The Main Security Challenges That IoT Faces

Internet of things, Security, Security Threats, ,
02
Jan 2018

The internet of things (IoT) is getting us connected like never before, but with its increase in popularity, the security challenges are intensifying.

With IoT creating an unprecedented number of connections into our organizations, it’s no surprise that hackers are viewing it as a potential entry point as opposed to traditional routes such as email attachments or USB sticks. And, as IoT is such a new technology, the vast majority of users aren’t as well schooled in the accompanying security challenges.

If you can understand these security challenges, though, you’re maneuvering your organization into a highly advantageous position. You may be wondering what the main security challenges that IoT faces are, so let’s take a look!

  • Updates aren’t always automatic – PC updates never used to be automatic and this used to leave them open to attack. Thankfully, software/hardware manufacturers quickly realized the importance of this and built automatic updates into their products. Although this approach still relies on human compliance to authorize, it’s highly effective. With IoT devices, however, there’s such a rush to bring out new products mean that firmware updates are allocated little priority, so IoT devices can soon become unprotected. 

  • IoT devices are relatively simple – Many IoT devices are limited in their capabilities, be it in terms of storage or memory. Whilst this allows them to remain compact and low cost, it also leads to a lack of room for security. As a result, they become susceptible to security attacks and the chance of adequate encryption being in place is unlikely. Therefore, it’s crucial that extra security steps are put in place such as specific networks with dedicated firewalls to help house these IoT devices. 
  • More devices mean more monitoring – The amount of devices which can make up the IoT is staggering, but it also means that there’s an increased security risk. With all these entry points in your organization’s networks, the amount of data which needs monitoring is going to increase dramatically. And this means that you need to monitor the data coming in and out of your organization much more closely. Leading to increased labour and technology costs, this is one of the most pressing challenges presented by the IoT. 
  • Predicting and preparing for attacks – Advances in technology mean that more and more devices are entering the IoT market which, on one hand, means accessibility for almost anything you can think of is possible but, on the other hand, it’s making threat detection more difficult. Pinpointing exactly how a hacker will abuse an IoT device is difficult – will they use it as a stepping stone into your network? Will they simply misuse the device? Or a bit of both?

These challenges could easily be misinterpreted as a list of reasons why you shouldn’t get involved with the IoT, but this couldn’t be further from the truth. Instead, these are challenges which, if tackled correctly, can help your organization get the best out of the IoT. Sure, there’s going to be a level of investment and new structures to consider, but what price can you put on progress?

For more ways to secure and optimize your business technology, contact your local IT professionals.

 

Read More

60,000 BSNL Modems Affected by Malware

modem security, Password Security, Security, , ,
10
Oct 2017

Morden-Security

Your modem provides a gateway to the internet, but this entry point is highly vulnerable to hackers as 60,000 customers of BSNL have discovered.

Bharat Sanchar Nigam Limited (BSNL) is an ISP based in New Delhi, India with around 93 million customers, but even with these customer numbers they have been struggling in recent years due to the increased competition in the Asia telecommunications sector. And they now have an embarrassing malware incident on their hands, so these are certainly tough times for BSNL.

The attack which has affected BSNL is almost ridiculous in its simplicity, but it has the potential to cause huge damage for BSNL and its customers. It also carries an important lesson that every PC user can benefit from, so let’s take a look.

Hacking BSNL Modems

Using botnet attacks, the hackers were able to breach the National Internet Backbone (essentially a huge network making up the backbone of the internet in India) of BSNL and gain access to their internal modems and recently installed customer modems. From BSNL’s end, this meant that their broadband service was severely compromised with around 45% of internet connections suffering disruption. For customers using the recently installed modems, however, matters got much worse.

The malware affecting BSNL was able to change the passwords of BSNL broadband customers who had made the fatal mistake of not changing the modem’s default password of “admin”. As a result, around 60,000 customers have found themselves at risk of having their broadband connection compromised as their modem would not be able to log into the BSNL system. Affected users have reported a lack of internet access and the modems ‘red error’ LED switching on to indicate a fault.

Whilst BSNL were able to manually change the password details for their internal modems and stop any further changes to their customers’ details, they were unable to reset passwords for customers who had fallen victim to the malware. Instead, these users have to manually reset their modems and enter a new password, a task which isn’t particularly simple for your average PC user.

password-866979_960_720

The Importance of Password Changes

BSNL are rightly embarrassed about the breach that their systems have experienced and there’s still no mention of the attack on their official website. And the fact that this attack stemmed from a simple password flaw is astonishing, but not completely surprising. Many, many organizations still use the age old login name/password of Admin/Admin for gaining access to the administration side of computer systems; it’s easy to remember and provides quick access, but the problem is that every hacker knows this and will always try these login details early on in an attack.

