How to Mitigate IoT Security Risks

How to Mitigate IoT Security Risks

Whether you’re in the office or at home, you’re most likely surrounded by IoT devices. Gartner forecasts that 14.2 billion connected things will be in use in 2019, and that the total will reach 25 billion by 2021. Although these devices help increase productivity and make our lives easier, they are also targeted by cyber attacks. According to Symantec’s 2018 Internet Security Threat Report, IoT attacks went up by 600% between 2016 and 2017. As we start to incorporate more IoT devices into our lives, we need to be aware of the security risks of IoT devices. A survey by digital certificates provider DigiCert found that 25 percent of companies struggling the most with IoT security reported IoT security-related losses of at least $34 million in the last two years.

Source: ZDNet

What are the IoT Security Risks?

One of the biggest challenges in securing IoT is the fact that the attack surface is so large and contains many risks such as vulnerabilities, authentication issues and device and network threats.

Many IoT attacks can also target unconventional devices such as smart refrigerators, printers or baby monitors. Therefore, people might not realize that IoT devices pose a security risk.

Shadow IoT devices, which are active IoT devices that connect to the company network without the company’s IT support, can be easily targeted by hackers. Companies often have no control over these devices so they may lack proper authentication and security features.

IoT devices can be hijacked and used for malicious purposes. For example, the Mirai botnet attack in 2016 took advantage of insecure IoT devices to create a massive denial of service (DDoS) attack. The hackers behind the attack managed to scan for hundreds of thousands of vulnerable IoT devices and use them in DDoS attacks without the device owner’s knowledge.

Malicious actors can hack into insecure IoT devices or IoT apps and use them to spy on people or pinpoint their location. According to the Ponemon Institute, 80% of IoT applications are not tested for vulnerabilities. This is alarming as this means that many IoT apps can be exploited to carry out attacks.

4 Things You Can Do to Reduce IoT Security Risks

Keep Track of Your Devices

Each IoT device in your network has its own potential security risk, which is why it’s important to know your IoT devices. Use proper device identification and authentication so that you can keep track of the devices that are communicating with the network.

Rogue devices can pop up so being able to scan your network for devices is important. Removing devices that are no longer in use and disabling unused features can also help reduce the attack surface.

Use IoT Devices You Can Trust

IoT weaknesses can pose a large security threat to your data. Make sure you use devices that are supported by the manufacturer to ensure that you have access to necessary security patching. Keeping track of patching and firmware upgrades will help defend against exploits.

Follow Basic Cyber Hygiene Practices

Having good cybersecurity hygiene is key in defending against IoT risks. This includes patch management, backing up your data, using encryption and implementing security awareness training. It’s important to continuously monitor your environment for changes and take action when necessary.

Do an Assessment

Any of your IoT devices can be a target of a cyber attack. It’s important to be aware of the impacts each of your devices can pose to your overall network. If one device is compromised, will it affect other devices? What can you do if that happens? Having an assessment can help you prepare for your worst-case scenario. From there, you can implement a security policy/strategy that will help you prepare for any potential issues.

Threats of the Week – May 6, 2019

Threats of the Week – May 6, 2019

Shellbot Malware

 

 

Shellbot, first written about by Jask in February, now uses an old but reliable SSH brute force technique to break into internet-connected Linux servers with weak passwords to infect a system and mine cryptocurrency.

But now the malware has new capabilities allowing it to spread through a network and shut down other cryptominers on infected computers, allowing the malware to free up more processing power for its own cryptomining operation.

The malware has three components. Although it’s not known exactly how the malware is delivered, the researchers found the dropper script used to install the malicious payload from the malware’s command and control server, an IRC chat server, which the hackers can use to check the status of the malware and remotely run commands. Using a 272-line script, the malware checks to see if any other cryptominers are on the system and installs its own. Then, the cryptominer begins mining Monero, a privacy-focused cryptocurrency, and sends the proceeds back to a MoneroHash server.

Source: TechCrunch

How do you protect yourself?

Proper security measures must be in place to defend against Shellbot Malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2019-10952

 

 

An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 to 30.014 and earlier systems.

Source: NIST

How do you protect yourself?

Ensure you’re updated with the latest firmware patches.

 

Sodinokibi Ransomware

 

 

A recently-disclosed critical vulnerability in Oracle WebLogic is being actively exploited in a slew of attacks, which are distributing a never-before-seen ransomware variant.

