Security News

From man-in-the-middle attacks to evil-twin networks, SMBs must protect themselves against a host of hotspot threats.

Widespread access to connectivity is what makes mobile and dispersed workforces possible. That’s a good thing for thousands of growing businesses, but it may also be their Achilles’ heel. Any defense is only as strong as its weakest point, and public Wi-Fi hotspots can be just that.

Wi-Fi broadcasts its traffic in much the same way as a radio station. “Anyone can tune in and listen,” says Pieter VanIperen, an adjunct professor of code security at New York University and a founding member of Code Defenders, a cybersecurity collective. “If traffic is encrypted, I can’t see all of it, but I can still see some details. And if the encryption is weak, I can crack it. If it is a public open network, I can literally see everything.”

Unsecured Wi-Fi presents multiple threats and dangers to SMBs. Cyber threats include network hacking, ransomware, phishing, and others. Being hacked can ruin a company’s reputation and create financial liability because of increasingly stringent privacy protection laws. “The potential for network breach and loss of sensitive business, customer, supplier, and employee data is particularly high,” says Michael Fauscette, chief research officer at G2 Crowd, a peer-to-peer business solutions review platform.

Hackers have a bag of tricks

There’s no shortage of bad actors trolling Wi-Fi hotspots, and they have a robust bag of tricks to snag their victims. Here are some common ones.

  • Wardriving: The hacker practice of driving around and looking for “weak” Wi-Fi networks. They typically map the locations and record the networks’ names (SSIDs) and encryption settings.
  • Network sniffing: Attackers monitor (“sniff”) Wi-Fi network traffic in search of user names, passwords, and other personally identifiable information (PII).
  • Man-in-the-middle attacks: Network sniffing alone generally isn’t enough for hackers to get what they’re after. Most websites and applications that require PII are encrypted over HTTPS, a secure version of the code computers use to communicate with each other.Attackers can bypass HTTPS by using a man-in-the-middle device (basically, a malicious Wi-Fi radio) to insert themselves between a victim’s Wi-Fi device and a legitimate Wi-Fi access point. They intercept the data packets being transmitted and use a software tool to strip the encryption protection from HTTPS, thus gaining access to sensitive information in plain text. It can be done without the victim ever detecting any suspicious activity, says Ryan Orsi, director of strategic alliances at WatchGuard Technologies, a network security appliances and services firm.
  • Evil-twin networks and pineapples. In these attacks, a hacker sets up a Wi-Fi router (pineapple) and give it a name identical or very similar to a nearby reputable network. The router has a stronger signal so it will be preferred by devices searching for a connection, or the hacker blocks the legitimate network being spoofed. If the real network has a password, the evil twin uses the same one.To demonstrate how dangerous this can be, technology consulting firm Kelser Corporation sometimes sets up its own evil twin network at conferences, says Jonathan Stone, Kelser’s COO and CTO. Typically called “Hotel Free Wi-Fi” or something similar, they use the hotel’s brand on the sign-in page. “During our presentation, we’ll ask for a show of hands of who logged into the network. Inevitably, about half the people in the room have,” he reports.

No refuge at the office

Mobile and remote workers may face a higher level of threat from unsecured Wi-Fi networks, Orsi says. Office-based workers who use Wi-Fi-connected devices are also at risk due to “client misassociation.”

This can happen innocently, such as when an employee’s laptop is tethered to a cell phone hot spot. The employee may also inadvertently connect to the office’s guest Wi-Fi, which typically has less robust security than the company’s private internal network. However, the network may also be malicious, such as a hacker spoofing a company’s SSID with an evil twin network.

An ounce of prevention

Whether or not you have remote workers, some of your employees are likely accessing public Wi-Fi hotspots at least some of the time. Adopting these best practices can help protect your business from the dangers of unsecured Wi-Fi:

  • Use an ethernet connection rather than Wi-Fi whenever that option is available.
  • When traveling, choose mobile data or personal hotspots over public Wi-Fi networks whenever possible.
  • Use a VPN (virtual private network) whenever you communicate into your business infrastructure from an unsecured network–and unless you know otherwise for sure, assume every Wi-Fi network is unsecured.
  • When using hotspots, only log in or send personal information to websites you know are fully encrypted for the entire duration of your visit. If you find yourself on an unencrypted page, log out immediately.
  • Never enable network administration via a public Wi-Fi network.
  • Don’t stay permanently signed in to websites, accounts, or apps.
  • Use a different password for every website, account, and app.
  • Keep your browser and security software up to date.
  • Disable the Wi-Fi auto-connect feature on mobile devices for greater control over when and to which networks your devices connect.
  • Look for networks with the strongest level of encryption. WPA2 is stronger than WEP and WPA.

The mobility and connectivity public Wi-Fi hotspots enable are important advantages for growth businesses. Yes, there are risks involved, but adopting the best practices detailed above can help SMBs minimize those risks and take maximum advantage of all the technology has to offer.

 

The information contained in this website is for general information purposes only. The information is provided by INC and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

A massive internet blackout similar to the Dyn DNS outage in 2016 could easily happen again, despite relatively low-cost countermeasures, according to a new study out of Harvard University.

