISA, the impacted product is used worldwide in the water and wastewater systems sector, and it seems that the exploited settings could allow a hacker to cause some disruption in the targeted organization. 

“Kingspan has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected product are encouraged to contact Kingspan customer support for additional information,” the researcher added. 

Mitigation Tips 

CISA has provided the following recommendations for minimizing the threat posed by these types of vulnerabilities. 

• Limit network exposure for all control system devices and/or systems, and ensure they are not reachable from the Internet. 
• Locate control system networks and remote devices behind firewalls and isolate them from enterprise networks. 
• If necessary, employ secure methods, such as Virtual Private Networks (VPNs), to access the devices.
Read more »
Subscribe to: Posts (Atom)