It’s absolutely crucial that you protect your networks (and even your modems) by practicing good password security. It only takes a few moments to think of a new password and just as long to change your old one, so there really shouldn’t be any excuse. And that’s why you should always change default system passwords as soon as you’re given the chance. Otherwise, you’re at risk from being hacked and will only have yourself to blame.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Do Your Ex-Employees Still Have Access to Your Data?

disable employee access, disgruntled employees, OneLogin, Security, SIEM, , , ,
19
Sep 2017

Insider_Threat

Your employees can often pose a huge risk to your data security, but what about ex-employees? Well, it turns out they may present an even bigger threat.

When employees leave an organization, it’s prudent that their network and application privileges are immediately terminated. After all, there’s no need for them to have access to your data and this is particularly important if they’ve left to join a competitor. Not only that, it presents them with an easy route for sabotaging your network. So, it’s clear to see why it’s so important to revoke privileges, but it would appear this isn’t always the case.

Research by OneLogin has demonstrated that 50% of accounts previously held by ex-employees with the power to make IT-decisions are still active 24 hours after they have left the organization. And many employees have revealed that around 25% of their employees’ accounts will still be active for up to a week. And, as you well know, it can take mere seconds to completely compromise a PC, so the delay reported by OneLogin has the potential to cause real damage.

Why Do IT Accounts Need to be Terminated Immediately?

The majority of employees who leave your organization are highly unlikely to even consider wanting to log back on to your network, but there are some who may try as soon as they’ve left the building. In particular, disgruntled ex-employees who have had their contracts terminated are likely to be looking for revenge and, of course, those who have left the business to join a local rival may be tempted to log on and steal sensitive information to give them an advantage. While these individuals are in the minority, it still represents a huge threat to your data.

Despite being a basic threat, and one that’s easy to remedy, the statistics provided by OneLogin would indicate that it’s a simple procedure which is being ignored by many organizations. And the end result of this lackadaisical approach is, as OneLogin’s poll has found, that 10% of all data breaches are believed to have been committed by ex-employees. Eliminating this security risk, therefore, can make a real difference to your overall security.

authorizedpersonnelonly

How to Prevent Ex-Employees Accessing Your Networks

OneLogin have found that ex-employees can spell trouble for your security, but what can you do to minimize the risk? Let’s take a look:

  • Create an exit procedure for IT privileges – Thankfully, most employees will give a certain amount of notice before leaving and this gives organizations plenty of opportunity to plan for their exit. Therefore, there’s no excuse for login details to be disabled as soon as that employee leaves. Sometimes, of course, employees will leave suddenly and, in these instances, IT departments need to be informed immediately to close these accounts.
  • Reduce remote access – Some organizations may have networks which can only be accessed internally, so an ex-employee may struggle to even log in once they’ve left the business. However, many organizations provide remote access to their networks and, if an ex-employee can obtain the web address to access this, they could easily connect. To avoid this, make sure that only certain login names are allowed to log on in this manner.
  • Incorporate an SIEM system – Using a security information and event management (SIEM) system can indicate employees’ activity within individual applications, so this can quickly indicate if any unauthorized access is being made. OneLogin discovered that 41% of organizations do not use this type of system, but it would appear to be crucial in protecting your data.

These approaches are simple, quick and easy, so there’s no excuse for being negligent in this area of security.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
Flash Player 0-Day Vulnerability Yet to be Patched
Flash Player 0-Day Vulnerability Yet to be Patched

0-Day Flash Player Vulnerability Yet to be Patched

Security, Software, ,
04
Mar 2015

Flash Player 0-Day Vulnerability Yet to be Patched

Learn all about the latest 0-Day Flash Player Vulnerability. By following this practical advice, you can improve your chances of staying protected.

An overview

Adobe has recently released a security update for Flash Player that fixes the exploited vulnerability in the attacks. Adobe investigated the threat and reported that an exploit has been developed, which gets around the latest update.

Kafeine, a security researcher, posted on a blog to convey the Flash vulnerability discovered by exploit kits. These kits are software tools that work on automation. The actual exploit packs help hacked sites to send out the malicious code. Kaffiene’s blog disclosed the Angular Exploit Kit, a popular crime-ware package that targets Flash player vulnerabilities. It’ll cleverly adapt to work in a certain way according to the version of Internet Explorer it detects in a Windows system.

The Flash Vulnerability

The vulnerability also exists in the Linux and Mac versions of Flash Player; however, the attackers targeted Windows and Internet Explorer users as well. Flash users must update the player as soon as possible. It is possible that the update might not fix all the holes in Flash.

An Adobe patch was developed to address the exploited Flash vulnerability; however it doesn’t address another active vulnerability that’s available for it.

