By Rudra Srinivas, Senior Feature Writer, CISO MAG

Other Side of the Coin

In addition to the ease of technological advancements, the proliferation of connected IoT devices also introduced new kinds of remote attacks causing severe damage to critical digital infrastructure.  A remote hacker can monitor a smart house or break into an organization’s network by exploiting the unpatched vulnerabilities in the connected systems.

According to a survey, 84% of organizations have deployed IoT devices on their corporate networks, and more than 50% don’t maintain the necessary security measures beyond default passwords. Cybercriminals often rely on IoT connections to compromise network systems and steal personal information. Unpatched vulnerabilities and manufacturing defects in connected devices become a gateway for threat actors to penetrate corporate networks.

Common IoT Attacks

While there are various security incidents reported on IoT networks, the most common IoT attacks include:

1. Eavesdropping

An attacker could monitor targeted networks and steal personal data by exploiting security loopholes and weak connections between IoT devices and the server. Recently, security experts have disclosed a vulnerability present in over 83 million IoT devices that could allow attackers to eavesdrop on live video and audio streams and take over control of the vulnerable devices.  Earlier, the researchers also found a novel side-channel attacking technique that allows eavesdroppers to spy on conversations happening in a room from a nearby location by watching a light bulb hanging in that room.

2. Privilege Escalation Attack

A privilege escalation attack involves obtaining unauthorized access of privileges or elevated rights by a malicious insider or an external attacker.  In privilege escalation attacks, threat actors exploit privilege escalation vulnerabilities such as unpatched bugs in the system, misconfiguration, or inadequate access controls.

3. Brute-Force Attack

Most IoT device users keep the default or easy-to-remember passwords, allowing brute-force attackers to access the targeted IoT connections quickly. In brute-force attacks, threat actors guess passwords using dictionaries or common word combinations to penetrate IoT networks. Enabling robust authentication procedures like two-factor authentication (2FA), multi-factor authentication (MFA), and zero-trust models can mitigate brute-force attacks.

Conclusion

The capabilities of IoT technology continue to evolve, but IoT devices can’t be completely secure. Since IoT devices are not built to detect and mitigate potential cyberthreats, they could pose a serious risk to organizations unless they aren’t adequately secured.

About the Author:

 

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.       

More from Rudra.

The post 3 Common IoT Attacks that Compromise Security appeared first on CISO MAG | Cyber Security Magazine.

By Rudra Srinivas, Senior Feature Writer, CISO MAG

What’s a SIM Swapping Attack?

A SIM Swapping attack is one of the simplest ways cybercriminals bypass users’ 2FA protection. In a SIM swap attack, the attacker calls service providers and tricks them into changing a victim’s phone number to an attacker-controlled SIM card. This allows the attacker to reset passwords and access victims’ sensitive data.

How to Prevent SIM Swapping Attacks

The FBI recommended users follow certain security precautions to avoid SIM swapping threats. These include:

• Do not advertise information about financial assets, including ownership or investment of cryptocurrency, on social media websites and forums.
• Do not provide your mobile number account information over the phone to representatives who request your account password or pin. Verify the call by dialing the customer service line of your mobile carrier.
• Avoid posting personal information online, such as mobile phone numbers, addresses, or other personally-identifying information.
• Use a variety of unique passwords to access online accounts.
• Be aware of any changes in SMS-based connectivity.
• Use strong multi-factor authentication methods such as biometrics, physical security tokens, or standalone authentication applications to access online accounts.
• Do not store passwords, usernames, or other information for easy login on mobile device applications.

Precautions for Mobile Carriers

• Educate employees and conduct training sessions on SIM swapping.
• Carefully inspect incoming email addresses containing official correspondence for slight changes that make fraudulent addresses appear legitimate and resemble actual clients’ names.
• Set strict security protocols enabling employees to effectively verify customer credentials before changing their numbers to a new device.
• Authenticate calls from the third-party authorized retailers requesting customer information.

Victim Reporting

If you suspect that you are a victim of SIM swapping:

• Contact your mobile carrier immediately to regain control of your phone number.
• Access your online accounts and change your passwords.
• Contact your financial institutions to place an alert on your accounts for suspicious login attempts and/or transactions.
• Report information concerning all suspicious activity to your local law enforcement agency or your local FBI field office (contact information can be found at www.fbi.gov/contact-us/field-offices.)
• Report the activity to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

The post FBI Issues a Lookout for SIM Swapping Attacks appeared first on CISO MAG | Cyber Security Magazine.

