In the latest move to expand its edge computing business, Intel Corp. has agreed to purchase Smart Edge computing platform, an indirect subsidiary of Pivot, for US$27 million on Oct. 15.
Smart Edge is a virtualized mobile smart edge (MEC) computing platform that provides services to enterprises and businesses at the edge. The technology enables services including personalized ads, digital signage, VR and AR, and product information. It can be linked with various IoT devices to provide data analytics.
The platform can also create caching points to quickly deliver information with lower latency. Decentralizing data delivery across many nodes across the network is faster than delivering data from large, centralized data centres.
By scooping up Pivot’s Smart Edge, Intel is looking to further expand into the 5G market, where IoT and edge computing is expected to boom. In its press release, the company said that it’s expecting the 5G silicon addressable market to reach $65 billion by 2023.
Intel exited the 5G smartphone modem business in April this year and transitioned its focus towards network infrastructure and data centres.
Reuters reported that Smart Edge did not generate much revenue in the first half of 2019.
The acquisition is expected to complete in the fourth quarter of 2019. Intel said around 25 Smart Edge employees will join Intel when the transaction closes.
IoT Security focuses on protecting networks and connected devices in the Internet of Things. For the readers who are new to IoT, it is a system of connected computing devices, digital and mechanical machines, animals, people, and objects. Each aspect has a unique identifier and an ability to transfer data on the network automatically. Once these devices are on the internet, they encounter grave vulnerabilities without proper protection.
Some recent high-profile incidents have surfaced, thus making IoT security a pressing topic. Cybercriminals use traditional devices to infiltrate and attack a network. Therefore, it is crucial to implement safety standards to ensure the protection of the IoT networks and their agents.
Challenges in IoT Security
IoT security has some difficulties in establishing end-to-end protection of devices and networks. Networking appliances are relatively unfamiliar, and protection isn’t even a crucial consideration in designing products. Moreover, the infancy stage of the IoT market makes manufacturers and product designers desire to present their products to the market quickly. These people disregard security in their devices, even in the planning phase.
A primary issue in IoT security is the use of default or hardcoded passwords because it can result in security breaches, even if users change them. Not providing strong passwords can still lead to infiltration. Moreover, IoT devices have resource constraints and don’t have the necessary compute capabilities to implement robust security. For instance, temperature or humidity sensors can’t handle measures such as advanced encryption.
Furthermore, IoT devices hardly ever receive patches and updates because, from the viewpoint of the manufacturer, built-in security is costly, limits the functionality, and slows down development.
Legacy assets can’t take advantage of IoT security, and replacing the infrastructure is expensive, so experts use smart sensors retrofitted on them. However, these assets haven’t been updated and don’t have protection against modern threats. As such, an attack is very feasible.
Many systems offer limited updates, and security can lapse if the organization doesn’t provide additional support. Thus, additional protection can be challenging because various IoT devices remain in the network for extended periods.
Moreover, there are no industry-accepted criteria for IoT safety. Frameworks exist, but industry organizations and large corporations can’t agree on a single structure. Each has its specific standards, while industrial IoT has incompatible and proprietary standards. Thus, the numerous measures make it almost impossible to secure systems and ensure interoperability.
The convergence of operational technology and IT networks create various challenges for security teams. Many of the personnel have the task of ensuring end-to-end security and protecting systems outside of their expertise. The involvement of a learning curve compromises protection as IT personnel must have the appropriate skill sets to handle IoT security.
Organizations must take the necessary steps to seek a shared responsibility for security. Manufacturers, service providers, and end-users must play an important role. Prioritization of privacy and protection of devices, and default authorization and encryption, for instance, must take place. However, end-users must also accept part of the burden to ensure that they take the necessary precautions like changing passwords, using security software, and installing patches as needed.
IoT Security as an Obstacle to Technology Adoption
The security of the Internet of Things is a primary obstacle to successful technology adoption. This observation is correct even when you’re only in the early stages of deployment planning.
We look at three significant angles of this complicated issue, especially when you’re laying out the deployment of IoT sensors in your setup:
- Software security patches
- Physical device
Some sensors of the Internet of Things have many built-in computing capabilities. Therefore, these devices may not accept remote updates and patches or run a security-software agent. This problem is tremendous and worrisome because of the daily discovery of software vulnerabilities that target IoT. If there’s no capability to patch these loopholes upon detection, you have a pressing issue.
Furthermore, some devices don’t have decent security and aren’t patchable. The only way to solve the dilemma is to search for a different product that does the functional task and provides more protection.
Discovery and Networking
One of the toughest problems to solve is securing the backend and IoT sensors connections. A majority of organizations don’t even know all their devices on their network. Therefore, device discovery is critical for the network security of the Internet of Things.