The ransomware first came onto researchers’ radar on April 25 (the day before a patch was released), after attackers attempted to make an HTTP connection with a vulnerable Oracle WebLogic server.

Once attackers found a vulnerable server, they sent an HTTP POST request to that server. The request contained a PowerShell command, which downloaded a file called “radm.exe.” That then saved the ransomware locally and executed it.

Once downloaded, the ransomware encrypted the victim’s systems and displayed a ransom note to them, directing victims to a page on the Tor network to a domain (decryptor[.]top) the public web, which was registered on March 31 this year.

Source: ThreatPost

How do you protect yourself?

Proper security measures must be in place to defend against Sodinokibi Ransomware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Microsoft Windows Server 2008 and SQL Server 2008 End of Life Notice

Microsoft has announced that Windows Server 2008 and SQL Server 2008 will be reaching end-of support. This means that Microsoft will no longer be updating and patching security vulnerabilities to these products.

Without the patching support your servers will be vulnerable to cyber attacks, data loss and compliance risks. Customers currently using these products will have to upgrade their servers to ensure they continue to receive the necessary security patching updates and meet compliance requirements. The last day of security patching updates for the Windows Server 2008 and SQL Server 2008 are as follows:

  • July 9, 2019: SQL Server 2008 and 2008 R2
  • January 14, 2020: Windows Server 2008 and 2008 R2

Upgrading Your Servers

To upgrade your servers, you can choose between two options:

1. Upgrade to Azure: Migrate your applications and data to Azure, where you can get Free Extended Security Updates for three more years. Upgrading to Azure can also provide significant cost savings and allow you to adopt the latest innovative technologies.

2. A hybrid upgrade: Upgrade your on-premise applications to Windows Server 2016 or 2019 and SQL Server 2017 or 2019. Take advantage of built-in hybrid cloud capabilities for backup and high availability or migrate later.

To learn more, visit Microsoft’s security brief.

To find out how you can upgrade your servers, contact us for more information.

** A custom extension contract can be purchased from Microsoft to extend updates till 2022 in special circumstances.

5 Ways to Strengthen Password Security

5 Ways to Strengthen Password Security

In most cases, a password is the only thing protecting your account from hackers. Despite this, many people fail to choose a strong password. UK’s National Cyber Security Centre recently released a list of the most commonly used passwords and some of the passwords on the list might be shocking in how simple they are. The number one password in the list is ‘123456’ with over 23 million accounts using this password.

When hackers engage in password spray attacks, they’re using simple, common passwords like ‘123456’ to gain access to accounts. And since so many people are using these types of passwords, the hackers are most likely gaining successful entry into multiple accounts. People often reuse the same passwords which means access to one account can mean access to all accounts. With this information, hackers can act as an insider threat, and move around the network undetected. This is why it’s important to take password security seriously. Here are 5 simple things you can do to increase password security.

Use a password manager

A password manager is a program that stores and manages your passwords across all accounts. It’s considered to be more secure because they help create strong, unique passwords. However, they have their pros and cons, which is why it’s important to do your research when considering using a password manager.

Avoid storing passwords on browsers

Storing passwords for your accounts within your browsers is convenient but is also a security risk. You can easily view your saved passwords within your browser settings and see which websites have passwords saved. Normally, you need a master account password to view all your saved passwords. However, if a hacker has access to this master password, they can see all your passwords. Be cautious when storing your passwords and make sure each account has a unique password.

Turn on Multi-Factor Authentication

Multi factor authentication involves using a secondary verification method in addition to a password. This typically includes methods such as sending a code to a mobile number or secondary email account that needs to be entered after your password. In some cases, people use a hardware key that they insert into their computer for verification. You should use multi factor authentication wherever you can. This adds an extra layer of security, and most websites support the use of multi factor authentication.

Always change default passwords

Never use the default password for your accounts or hardware. Hackers can use these default credentials to hack into your devices and conduct botnet attacks. It’s important to change your passwords as soon as a new account or hardware enters your network.

Don’t leave passwords out in plain sight

If you’re writing down your password to remember it, make sure you do it somewhere safely. Writing your password down where anyone can see it, such as on a post it note on your desk, is not a smart idea. If you feel the need to write down your password, consider writing down a hint to your password instead. Overall, it’s best to not have your password written down anywhere. Creating a password that includes phrases or acronyms that is meaningful to you is a good way to have a memorable password.