Although the exploit, known as CVE-2015-0310 was downgraded, it was still used in the attacks related to the previous versions of Flash. The earlier versions of Chrome are also safe to use. Internet Explorer 10, IE11 and Firefox were supposed to update automatically to the latest versions of Flash. As for Google Chrome, its latest version is 40.0.2214.91, and currently runs Flash version 16.0.0.257.

Internet Explorer users would need to apply the patch twice. For instance, one on IE and the other on any alternative browser such as Opera or Firefox.

A word about dynamic website content

Since many websites rely on Flash player to display dynamic content, it would be easier if such sites opt to only use HTML5 to load multimedia. The click to play is one option to limit Flash content on the browser whilst it automatically renders.

An example of Flash click to play.

An example of Flash click to play.

At the same time, it’s impractical for most web users to remove Flash player completely, except for Internet Explorer which usually blocks Flash from rendering its content. The click to play feature is often preferred by many users.   It allows users to see the blocked content with only a click over the boxes. However, this will enable Flash content but bear in mind that the click to play feature will also block JavaScript from loading.

Stay updated

It is important to keep Flash Player updated to avoid being a potential target of attack. The latest versions of Flash are available, but be cautious of the unwanted add-ons that come with the Flash player versions. Once you un-check the pre-checked box, before downloading the Flash Player, the potential ad-on will not be included in the download.

For more ways to secure your data and systems, contact your local IT professionals.

Read More
Windows 8.1 Administrator Access
Windows 8.1 Administrator Access

Windows 8.1 bug Allows Administrator Access

Security,
04
Feb 2015

Windows 8.1 Administrator Access

Google publicly disclosed a Windows 8.1 bug that allows administrator access to PCs. The disclosure highlight a vulnerability affecting millions of users.

This has left Microsoft outraged, especially considering that they were about to release a patch for it.

The news originated from Forshaw, one of Google’s researchers who found the bug and published it online. The bug is backed up by the Google’s POC (proof of concept) scheme, which was tested on an updated version of Windows 8.1. It’s not entirely clear whether earlier versions of Windows, such as Windows 7 operating systems, are also affected by the bug.

Microsoft went on to express their displeasure by stating that such bug reports shouldn’t be released until after a fix has been made available.

According to Microsoft, for such a bug to cause problems, the perpetrator trying to access the computer would need to know the password of the local machine. This is still a big enough risk to have over a network, as any hacker will use this simple fact as motivation to steal passwords and ultimately gain elevated user privileges.

An unpopular decision?

Google’s Project Zero carries out research and bug testing on various systems. Once they find a bug, their policy is to give 90 days for the vendor to fix the issue.  The 90 days disclosure time had passed and Google went ahead and published their report a couple of days short of Microsoft releasing an update, on their patch Tuesday.

Patch Tuesday occurs on the second, and sometimes fourth, Tuesday of each month in North America.

Patch Tuesday occurs on the second, and sometimes fourth, Tuesday of each month in North America.

It leaves little to guess why Microsoft recently pulled their ANS (Advanced Notification Service) from the general public and made it only available to paid Premier support clients. This means that only paying customers would know of the security issues before their scheduled release on Patch Tuesday.

The vulnerability: Briefly explained

An internal function exists within the Windows 8.1 operating system, known as AhcVerifyAdminContext. Google’s proof of concept tested this using a couple of programs and some commands to bring up the calculator in Windows as an administrator.

Vulnerability Overview:

  • The vulnerability in unpatched versions of Windows 8.1 has a function which consists of a token. The problem is that this token doesn’t correctly verify if the user logged onto the computer is an administrator.
  • It checks the footprints from user’s impersonation token and matches these between the user’s SID and the system’s SID.
  • What it doesn’t do is verify the token’s impersonation level against anything else.
  • This leads to the vulnerability where an identity token can be added from a local process on the system, and as a result, skip the verification stage.
  • This vulnerability only needs to be exploited by someone who knows that it’s available on an un-patched version of Windows 8.1.
  • The hack could be something like an executable that creates a cache, and uses a registry entry on the computer to reload itself.
  • All that would be required is to use an existing application on the computer to run and elevate these privileges.

The proof of concept Google used includes two program files and a set of instructions for executing it. This resulted in the Windows calculator running as an administrator. Forshaw states that the bug is not in UAC (user access control) itself, but that UAC is used as part of it to demo the bug.

Protecting Yourself and Your Business

We suggest keeping your anti-virus updated, along with Windows Security Updates to patch up known vulnerabilities on the computer. Depending on your office set-up, it is also a good idea to enable firewall on PCs too if not at least your network.

For more ways to secure your business data and systems, contact your local IT professionals.

Read More
1 10 11 12 13