A primary explanation for the lack of visibility is the operational technology of IoT. The IT staff has no sole administration of network because even line-of-business personnel can connect devices to the system. There is no protocol to inform the tech group in charge of maintaining network security. Network operations people now have an unaccustomed headache because they used to control the topology of the entire network.
Aside from the close cooperation of IT personnel with the operations staff of the business, network scanners can automatically detect devices on the system through techniques such as network traffic analysis, whitelists, and device profiles. These factors ensure proper provisioning and monitoring of device connections on the network.
Frequently, physical access is a significant and straightforward concern for traditional IT security. Data centers have strict security, and switches and routers are in locations where unauthorized people can’t access or fiddle these peripherals discreetly.
However, for the Internet of Things, well-established security practices aren’t evident. A few IoT implementations are easy to secure. A misfit can’t tinker with state-of-the-art diagnostic equipment in a secured hospital. The hacker can’t fiddle with intricate robotic manufacturing equipment in a limited access factory floor. Compromises can occur, but if a felon is still a threat even in secure locations.
Consequently, equipment around the metropolis, such as smart parking meters, traffic cameras, and noise sensors are easily accessible to the public. Soil sensors in agricultural areas and other technology in a sufficiently remote place aren’t safe either.
Diversified solutions are in place. For instance, enclosures and cases can stop a few attackers, but these things may be impractical in some situations. Video surveillance on these machines can also be a point of the intrusion. Thus, the IoT Security Foundation advocates the disabling of ports on a device. However, this recommendation isn’t necessary in some cases where there is a need for them to perform their functions. Moreover, it recommends implementing tamper-proof circuit boards and embedding these circuits in resin.
The post Prerequisites of IoT Security: Software, Network, Physical appeared first on .
at Fortinet’s FortiGuard Labs have publicly disclosed a critical remote code execution vulnerability affecting some models of D-Link routers.
Security experts at Fortinet’s FortiGuard Labs disclosed a remote code execution vulnerability tracked as CVE-2019-16920. The vulnerability is an
The bad news for the users is that the vendor will not address it because it affects discontinued products.
According to the Fortinet, the vulnerability impacts D-Link firmware in the DIR-655, DIR-866L, DIR-652, and DHP-1565 router families.
“In September 2019, Fortinet’s FortiGuard Labs discovered and reported an
The vulnerability could be exploited by an attacker sending arbitrary input to a “
“The vulnerability begins with a bad authentication check. To see the problem in action, we start at the admin page and then perform a login action.” continues the advisory. “Here, we implement the POST HTTP Request to “apply_sec.cgi” with the action ping_test. We then perform the command injection in ping_ipaddr. Even if it returns the login page, the action ping_test is still performed – the value of ping_ipaddr will execute the “echo 1234” command
The experts discovered that it is possible to execute code remotely, even without the necessary privileges, due to bad authentication check.
The researchers reported the vulnerability to D-Link on September 22, the vendor the day after acknowledged the issue, but three days later confirmed that no patch will be released because the products are at
Below the disclosure timeline:
- 22 September, 2019: FortiGuard Labs reported the vulnerability to D-Link.
- 23 September, 2019: D-Link confirmed the vulnerability
- 25 September, 2019: D-Link confirmed these products are EOL
- 3 October 2019: Public disclosure of the issue and released advisory
(SecurityAffairs – routers, hacking)
The post D-Link router models affected by remote code execution issue that will not be fixed appeared first on Security Affairs.
Dutch police seized a bulletproof hosting service in a major takedown, the infrastructure was used by tens of IoT botnets involved in DDoS attacks.
A joint operation conducted by the Netherlands’ National Criminal Investigation Department and National Cyber Security Center allowed to track down and seize five servers that were composing a cybercrime underground bulletproof hosting service.
The servers were hosted at an unnamed data center in Amsterdam, it was used by tens of IoT
“Middelburg, Veendam, Amsterdam, Driebergen – The police has taken five servers offline that
Authorities revealed that they have received more than three thousand reports of malware spread through the bulletproof hosting service
The authorities also arrested two Dutch nationals who had been running a Mirai
In this case, the police say, the people controlling those servers were a pair of Dutch nationals who had been running a Mirai
“The investigation also revealed that this botnet was very aggressively trying to infect other devices, up to over a million attempts per month on one device,” the translated police statement reads.
“The investigation also revealed that this
Authorities are analyzing the seized servers and the data they contain will likely lead to the arrests of other players in the cybercrime underground.
The post Dutch police shut down bulletproof service hosting tens of DDoS botnets appeared first on Security Affairs.
Security Labs discovered a new IOT bot named “GUCCI”. It seems like the IOT
botnet is named after an Italian luxury brand of fashion and leather goods.
The discovery came to exist during our reconnaissance and intelligence collection process. The IOT threat detection engine picked the infection IP has shown below hosting number of bins for different architectures
Figure 1: GUCCI Bot Binaries
All the bins were successfully downloaded and magic headers were analyzed to check the type of file. Figure 2 highlights how the GUCCI bot binaries are compiled.