Security is a team effort. Remind your employees of the importance of having good security habits, like using strong passwords, by engaging them with cyber awareness training.

Threats of the Week – April 29, 2019

Threats of the Week – April 29, 2019

Karkoff Malware

 

 

It was this month that Talos researchers discovered the new Karkoff .Net malware. The team says that the malware is “lightweight” and permits remote code execution through the C2. There is no obfuscation in play so Karkoff is easily picked apart.

The malware does have an interesting element, however, in that Karkoff generates a log file which stores executed commands with timestamps. If organizations fall victim to Karkoff, they would be able to use this file to review exactly what happened, and where.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Karkoff Malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2019-3396

 

 

A group of attackers are actively exploiting a critical vulnerability in Atlassian’s Confluence collaboration software to infect servers with the GandCrab ransomware.

The vulnerability, tracked as CVE-2019-3396, is in the software’s Widget Connector that allows users to embed content from YouTube, Twitter and other websites into web pages.

Attackers can exploit the flaw to inject a rogue template and achieve remote code execution on the server. According to Atlassian’s advisory, published March 20, all versions of Confluence Server and Confluence Data Center before versions 6.6.12, 6.12.3, 6.13.3 and 6.14.2 are affected.

Source: CSO Online

How do you protect yourself?

Ensure you’re updated with the latest software patches.

 

Qbot Banking Trojan

 

 

A phishing campaign dropping the Qbot banking Trojan with the help of delivery emails camouflaging as parts of previous conversations was spotted during late March 2019 by the JASK Special Operations team.

Qbot (also known as QakBot and Pinkslipbot) is a quite old yet still active and continuously evolving banking Trojan with worm capabilities, used by malicious actors since at least 2009 [1, 2, 3, 4] to steal financial data and banking credentials from their targets, to drop additional malware, to log user keystrokes, and create a backdoor to compromised machines.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Qbot Banking Trojan and similar threats. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

5 Key Considerations for Data Back Up

5 Key Considerations for Data Back Up

As an organization, protecting data is vital. Loss of data can lead to a number of problems including downtime and compliance fines. According to Dell’s Global Data Protection Index, the average cost of data loss is nearly $1 million.

Threats like ransomware and accidental deletion are still prevalent and put data at risk to being lost or unrecoverable. Having a reliable backup system in place like Jolera’s Store IT will ensure that your data is protected. Here are five key points to consider when backing up your data.

Source: Dell 

1. Choose the Right Type

There are different types of backup such as on-premise, cloud and hybrid. You should consider your current needs as well as anticipate what you may need for the future as well. A scalable, cloud backup might be something you want to consider if you anticipate larger storage needs in the future. If you want the benefits of both the cloud and local backup hybrid backup may be more your speed. Make sure you do your research when deciding on the type of data backup that would be best for your business needs.

2. Secure Encryption

Securing your backup data is important because you want to make sure that it will be available in the event of an emergency. If your data isn’t encrypted and hackers get access to your backups, they’ll be able to access your data. Your data should be encrypted at rest and in transit to ensure its security. All sensitive and important data should be encrypted.

3. Recovery Speed

During a disaster, such as being hit by ransomware, you want to be able to restore your files as soon as possible. Not being able to restore your data on time can decrease productivity and increase downtime. Restoring many files can take a long time due to the size of the files, so you should prioritize restoring business critical data. Your backup should be able to restore your files at a reasonable amount of time.

4. Scheduling Your Backups

Scheduling your backups can take a lot of effort. You need to organize how regularly you want to back up your data, what time you want to do it and what data you will be backing up. You should prioritize backing up the most crucial data and schedule your backups during off peak hours to minimize disruptions to your network.

5. Support

Having access to support, like the 24/7/365 live agent support Jolera provides, is an important aspect to consider for your backup. If things go wrong and you are unable to get assistance as soon as possible, your company is on the line. Being able to reach a live agent when you need support can help ensure that your data is backed up properly and that your restores run smoothly.

Threats of the Week – April 22, 2019

Threats of the Week – April 22, 2019

Scranos Malware

 

 

A new rootkit-based malware family known as “Scranos” is being used in global cyberattacks as its authors grow their potential target base while adding new components and fixing bugs.

Scranos is a password- and data-stealing operation based around a rootkit driver, which has been digitally signed with a certificate believed to be stolen. When it was first detected, Scranos was localized to the Asian market; specifically, China.