Based in Taiwan, QNAP is a manufacturer of NAS devices. QNAP researchers recommended that all QNAP NAS consumers follow the security setting instructions and update their products to prevent unauthorized intrusions.

How to check whether your NAS is exposed to the Internet

The researchers stated that the NAS devices are prone to various cyberthreats if they are exposed to the Internet. To check whether your NAS device is exposed to the Internet:

• Open the Security Counselor on your QNAP NAS.
• Your NAS is exposed to the Internet and at high risk, if it shows “The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP” on the dashboard.”

QNAP suggested the below security instructions for NAS security:

1. Disable the Port Forwarding function of the router

Go to your router’s management interface, check the Virtual Server, NAT, or Port Forwarding settings, and disable the NAS management service port (port 8080 and 443 by default).

2. Disable the UPnP function of the QNAP NAS

Go to myQNAPcloud on the QTS menu, click the “Auto Router Configuration,” and unselect “Enable UPnP Port forwarding.”

NAS Devices Under Attack!

This is not the first that QNAP NAS devices have been under attack. Earlier, QNAP released a security advisory warning its users about a new cryptomining malware targeting its network-attached storage (NAS) devices. A NAS device is an internet-connected storage device that allows data storage and retrieval from a central location for authorized network users and clients. Once the malware infects a NAS device, the CPU usage becomes unusually high, where a process named “oom_reaper” could occupy around 50% of the total CPU usage. QNAP stated the infection could be removed by rebooting the affected devices. Read More Here…

The post Researchers Found New Ransomware DeadBolt Targeting NAS Servers appeared first on CISO MAG | Cyber Security Magazine.

The agency opined that the growing sophisticated cyber threats could not be mitigated with the conventional perimeter-based defenses. Citing Log4j vulnerability as the latest evidence, OMB stated that adversaries continue to find new gateways to penetrate the targeted systems.

The Zero-Trust Security Model 

A zero-trust security model is a process of designing a cybersecurity architecture based on the “never trust, always verify” concept. OMB stated the zero-trust strategy allows organizations to detect, isolate, and respond to different types of cyber risks. It will serve as a roadmap for shifting the Federal government to a new cybersecurity model.

OMB’s new federal zero-trust strategy envisions a Federal government where:

• The federal staff has enterprise-managed accounts, allowing them to access everything they need to do their job while remaining protected from even targeted, sophisticated phishing attacks.
• The devices that Federal staff use to do their jobs are consistently tracked and monitored, and the security posture of those devices is taken into account when granting access to internal resources.
• Agency systems are isolated, and the network traffic flowing between and within them is reliably encrypted.
• Enterprise applications are tested internally and externally and can be made available to staff securely over the internet.
• National security and data teams work together to develop data categories and security rules to automatically detect and ultimately block unauthorized access to sensitive information.

Also Read: Step Up Cybersecurity! White House Warns About Rising Ransomware Attacks

“In the face of increasingly sophisticated cyber threats, the Administration is taking decisive action to bolster the Federal government’s cyber defenses. This zero-trust strategy is about ensuring the Federal Government leads by example, and it marks another key milestone in our efforts to repel attacks from those who would do the U.S. harm,” said Acting OMB Director Shalanda Young.

“Security is the cornerstone of our efforts to build exceptional digital experiences for the American public. Federal agency CIOs and IT leaders are leaning into this challenge, and the zero trust strategy provides a clear roadmap for deploying technology that is secure by design and responsive to the needs of our workforce so they can better deliver for the American public,” said Federal Chief Information Officer Clare Martorana.

The post U.S. Government to Adopt The Zero-Trust Security Model appeared first on CISO MAG | Cyber Security Magazine.

The research, State of CCPA Compliance: Q1 2022, report found that 44% of organizations did not provide any mechanism for consumers to exercise their data rights, disconnecting themselves in compliance. Most organizations failed to implement CCPA regulations despite stating they needed to comply.

What is California Consumer Privacy Act?

The California Consumer Privacy Act (CCPA) was passed in 2018 and took effect on January 1, 2020. The Act gives California citizens data and privacy rights regarding how organizations use their data. Under the CCPA, users have the right to:

• Know what personal information is being collected.
• Know whether their data is being traded.
• Say “No” to the sale of their information.
• Request an organization to delete their sensitive data.
• Not be victimized for exercising their privacy rights .