Figure 2: Bot: compiled Binaries
As you can see the output in Figure 2, all the Gucci bot binaries are “stripped”. This means that when these binaries were compiled all the debug symbols were removed from these executables to reduce the size. Listing 1 highlights the Md5 hashes of the binaries being analyzed.
|MD5 (arm) = b24e88da025e2e2519a96dd874e6ba8bMD5 (arm5) = 24ef4178e365c902cfdd53d0ea0d1dc2MD5 (arm6) = 5a5a27635570b2c3634cab62beadc951MD5 (arm7) = c1ef67719e9762fc46aeb28a064fe0aeMD5 (m68k) = 2b984677ab9ee264a2dae90ca994a2a6MD5 (mips) = a0e0da3ae1ad1b94f0626c3e0cb311adMD5 (mpsl) = ee26f791f724f92c02d976b0c774290dMD5 (ppc) = e16f594cbdd7b82d74f9abc65e0fe677MD5 (sh4) = a70d246e911fe52638595ea97ed07342MD5 (spc) = d1b719ab9b7be08ea418b47492108dfaMD5 (x86) = de94d4718127959a494fe8fbc4aa5b2a|
|Listing 1: MD5 Hashes of the Gucci Bit Binaries|
The binaries were found to be obfuscated in nature. On further analysis, it was analyzed that the Gucci bot was connecting to the remote IP on the TCP port “5555” and transmitting the data accordingly. Digging deeper, we found that the remote host running a custom telnet service on TCP port 5555 and exchanging commands with Gucci bots regularly. When a test connection was initiated on TCP port 5555 using telnet client on remote IP, the successful connection acceptance resulted in requirement of credentials.
Without authentication credential, it was not possible to access the service. Considering all scenarios, automated brute force and account cracking attempts were performed. The account credentials were successfully cracked and connection was initiated and accepted as credentials are accepted.
Figure 3 highlights that Gucci bot Command and Control panel was hijacked and privilege access was obtained.
Figure 3: Gucci C&C Bot Panel
The C&C listed out the different type of Denial of Service (DoS) attack types supported by the Gucci bot. The support scans are:
- HTTP null scan
- UDP flood
- Syn flood
- ACK flood
- UDP flood with less protocol options
- GRE IP flood
- Value Source Engine specific flood
It was noticed that Gucci bot was in
Figure 4: Gucci Bot – Source of Distribution
A new IOT bot Gucci has been discovered and analyzed accordingly. The
About the authors:
Aditya K Sood is a Cyber Security Expert and working in the field for more than 11 years now. His work can be found at: https://adityaksood.com;
Rohit Bansal is a Principal Security Researcher at SecNiche Security Labs
The post Gucci IOT Bot Discovered Targeting European Region appeared first on Security Affairs.
Tridium’s Niagara product is affected by two vulnerabilities in
BlackBerry’s QNX operating system for embedded devices.
The U.S. Department of Homeland Security’s
The flaws could be exploited by a local user to escalate their privileges.
The Niagara Framework is a universal software infrastructure
The Niagara framework is widely adopted, especially in the commercial facilities, government facilities, critical manufacturing and IT sectors.
The security flaws impact Niagara AX 3.8u4, 4.4u3 and 4.7u1.
The most severe vulnerability, tracked as CVE-2019-8998, is an information disclosure flaw related to the
The flaw was discovered by Johannes Eger and Fabian Ullrich of the Secure Mobile Networking Lab at TU Darmstadt in Germany and received a CVSS score of 7.8.
“This advisory addresses an information disclosure vulnerability leading to a potential local escalation of privilege in the default configuration of the
BlackBerry QNX confirmed that it is not aware of attacks exploiting the flaw in the wild.
The second vulnerability, tracked as CVE-2019-13528, is an improper authorization issue, it could allow a specific utility to gain read access to privileged files.
“A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), and Niagara 4.7u1 (JACE-8000, Edge 10).” reads the advisory.
This flaw was reported by Francisco Tacliad and it received a CVSS score of 4.4.
- Niagara AX 3.8u4:
- OS Dist: 2.7.402.2
- NRE Config Dist: 3.8.401.1
- Niagara 4.4u3:
- OS Dist: 22.214.171.124.1 NRE Config
- Dist: 126.96.36.199.1
- Niagara 4.7u1:
- OS Dist: (JACE 8000) 188.8.131.52.1
- OS Dist (Edge 10): 184.108.40.206.1
- NRE Config Dist: 220.127.116.11.1
(SecurityAffairs – Tridium, IoT)
The post Tridium Niagara framework affected by 2 flaws in BlackBerry QNX OS appeared first on Security Affairs.