Source: Dark Reading

How do you protect yourself?

Proper security measures must be in place to defend against Scranos Malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2019-10038

 

 

Evernote has fixed a vulnerability that could have allowed an attacker to run malicious code on a victim’s computer.  The bug could allow an attacker to remotely run malicious commands on any macOS computer with Evernote installed. Since the fix went into effect, Evernote now warns users when they click a link that opens a file on their Mac.

Source: TechCrunch

How do you protect yourself?

Update Evernote for Mac 7.10 Beta 1 and 7.9.1 GA.

 

RobbinHood Ransomware

 

 

A new ransomware is in play called RobbinHood that is targeting entire networks and then encrypting all computers that they can gain access to. They then request a certain amount of bitcoins to decrypt a single computer or a larger amount to decrypt the entire network.

Not much is currently known about this ransomware and a sample for RobbinHood has not currently been found. We have, though, seen the ransom notes and encrypted files of various victims, which allows us to put together a picture of how this ransomware may operate.

Of particular interest is how they stress that the victim’s privacy is important to them and they will not disclose any victims who have paid.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against RobbinHood Ransomware and similar threats. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

Understanding Zero-Day Attacks

Understanding Zero-Day Attacks

Zero-day attacks are some of the most serious threats against enterprises. According to Ponemon’s 2018 State of Endpoint Security Risk report, zero-day attacks are four times more likely to compromise organizations. New vulnerabilities are being discovered every day. Cybersecurity Ventures predicted that there will be a zero-day exploit once per day by 2021. Zero-day attacks can lead to serious damage. For example, the WannaCry ransomware attack managed to infect organizations worldwide because it took advantage of the EternalBlue exploit.

Source: Ponemon

What is a Zero-Day Attack?

When vendors discover a new vulnerability, they have “zero days” to fix the problem because the vulnerability might already be exploited by hackers. A zero-day attack is when cybercriminals exploit security flaws that vendors have not patched yet. These flaws can be exploited to conduct various attacks such as account hijacking, data theft and network compromise.

How Does a Zero-Day Attack Happen?

Zero-day attacks are dangerous and rely on developers not knowing about the security hole. Even if a developer is aware of a vulnerability, it takes time for them to develop a patch. In the meantime, hackers are taking advantage of the situation and infecting as many computers they can. Attackers can also sell the exploits on the dark web for other hackers to use.

Here are the common steps hackers take to create zero-day exploits:

1. Scanning: Hackers scan codes for vulnerabilities. Once they discover a vulnerability, they can scan other websites or programs that have the same security holes.

2. Development: Once they discover a weakness, the hackers create an exploit they can use. These exploits can be a variety of things, such as malware, SQL injections, cross scripts, etc.

3. Infiltration: Hackers need to take advantage of the security vulnerability before it gets patched. Once their exploit is ready, they start infecting the system.

3 Ways You Can Mitigate Zero-Day Attacks

1. Install and Update Patches: These attacks rely on unpatched systems which is why it’s important to update your software as soon as a security patch is released. Keeping your software updated will help minimize your exposure to known exploits.

2. Using advanced security solutions: Using basic security solutions like an antivirus is not enough to protect against these advanced attacks. Zero-day threats also use unknown attacks and using a solution that can only detect known exploits is not enough. New technologies like machine learning and A.I. provide advanced detection techniques that can keep up with evolving threats. Using additional layers of security like Advanced Threat Protection on your next generation firewalls can help protect against these types of attacks.

3. Automated detection: Hackers use zero-day exploits to infect systems with malware. Being able detect malicious behaviour within the network can help prevent them from installing malicious programs. A SIEM system, like Secure IT – SIEM monitors devices on your network to detect suspicious behaviour. When security alerts are detected, our security team will investigate and remediate any issues.

 

Threats of the Week – April 15, 2019

Threats of the Week – April 15, 2019

Baldr Malware

 

 

A new form of information-stealing malware called Baldr believed to be the work of experienced hackers is making the rounds in Russian underground forums.

Information stealers such as Baldr have proven popular in rapid-fire attacks and phishing, given their ability to capture information including machine data, browser history, some stored passwords — depending on how and where they are buried — and valuable files.

Baldr is no different. The malware has “high-level functionality” and the team says is by no means a script kiddie effort thrown together for quick cash.