Organizations that fail to meet compliance with the CCPA may attract a penalty ranging between $2,500 to $7,500, based on the data violation type.

Companies Being Non-Compliant to CCPA

The research found that 45% relied on inefficient and costly manual processes such as email and web forms for submitting and responding to data requests. Less than 11% of companies use DSAR management automation solutions. Only 15.6% of companies in California had a DSAR management automation solution, and 59.3% of them used manual processes.

The research surveyed over 5,175 U.S. companies with revenues ranging from $25 million to more than $5 billion.

Also Read: California Consumer Privacy Act Puts Additional Pressure on Financial Organizations

“The findings of our research show that companies are woefully unprepared for CCPA compliance, especially when it comes to enabling and responding to consumers’ data privacy rights. An overwhelming majority manually responds to data requests, with only a small number implementing DSAR management automation solutions. The reliance on manual processes exposes them to high DSAR compliance costs, long response times, errors that will erode consumer trust, and non-compliance actions by the California Privacy Protection Agency (CPPA),” said Vijay Basani, founder and CEO of CYTRIO.

Other Key Findings:

• Although B2C companies collect more consumer data, there was no statistically significant difference in the number deploying DSAR management automation solutions compared with B2B companies (11.3% for B2C vs. 10.3% for B2B)
• Large companies (with more than 10,000 workers) were more likely to have a commercial DSAR management automation solution. Over 60% did so with the increasing number of DSARs and streamlining related costs as potential reasons.
• Highly-regulated industries lagged in commercial solution deployment, including health care, financial services, and insurance.
• There is a strong correlation between revenue and deploying a DSAR management automation solution. High revenue earners (companies over $100 million) were more likely to have an automated solution, with companies over $5 billion in revenues especially eager.

“Overall, the survey results show that more needs to be done for CCPA compliance, and many lack the right resources and tools to meet the requirements. The prevalent reliance on manual processes and the inability to address DSAR may increase the risks of a company’s operations and shows we have more work to do in building awareness,” said Darshan Joshi, Chief Technology Officer at CYTRIO.

The post 89% of Organizations Are Non-compliant With CCPA Law appeared first on CISO MAG | Cyber Security Magazine.

“Critical services for Canadians through @GAC_Corporate are currently functioning. Some access to the Internet and internet-based services are not available as part of the mitigation measures, and work is underway to restore them. There is no indication that other departments have been impacted by this incident. There are systems and tools in place to monitor, detect, and investigate potential threats, and to take active measures to address and neutralize them when they occur,” said a statement from Canada’s Treasury Board

Investigation is Ongoing

While the officials did not mention the attackers behind the security incident, the security officials stated that a probe had been initiated to find the details.

Also Read: Canada Revenue Agency Shut Down Services after Cyberattacks

“This investigation is ongoing. We are unable to comment further on any specific details for operational reasons. Our cyber defense and incident response teams work 24/7 to identify compromises and potential alert victims within the GC and Canadian critical infrastructure. The incident response team offers advice and support to contain the threat and mitigate any potential harm,” the statement added.

Canada’s Cybersecurity Guidance

The cyberattack news comes immediately after the Canadian Centre for Cybersecurity warned critical infrastructure operators to raise awareness and take mitigations against known Russian state-sponsored hackers.

The Cyber Centre urged Canadian critical infrastructure network defenders to:

• Be prepared to isolate critical infrastructure components and services from the internet and corporate/internal networks if those components would be considered attractive to a hostile threat actor to disrupt. When using industrial control systems or operational technology, perform manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.
• Increase organizational vigilance. Monitor your networks, focusing on the TTPs reported in the CISA advisory. Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging to better investigate issues or events.
• Enhance your security posture: Patch your systems with a focus on the vulnerabilities in the CISA advisory to enable logging and backup. Deploy network and endpoint monitoring (such as anti-virus software), and implement multifactor authentication where appropriate.
• Have a cyber incident response plan, a continuity of operations, and a communications plan, and be prepared to use them.
• Inform the Cyber Centre of suspicious or malicious cyber activity.

The post Global Affairs Canada Hit by Cyberattack appeared first on CISO MAG | Cyber Security Magazine.