If you’re like most users, you’ve probably adopted several smart devices into your home over the last few years. Whether it be voice assistants, smart TVs, thermostats, or gaming systems, IoT devices help make our lives easier. But with greater connectivity also comes greater exposure to online threats. However, that doesn’t mean users should avoid using IoT technology altogether. With the help of smart security, users can feel safe and protected as they bring new gadgets into their lives. Solutions like McAfee Secure Home Platform, which is now the winner of the IoT Security Excellence Award, can help users connect with confidence.
Here at McAfee, we know smart security is more important now than ever before. That’s why we work tirelessly to ensure that our solutions provide consumers with the best protection possible. For example, McAfee Secure Home Platform provides automatic protection for the entire home network by automatically securing connected devices through a router with McAfee protection. It’s through the proactive evolution of our products that McAfee Secure Home Platform has received this 2019 IoT Security Excellence Award from IoT Evolution World, the leading publication covering IoT technologies.
The IoT Security Excellence Award celebrates the most innovative products and solutions in the world of IoT. It honors technology empowered by the new availability of information being deduced, inferred, and directly gathered from sensors, systems, and anything else that is supporting better business and personal decisions. Winners of this award are recognized for their innovation in gathering and managing information from connected devices that often are not associated with IoT.
“We are thrilled that McAfee Secure Home Platform has been recognized by IoT Evolution World as a recipient of the 2019 IoT Evolution Security Excellence Award. We continue to prioritize creating solutions that lead with ease of use and first-class protection, in order for consumers to best protect every connected device in their homes.” – Gary Davis, Chief Consumer Security Evangelist at McAfee.
As long as technology continues to evolve, so will the threat landscape. This is what drives us to keep developing leading solutions that help you and your loved ones connect with confidence. Solutions like McAfee Secure Home Platform are leading the charge in providing top home network security while still empowering users to enjoy their smart devices.
The post McAfee Receives the 2019 Security Excellence Award From IoT Evolution appeared first on McAfee Blogs.
After 2 years of waiting, MalwareMustDie returns with an excellent page of malware analysis of a new IoT malware: Linux/AirDropBot.
Yes, I have to confess, it was hard to wait all this time, but the reward it was worth it: unixfreaxjp is return, with a new, great page of reverse engeeniring published on the MalwareMustDie blog post: “MMD-0064-2019 – Linux/AirDropBot”
And this is not only “the” Odisseus’s opinion, just because I can be addressed as a member of MalwareMustDie crew: this last post IT IS a masterpiece technically speaking, because here unixfreaxjp reveals some unique and undocumented best practices in order to reverse Linux malware binaries (Intel and not Intel platforms), providing to every whitehat reverser many references and howtos to deal with ELF Linux malware, mixing theory and practice and showing how is incredibly useful the use of Radare r2 and Tsurgi distribution.
Don’t know if is because I have asked to my friend unixfreaxjp many times to publicly show how Radare r2 can be be used with great results, but after this post we can definitively state that, once again, Radare r2 has nothing to envy of the best commercial tools used in many reverse engineering tutorials that are available on Youtube.
In fact this time we have not a “simple” blog post, but a rich, strong and powerful technical lesson on how stripped binaries can be reversed even if they are “indeed” stripped.
Unixfreaxjp step by step leads the reader to understand how a malware code is build, which are the methods, which are the secrets, with are the hidden techniques used by the coders to hide and encrypt as much as possible the C2 address, how the operative commands coming from the C2 are parsed, and how almost everything can be reconstructed to get the source code back from any stripped binary.
The beginning of the story: another IoT malware in the wild?
But let’s go back to the beginning of the story when my very good friend @0xrb found in his
It is possible to give a look also to the logs of the malware that @0xrb published on Pastebin: here a lot of information is made available during the running phase. One of them, for
The C2 of the botnet was: 18.104.22.168
We will overfly the technical analysis because the MalwareMustDie post is extremely clear and explanatory in every single part of its analysis.
Coming to the core topic: IoT botnet threat and their ecosystem
New Linux developed malware aiming internet of things is happening a lot, and as previously mentioned, it has been driven by the money scheme that is fueling its botnet ecosystem as per previously posted in Security Affairs, this is still the main reason why new freshly coded malware in this sector is always coming up.
So many processors are aimed by the malware, but if CPU like ARC Cores, Renesas SH, Motorola m68000, Altera Nios II, Tensilica Xtensa and Xilinx MicroBlaze CPU is aimed along with other generic cross-compiled CPU (MIPS/ARM/PPC/SPARC/Intel), the herder meant serious business to “pwn” the reachable IoTs. The binary is having two categories, the one that acts as bots and meant to infect the small devices and for bigger systems it has the worm-like vulnerability scanner aims CGI page on routers (in this version is aiming HTTP port 8080 on specific product CGI file) that can infect itself in a worm-like style along with the telnet scanning basis (attacking TCP port 23 or 2323).