Instead, Baldr is able to gather user profile data including browser information, as well as detecting the existence of cryptocurrency wallets, VPNs, Telegram, and Jabber. The malware then cycles through the files and folders of key PC locations in order to extract information from important file types.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Baldr Malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2019-7130

 

 

Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical and an important vulnerability in Adobe Flash Player. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Source: Adobe

How do you protect yourself?

Update Adobe Flash Player to version 32.0.0.171.

 

Anubis Android Trojan

 

 

An Android application which steals PayPal credentials, encrypts files from the device’s external storage, and locks the screen using a black screen was spotted in the Google Play Store by ESET malware researcher Lukas Stefanko.

Behind the app’s malicious behavior is an Anubis Android banking Trojan malware payload, a well-known Trojan designed to steal banking credentials, provide its masters with a RAT backdoor, and send SMS spam among other things.

Once the Anubis banking Trojan is dropped by a malware downloader on a victim’s compromised device, it starts collecting banking info either with the help of an inbuilt keylogger module or by taking screenshots when the user inserts credentials into apps, unlike other banking Trojans known to use overlay screens for the same task.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Anubis Android Trojan and similar threats. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

5 Security Tips for Remote Working

5 Security Tips for Remote Working

Remote work provides organizations with several benefits such as increased productivity and the opportunity to save on operational costs. However, a remote workforce can also become a security risk for companies.  A survey found that 90% of IT leaders think remote workers are a security risk to their organizations. Despite this, many believe the benefits of a remote workforce outweigh the security risks.

With the increasing use of IoT devices, remote work is not likely to go away. There are also several businesses and banks that exist only online and rely on remote work. It’s important for organizations to be aware of the security risks that can happen with remote working and make sure they’re protecting their data.

Source: Shred-It

What Are the Risks of Remote Working?

The risks of remote working are start with the security measures taken by both businesses and their employees.

Remote access to servers can lead businesses to create open doors for hackers. Verizon faced a data leak in 2017 after a server was made public due to a security misconfiguration. Businesses need to make sure that they’re properly securing their cloud servers and creating safe remote access for their employees.

Risky Employee Behaviour

Remote employees need to make sure they’re engaging in good security habits wherever they work. This includes being aware of their surroundings and having general good security hygiene (such as changing passwords often and inspecting links before clicking them). Here are some common risks remote employees face.

1. Eavesdropping: Remote employees working in public areas like cafes or hotels can put their data at risk by using public WiFi. These connections are unsafe which means bad actors can eavesdrop on devices.

2. Losing devices: Since remote workers often carry their work with them, they risk losing their devices. Unlike the security protection of the office, the remote employee has sole responsibility of keeping their device(s) safe.

3. Mixing personal and corporate data: Remote employees are most likely using their own personal devices when working remotely. This can put corporate data at risk if they are sharing documents using their personal Google Drive or email accounts. Furthermore, a compromise on their personal devices (due to illegal downloading, social engineering, etc.) can lead to a leak in corporate information.

5 Ways To Secure Your Remote Workforce

Remote working can be done safely your remote employees use good cybersecurity habits and follow cybersecurity policies. Here are some tips you can implement with your remote workers.

1. Mandatory training: All remote employees should be required to enroll in cyber awareness training. A training service like Secure IT – Training will help keep cybersecurity at the forefront by equipping your employees with the knowledge and tools to engage in cyber safe behaviour.

2. Use VPNs: All remote workers should use Virtual Private Networks (VPNs) to connect to your office network. VPNs are incredibly important for security because they help encrypt traffic and create private connections. They are  an easy way to stay safe and can be used from anywhere around the world. Our Secure IT – Firewall service includes next generation firewalls with VPN connectivity.

3. Implement endpoint security: All devices should be protected with an advanced security solution like endpoint security. Endpoint security provides greater protection against threats like malware and zero-day threats. Your security solutions should stay up-to-date to ensure protection against the latest vulnerabilities.

4. Limit Access: You should always limit your access privileges and controls to  those who need it. That way, if a remote employee gets hacked, the attackers won’t get access to privileged information.

5. Create a remote work policy: Even if you may not see your remote worker often (or at all), they are still a part of your company. Therefore, they should be required to follow the same rules as your office employees. Having a specific remote working policy will help you address security concerns like password requirements, file sharing, lost devices and reporting security incidents. Every employee you onboard should be required to read and sign the policy.