According to research from Cynerio – a health care IoT security platform, several medical IoT devices are prone to cyberattacks exposing hospitals and patients’ data to various cyberthreats. In its 2022 State of Healthcare IoT Device Security Report, Cynerio stated that medical IoT security has remained unaddressed despite increased healthcare cybersecurity investments. It’s found that nearly 53% of connected medical devices and other IoT devices in hospitals have known critical vulnerabilities. If compromised, these vulnerabilities could allow an attacker to perform multiple criminal activities like impacting service availability, data confidentiality, or patient safety.

Key Findings:

• IV pumps make up 38% of a hospital’s routine health care IoT footprint, and 73% of these have a vulnerability that could jeopardize patient safety, data confidentiality, or service availability if it were to be exploited by an adversary.
• Devices running versions older than Windows 10 account for most devices used by pharmacology, oncology, and laboratory devices and make up a plurality of devices used by radiology, neurology, and surgery departments, leaving patients connected to these devices vulnerable.
• The most common IoMT and IoT device risks are connected to default passwords and settings that attackers can often obtain easily from online manuals, with 21% of devices secured by weak or default credentials.
• Network segmentation can address over 90% of the critical risks presented by connected medical devices in hospitals and is the most effective way to mitigate most risks presented by connected devices.

Also Read: How Brainjacking Became a New Cybersecurity Risk in Health Care

“Health care is a top target for cyberattacks, and even with continued investments in cybersecurity, critical vulnerabilities remain in many of the medical devices hospitals rely on for patient care. Visibility and risk identification is no longer enough. Hospitals and health systems don’t need more data – they need advanced solutions that mitigate risks and empower them to fight back against cyberattacks, and as medical device security providers, it’s time for all of us to step up. With the first ransomware-related fatalities reported last year, it could mean life or death,” said Daniel Brodie, CTO, and co-founder, Cynerio.

Medical IoT Devices and Cybersecurity

With multiple intrusions and attacks on connected medical devices, the health care providers continued to be the primary target for cybercriminals. However, the most concerning issue for the health care sector is cyberattacks on implanted medical devices. Several cybersecurity experts stated that threat actors can hijack certain connected medical devices implanted in a human’s body or brain — they are calling this Brainjacking. Read More Here…

The post Over Half of Medical IoT Devices Found Vulnerable to Cyberattacks appeared first on CISO MAG | Cyber Security Magazine.

Tenable’s Security Response Team analyzed 1,825 data breach incidents disclosed between November 2020 and October 2021. The analysis included in the 2021 Threat Landscape Retrospective (TLR) report revealed an overview of the attack vectors, vulnerabilities, and insights that will help organizations prepare for the upcoming security challenges in 2022.

Some 21,957 common vulnerabilities and exposures were reported in 2021, representing a 19.6% increase over the 18,358 reported in 2020 and a 241% increase over the 6,447 disclosed in 2016. From 2016 to 2021, vulnerabilities increased at an average annual percentage growth rate of 28.3%.

The top vulnerabilities in 2021 include:

1. CVE-2021-26855 — Proylogon, Microsoft Exchange Server
2. CVE-2021-34527 —  Printnightmare, Windows Print Spooler
3. CVE-2021-21985 —    VMWARE VSPHERE
4. CVE-2021-22893 —  Pulse Connect Secure
5. CVE-2020-1472 —  Zerologon, Windows  Netlogon Protocol

Also Read: Suffered a Data Breach? Here’s the Immediate Action Plan

Other key findings from the report:

• Ransomware had a monumental impact on organizations in 2021, responsible for approximately 38% of all breaches.
• 6% of data breaches were the result of unsecured cloud databases.
• Unpatched SSL VPNs continue to provide an ideal entry point for attackers to perform cyberespionage, exfiltrate sensitive and proprietary information, and encrypt networks.
• Threat groups, particularly ransomware, have increasingly exploited vulnerabilities and misconfigurations in Active Directory.
• When security controls and code audits are not in place, software libraries and network stacks commonly used amongst OT devices often introduce additional risks.
• Ransomware groups favored physical supply chain disruption as a tactic to extort payment, while cyberespionage campaigns exploited the software supply chain to access sensitive data.
• Health care and education experienced the greatest disruption from data breaches.