The analysis made in MalwareMustDie blog’s recent post “MMD-0064-2019 – Linux/AirDropBot” is showing the latest binary sets, used by the adversaries behind this
Internet of things are on improvement for its
Are we the wrong track then? I don’t think so. Yes, the process takes time and what we can do is keep on improving the detection
About the Author:
(SecurityAffairs – AirDropBot, malware)
The post Exclusive: MalwareMustDie analyzes a new IoT malware dubbed Linux/ AirDropBot appeared first on Security Affairs.
Once again concerns are being raised about the sorry state of IoT security, after a security researcher discovered over 15,000 private webcams that have been left wide open for anyone with an internet connection to spy upon.
Read more in my article on the Bitdefender BOX blog.
Researchers at Guardicore Labs reported that the Smominru botnet is rapidly spreading and now is already infecting over 90,000 machines each month around worldwide.
In February 2018, researchers from Proofpoint discovered a huge
Experts discovered that many machines recruited in the
“During August, the Smominru
Most of the infected systems are Windows 7 and Windows Server 2008, representing 85 percent of all infections, in China, Taiwan, Russia, Brazil and the US.
In just one month, the worm infected more than 4,900 networks, some of them had dozens of internal machines infected. The largest network belongs to a
Once compromised the system, a first-stage Powershell script named blueps.txt is downloaded onto the machine. This script performs the following actions:
- It downloads and executes three binary files;
- It creates a new administrative user named admin$ on the system;
- It downloads additional scripts to perform malicious actions.
Once gained access to the targeted systems, Smominru installs a Trojan module and a
The latest variant of Smominru downloads and runs at least 20 distinct malicious scripts and binary payloads, including a worm downloader and an MBR rootkit.
The storage infrastructure is widely distributed, experts found more than 20 servers, each of them serves a few files and each file references additional 2-3 servers.
Most of the
“The attackers create
Guardicore Labs experts managed to gain access to one of the attackers’ servers and analyzed its content to gather information on the nature of the victims.
“The attackers’ logs describe each infected host; they include its external and internal IP addresses, the operating system it runs and even the load on the system’s CPU(s). Furthermore, the attackers attempt to collect the running processes and steal credentials using Mimikatz,” the researchers say. continues the report.
Unlike previous variants, the new Smominru bot also removes infections from compromised systems and blocking TCP ports (SMB, RPC) to prevent infections by other threat actors.
Further data, including Indicators of Compromise, are reported in the analysis published by the experts
(SecurityAffairs – APT, hacking)
The post Smominru Botnet continues to rapidly spread worldwide appeared first on Security Affairs.
With IoT devices expected to reach tens of billions in the next few years, is it any wonder that cybercriminals are looking for ways to take advantage of this massive attack surface to generate illicit money?
A number of Trend Micro researchers from around the globe decided to look into this and launched a research project to dive into five different cybercriminal undergrounds (Russia, Portuguese, English, Arabic, and Spanish) to identify what conversations are occurring, what attacks and threats are being utilized, and the reasons for using IoT by members of these undergrounds. A detailed report can be downloaded here for those who want to read up on their findings.
I’d like to give you my three key takeaways from the research:
There is no doubt that IoT devices are being used more and more in attacks or as the target of an attack, and there is a lot of chatter within multiple undergrounds around the world to raise awareness and interest around this attack surface.Our report is intended to give information on what cybercriminals are doing now or will be doing with IoT in the future and show it is a global phenomenon.
For consumers and organizations, be aware that devices you own are a likely target for attacks, and most likely today to be added into an existing botnet. Mirai is the dominant IoT threat today and will likely continue as malicious actors create variants of this malware.
The post Are IoT Threats Discussed In The Cybercriminal Underground? appeared first on .
iPhone hacks have often been considered by some to be a rare occurrence. However, a group of Google researchers recently discovered that someone has been exploiting multiple iPhone vulnerabilities for the last two years. How? Simply by getting users to visit a website.
How exactly does this exploitation campaign work? According to WIRED, researchers revealed a handful of websites that had assembled five exploit chains. These exploit chains are tools that link security vulnerabilities together and allow a hacker to penetrate each layer of iOS digital protections. This campaign took advantage of 14 security flaws, resulting in the attacker gaining complete control over a user’s phone. Researchers state that these malicious sites were programmed to assess the Apple devices that loaded them and compromise the devices with powerful monitoring malware if possible. Once the malware was installed, it could monitor live location data, grab photos, contacts, passwords, or other sensitive information from the iOS Keychain.
So, what makes this attack unique? For starters, this exploitation campaign hides in plain sight, uploading information without any encryption. If a user monitored their network traffic, they would notice activity as their data was being uploaded to the hacker’s server. Additionally, a user would be able to see suspicious activity if they connected their device to their computer and reviewed console logs. Console logs show the codes for the programs being run on the device. However, since this method would require a user to take the extra step of plugging their iPhone into a computer, it’s highly unlikely that they would notice the suspicious activity.
Although iOS exploits usually require a variety of complexities to be successful, this exploitation campaign proves that iOS hacking is very much alive and kicking. So, what can Apple users do to help ward off these kinds of attacks? Here’s how you can help keep your device secure:
- Install automatic updates. In your device settings, choose to have automatic updates installed on your device. This will ensure that you have the latest security patches for vulnerabilities like the ones leveraged in these exploit chains as soon as they’re available.
The post iPhone Users: Here’s What You Need to Know About the Latest iOS Hacks appeared first on McAfee Blogs.
In early July, NIST released draft versions of two new publications: NIST SP 800-171 Revision 2: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations and NIST SP 800-171B: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High Value Assets. NIST explains that its “SP 800-171 Revision […]… Read More
The post Overview of NIST 800-171b: 33 Enhanced Security Requirements to Help Protect DoD Contractors appeared first on The State of Security.
Until recently, the manufacturing sector as a whole rarely took cyber threats seriously. This was primarily due to the domain’s outlook that it was a highly specialized industry and hence would not be on the radar of cyberattackers. The outlook started to change after annihilating cyberattacks such as spear-phishing attacks on Saudi Aramco, Stuxnet and the LockerGoga started to surface.
Citing one of the latest cyberattacks, Airbus faced a threat this year when it reported that it had detected an attack on its information systems which resulted in a data breach. Though it did not affect their operations, Airbus did admit that employee-related details had been lost in the breach.
It was events like these when this industry realized that it too is equally prone to cyber threats that can shut down entire production lines and have ramifications throughout the supply chain.
In fact, according to Seqrite’s Q2 Threat Report, cyberattacks are on the prowl in manufacturing, especially in the automobile sector.
We discuss key channels for attackers to target the this industry.
- Data breaches
Manufacturers store a vast range of often specialized and classified data on their systems. This ranges from the projects they are working on, blueprints for future products that companies would like to be secretive about, confidential financial data and a lot more. Hackers are aware that this data is a potential goldmine putting manufacturers at risk of data breaches which can lead to disastrous consequences. Manufacturing companies must recognize that the risk of data breaches actually exists and work hard to plug the gap.
- Internet of Things and connected manufacturing
The manufacturing industry is increasingly moving towards an era of smart manufacturing where the shop floor and the supply chain are progressively getting interconnected. This helps to speed-up production and time-to-market but also creates an ecosystem where there is a reduced division between different stages in the manufacturing lifecycle.
Although beneficial, this increases the risk of a cyberattack in multitudes – the risk of a single cybersecurity breach can have a deep impact on a manufacturing plant.
Furthermore, with futuristic technologies like the Internet of Things (IoT) seeing enterprise adoption at lightning speeds, manufacturers, now, have to deal with an added cyber threat channel.
- IP theft
Intellectual property is the manufacturing industry’s key asset and prized possession. Hence, it is obvious that if it goes in the wrong hands, this could cause immense reputational and financial damage to a manufacturing company. While most companies in this sector have strict rules for employees on the information they can disseminate to external sources, enterprise stakeholders do not consider that the risk for IP theft can also come from cyber attacks, whether it’s data breaches or insider threats.
- Falling behind in the skills gap
Mostly, the manufacturing industry collectively understands the importance of specialized knowledge and hiring people with expert skills to solve the problems they face in day-to-day operations. However, considering the current dangerous scenario of enterprise cyberattacks, this needs to be extended to resolve their cybersecurity problems as well.
After all, cybersecurity is a specialized issue and it requires specific people with the correct training and knowledge to tackle it. The manufacturing industry must look beyond a conventional IT department to tackle cyberthreats.
- Regulation and compliance
The manufacturing industry has mandates to comply with regulations at a national and an international level that currently encapsulates cybersecurity as well. Most manufacturing companies nowadays operate under some sort of regulatory control for their data. Often this information is stored in the cloud with very limited access and under strict regulations.
If this data privacy is violated, it can have serious consequences and is a factor to be kept in mind when considering a cloud network security strategy.
Keeping the above in mind, it is important for the manufacturing sector to prioritize cybersecurity and invest in solutions like Seqrite Endpoint Security (EPS) and Unified Threat Management (UTM) to ensure they remain protected in this day and age of sophisticated and tailor-made cyberattacks towards the enterprise.
The post The manufacturing industry’s major cybersecurity challenges appeared first on Seqrite Blog.