“Migration to cloud platforms, reliance on managed service providers, software, and infrastructure as a service have all changed how organizations must think about and secure the perimeter. Modern security leaders and practitioners must think more holistically about the attack paths within their networks and how they can efficiently disrupt them. By examining threat actor behavior, we can understand which attack paths are the most fruitful and leverage these insights to define an effective security strategy,” said Claire Tills, Senior Research Engineer, Tenable.

The post 40 Billion User Records Exposed Globally in 2021 appeared first on CISO MAG | Cyber Security Magazine.

“We were attacked, but so far so good as we took anticipatory measures and most importantly public services at Bank Indonesia were not disrupted at all,” said Bank Indonesia’s spokesperson in a media statement.

Cybercriminals leverage ransomware to penetrate targeted network systems, infect critical files, and encrypt them, making them inaccessible to others. Threat actors often demand a ransom to decrypt the infected systems.

Conti Ransomware Suspected

While Bank Indonesia did not reveal the ransomware operators behind this attack, security experts suspect this could be from the Conti ransomware group. Conti is a Russian-speaking ransomware group that reportedly victimized more than 400 organizations worldwide, of which 290 are in the U.S. alone. Conti attackers infiltrate victim networks through phishing emails (malicious links or attachments) or stolen/cracked remote desktop protocol (RDP) credentials. These cyber actors then steal files, encrypt servers and workstations, and demand ransom.

Also Read: Cybercriminals Make Twitter a Playing Field to Target Indonesian Banks

Cyberattacks on Indonesia

Security incidents on Indonesian financial organizations have become prevalent in recent times. A cyber intelligence report from Group-IB recently found traces of an ongoing fraudulent campaign based on Twitter targeting Indonesia’s largest banks.  Cybercriminals posed as bank representatives or customer support team members on Twitter to lure and gain the trust of targeted victims. This massive campaign, which began in January 2021, ballooned 2.5-fold (from 600 in January) to a total of 1,600 fake Twitter accounts impersonating banks until early March. It is found that over seven large Indonesian financial institutions have been targeted under this campaign. The scam affected over two million Indonesian bank customers active with legitimate bank handles on Twitter.

The post Bank Indonesia Suffers Ransomware Attack, Suspects Conti Involvement appeared first on CISO MAG | Cyber Security Magazine.

How Did the Intrusion Happen?

Crypto.com stated that it identified an unauthorized activity on its user accounts on January 17, 2022, where transactions were being approved without the 2FA authentication from the user side. The crypto platform suspended all withdrawals as a precautionary measure and launched an investigation to find additional details.

Mitigation

As a security measure, Crypto.com invalidated all customer 2FA tokens and asked its customers to re-login and set up their 2FA token to ensure only authorized users can log in. While the threat actors behind the intrusion are unknown, Crypto.com stated it will notify and compensate the affected customers.

Also Read: Lazarus Group Stole $400 M Worth of Cryptocurrencies in 2021

“Full audit of the entire infrastructure has been conducted internally, with a number of improvements being implemented to further harden the security posture. While Crypto.com already performs internal and external penetration tests, Crypto.com has immediately engaged with third-party security firms to perform additional security checks on our platform, as well as initiating additional threat intelligence services,” the release said.

What Crypto.com is Doing to Prevent Intrusions

Crypto.com has introduced the Worldwide Account Protection Program (WAPP) to provide additional protection and security for its users’ funds. It is said that WAPP is designed to protect user funds in cases where a third party gains unauthorized access to their account and withdraws funds without the user’s permission.

To qualify for the WAPP program, users must:

• Enable Multi-Factor Authentication (MFA) on all transaction types where MFA is currently available
• Set up an anti-phishing code at least 21 days before the reported unauthorized transaction
• Not be using jailbroken devices
• File a police report and provide a copy of it to Crypto.com
• Complete a questionnaire to support a forensic investigation

“The safety of our customers’ funds is our highest priority, and we are continually enhancing our Defense-in-Depth security and protection measures. While we are reminded of the existence of bad actors intent on committing fraud, this new Worldwide Account Protection Program, along with our new MFA infrastructure, gives our users unprecedented protection of their funds, and hopefully, peace of mind,” said Kris Marszalek, co-founder, and CEO of Crypto.com.

The post Crypto.com Suffers Unauthorized Activity Affecting 483 Users appeared first on CISO MAG | Cyber Security Magazine.