Many of us use Bluetooth technology for its convenience and sharing capabilities. Whether you’re using wireless headphones or quickly Airdropping photos to your friend, Bluetooth has a variety of benefits that users take advantage of every day. But like many other technologies, Bluetooth isn’t immune to cyberattacks. According to Ars Technica, researchers have recently discovered a weakness in the Bluetooth wireless standard that could allow attackers to intercept device keystrokes, contact lists, and other sensitive data sent from billions of devices.
The Key Negotiation of Bluetooth attack, or “KNOB” for short, exploits this weakness by forcing two or more devices to choose an encryption key just a single byte in length before establishing a Bluetooth connection, allowing attackers within radio range to quickly crack the key and access users’ data. From there, hackers can use the cracked key to decrypt data passed between devices, including keystrokes from messages, address books uploaded from a smartphone to a car dashboard, and photos.
What makes KNOB so stealthy? For starters, the attack doesn’t require a hacker to have any previously shared secret material or to observe the pairing process of the targeted devices. Additionally, the exploit keeps itself hidden from Bluetooth apps and the operating systems they run on, making it very difficult to spot the attack.
While the Bluetooth Special Interest Group (the body that oversees the wireless standard) has not yet provided a fix, there are still several ways users can protect themselves from this threat. Follow these tips to help keep your Bluetooth-compatible devices secure:
- Adjust your Bluetooth settings. To avoid this attack altogether, turn off Bluetooth in your device settings.
- Beware of what you share. Make it a habit to not share sensitive, personal information over Bluetooth.
- Turn on automatic updates. A handful of companies, including Microsoft, Apple, and Google, have released patches to mitigate this vulnerability. To ensure that you have the latest security patches for vulnerabilities such as this, turn on automatic updates in your device settings.
The post Boost Your Bluetooth Security: 3 Tips to Prevent KNOB Attacks appeared first on McAfee Blogs.
5G has been nearly a decade in the making but has really dominated the mobile conversation in the last year or so. This isn’t surprising considering the potential benefits this new type of network will provide to organizations and users alike. However, just like with any new technological advancement, there are a lot of questions being asked and uncertainties being raised around accessibility, as well as cybersecurity. The introduction of this next-generation network could bring more avenues for potential cyberthreats, potentially increasing the likelihood of denial-of-service, or DDoS, attacks due to the sheer number of connected devices. However, as valid as these concerns may be, we may be getting a bit ahead of ourselves here. While 5G has gone from an idea to a reality in a short amount of time for a handful of cities, these advancements haven’t happened without a series of setbacks and speedbumps.
In April 2019, Verizon was the first to launch a next-generation network, with other cellular carriers following closely behind. While a technological milestone in and of itself, some 5G networks are only available in select cities, even limited to just specific parts of the city. Beyond the not-so widespread availability of 5G, internet speeds of the network have performed at a multitude of levels depending on the cellular carrier. Even if users are located in a 5G-enabled area, if they are without a 5G-enabled phone they will not be able to access all the benefits the network provides. These three factors – user location, network limitation of certain wireless carriers, and availability of 5G-enabled smartphones – must align for users to take full advantage of this exciting innovation.
While there is still a lot of uncertainty surrounding the future of 5G, as well as what cyberthreats may emerge as a result of its rollout, there are a few things users can do to prepare for the transition. To get your cybersecurity priorities in order, take a look at our 5G preparedness toolkit to ensure you’re prepared when the nationwide roll-out happens:
- Follow the news. Since the announcement of a 5G enabled network, stories surrounding the network’s development and updates have been at the forefront of the technology conversation. Be sure to read up on all the latest to ensure you are well-informed to make decisions about whether 5G is something you want to be a part of now or in the future.
- Do your research. With new 5G-enabled smartphones about to hit the market, ensure you pick the right one for you, as well as one that aligns with your cybersecurity priorities. The right decision for you might be to keep your 4G-enabled phone while the kinks and vulnerabilities of 5G get worked out. Just be sure that you are fully informed before making the switch and that all of your devices are protected.
- Be sure to update your IoT devices factory settings. 5G will enable more and more IoT products to come online, and most of these connected products aren’t necessarily designed to be “security first.” A device may be vulnerable as soon as the box is opened, and many cybercriminals know how to get into vulnerable IoT devices via default settings. By changing the factory settings, you can instantly upgrade your device’s security and ensure your home network is secure.
- Add an extra layer of security.As mentioned, with 5G creating more avenues for potential cyberthreats, it is a good idea to invest in comprehensive mobile security to apply to all of your devices to stay secure while on-the-go or at home.
The rapid pace at which connected smart home devices are increasing, have opened the gates for a new era of cyber-attacks on IoT devices including smart phones, TVs, IP cameras, etc. These attacks are mostly in the form of crypto mining attacks wherein cryptocurrency-mining botnet enters the targeted device via…
Since the early ‘90s, Linux has been a cornerstone of computer operating systems. Today, Linux is everywhere — from smartphones and streaming devices to smart cars and refrigerators. This operating system has been historically less susceptible to malware, unlike its contemporaries such as Windows or Mac OS. However, the widespread adoption of IoT devices has changed that, as security vulnerabilities within Linux have been found over time. These flaws have been both examined by researchers in order to make repairs and also exploited by hackers in order to cause disruption.
As recently as last month, a new strain of a Linux bricking worm appeared, targeting IoT devices– like tablets, wearables, and other multimedia players. A bricking worm is a type of malware that aims to permanently disable the system it infects. This particular strain, dubbed Silex, was able to break the operating systems of at least 4,000 devices. By targeting unsecured IoT devices running on Linux, or Unix configurations, the malware went to work. It quickly rendered devices unusable by trashing device storage, as well as removing firewalls and other network configurations. With this threat, many users will initially think their IoT device is broken, when really it is momentarily infected. To resolve the issue, users must manually download and reinstall the device’s firmware, which can be a time consuming and difficult task. And while this incident is now resolved, Silex serves as a cautionary tale to users and manufacturers alike as IoT devices continue to proliferate almost every aspect of everyday life.
With an estimated 75.4 billion IoT connected devices installed worldwide by 2025, it’s important for users to remain focused on securing all their devices. Consider these tips to up your personal device security:
- Keep your security software up-to-date. Software and firmware patches are always being released by companies. These updates are made to combat newly discovered vulnerabilities, so be sure to update every time you’re prompted to.
- Pay attention to the news. With more and more information coming out around vulnerabilities and flaws, companies are more frequently sending out updates for IoT devices. While these should come to you automatically, be sure to pay attention to what is going on in the space of IoT security to ensure you’re always in the know.
- Change your device’s factory security settings. When it comes to IoT products, many manufacturers aren’t thinking “security first.” A device may be vulnerable as soon as the box is opened, and many cybercriminals know how to get into vulnerable IoT devices via default settings. By changing the factory settings, you are instantly upgrading your device’s security.
- Use best practices for linked accounts. If you connect a service that leverages a credit card, protect that linked service account with strong passwords and two-factor authentication (2FA) where possible. In addition, pay attention to notification emails, especially those regarding new orders for goods or services. If you notice suspicious activity, act accordingly.
- Set up a separate IoT network. Consider setting up a second network for your IoT devices that doesn’t share access with your other devices and data. You can check your router manufacturer’s website to learn how. You may also want to add another network for guests and their devices.
- Get security at the start. Lastly, consider getting a router with built-in security features to make it easier to protect all the devices in your home from one place.
With so many smart home devices being used today, it’s no surprise that users would want a tool to help them manage this technology. That’s where Orvibo comes in. This smart home platform helps users manage their smart appliances such as security cameras, smart lightbulbs, thermostats, and more. Unfortunately, the company left an Elasticsearch server online without a password, exposing billions of user records.
The database was found in mid-June, meaning it’s been exposed to the internet for two weeks. The database appears to have cycled through at least two billion log entries, each containing data about Orvibo SmartMate customers. This data includes customer email addresses, the IP address of the smart home devices, Orvibo usernames, and hashed passwords.
More IoT devices are being created every day and we as users are eager to bring them into our homes. However, device manufacturers need to make sure that they are creating these devices with at least the basic amount of security protection so users can feel confident utilizing them. Likewise, it’s important for users to remember what risks are associated with these internet-connected devices if they don’t practice proper cybersecurity hygiene. Taking the time to properly secure your devices can mean the difference between a cybercriminal accessing your home network or not. Check out these tips to help you remain secure when using your IoT devices:
- Research before you buy. Although you might be eager to get the latest device, some are made more secure than others. Look for devices that make it easy to disable unnecessary features, update software, or change default passwords. If you already have an older device that lacks these features, consider upgrading.
- Safeguard your devices. Before you connect a new IoT device to your network, be sure to change the default username and password to something strong and unique. Hackers often know the default settings of various IoT devices and share them online for others to expose. Turn off other manufacturer settings that don’t benefit you, like remote access, which could be used by cybercriminals to access your system.
- Update, update, update. Make sure that your device software is always up-to-date. This will ensure that you’re protected from any known vulnerabilities. For some devices, you can even turn on automatic updates to ensure that you always have the latest software patches installed.
- Secure your network. Just as it’s important to secure your actual device, it’s also important to secure the network it’s connected to. Help secure your router by changing its default name and password and checking that it’s using an encryption method to keep communications secure. You can also look for home network routers or gateways that come embedded with security software like McAfee Secure Home Platform.
- Use a comprehensive security solution. Use a solution like McAfee Total Protection to help safeguard your devices and data from known vulnerabilities and emerging threats.
The post Is Your Smart Home Secure? 5 Tips to Help You Connect Confidently appeared first on McAfee Blogs.