The DDoS attack on Dyn took many major web sites offline for most of a day, including Twitter, PayPal, Reddit, Amazon, and Netflix. Millions of compromised IoT devices, belonging to the Mirai botnet, flooded Dyn’s DNS service with up to 1.2 TBps of bogus traffic, making it impossible to respond to genuine DNS requests for their customers’ web sites. The Dyn attack did not affect the PayPal or Twitter servers in any way, but these sites were unreachable for the vast majority of humans who prefer not to memorize IP addresses.

The attackers were not nation-state actors but rather garden-variety criminals with an axe to grind. “The perpetrators were most likely hackers mad at Dyn for helping Brian Krebs identify–and the FBI arrest–two Israeli hackers who were running a DDoS-for-hire ring,” Bruce Schneier wrote at the time.

 

The information contained in this website is for general information purposes only. The information is provided by Threat Brief and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

Intel has released new firmware updates for its Broadwell and Haswell processors to address the Spectre vulnerability.

After the first round of Spectre patches released by the company caused more frequent reboots and other instability problems, Intel started working on new microcode updates.The company first released new firmware updates for its Skylake processors, and last week it announced the availability of patches for several other CPUs, including Kaby Lake and Coffee Lake.

This week, the company updated the list of available firmware patches to state that the fixes for Haswell and Broadwell processors are also ready for use in production environments. As of February 28, patches that can be deployed in production environments are available for the following products: Anniedale/Moorefield, Apollo Lake, Avoton/Rangeley, Broadwell (except Server EX), Broxton, Cherry View, Coffee Lake, Cougar Mountain, Denverton, Gemini Lake, Haswell (except Server EX), Kaby Lake, Knights Landing, Knights Mill, Skylake, SoFIA, Tangier, Valleyview/Bay Trail, and XGold.

Beta patches have been provided to OEMs for validation for Gladden, some Ivy Bridge, Sandy Bridge, and Skylake Xeon E3 processors. The microcode updates for Broadwell and Haswell Server EX processors, specifically the Xeon E7v4 and E7v3 product families, are also in beta phase. As for the remaining CPUs, updates are either in pre-beta or planning phase, but pre-mitigation microcode updates are available for many of these products. The patches will be delivered as OEM firmware updates. Device manufacturers started releasing BIOS updates to patch the Meltdown and Spectre vulnerabilities shortly after their disclosure, but a majority of firms decided to halt the updates due to instability issues. Some vendors have now resumed the distribution of firmware updates.

Meltdown attacks are possible due to a vulnerability tracked as CVE-2017-5754, while Spectre attacks are possible due to flaws tracked as CVE-2017-5753 (Variant 1) and CVE-2017-5715 (Variant 2). Meltdown and Spectre Variant 1 can be patched with software updates, but Spectre Variant 2 requires microcode updates for a complete fix.

Intel and AMD claim they are working on processors that will have built-in protections against these types of exploits.

Intel faces more than 30 lawsuits, including ones filed by customers and shareholders, over the Meltdown and Spectre vulnerabilities.

 

Related: IBM Releases Spectre, Meltdown Patches for Power Systems

Related: ICS Vendors Assessing Impact of Meltdown, Spectre Flaws

Related: Malware Exploiting Spectre, Meltdown Flaws Emerges

 

The information contained in this website is for general information purposes only. The information is provided by security week and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

Russian military hackers hacked hundreds of computers at the 2018 Winter Olympic Games and tried to make it look like the hacks were conducted by North Korea, according to a report by The Washington Post.

U.S. officials, clinging to anonymity, told The Post the “false-flag” operation conducted by the Russian military agency GRU included obtaining access to hundreds of Olympic-related computers, as well as routers, in South Korea. The hacks are believed to be retaliation against the International Olympic Committee (IOC) for banning the Russian team from the Winter Games due to doping violations. Citing an intelligence report, The Post said Russian military hackers obtained access to “as many as 300 Olympic-related computers” by early February. Additionally, “GRU cyber operators also hacked routers in South Korea last month and deployed new malware on the day the Olympics began.”

It was unclear if the cyber attack during the opening ceremony, which caused disruptions to the internet and broadcasting systems, was a result of the infected routers. During the attack, organizers took down the servers to prevent more damage, which caused the Winter Olympics website to go down.

Read more about the cyber attack targeting Olympic computers that was reportedly carried out by Russian hackers on CSO.

 

The information contained in this website is for general information purposes only. The information is provided by threatbrief and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

While pundits in all manner of fields are predicting that 2018 will be the year where Artificial Intelligence (AI) comes into its own, that promise really will hold true in cybersecurity, and particularly in the federal government.

As we’ve seen time and again over the last few years, the federal government has been the target of an unrelenting barrage of cyberattacks and while these attacks are not always successful (see: WannaCry), there are still far too many that penetrate the national digital fortress. This is not to level any criticism against the acting federal CISO or his agency peers.

Not only are the attacks against federal agencies constant, but the tools that they have inherited are woefully inadequate. While traditional cyber defenses might be able to detect a certain range of attacks – often referred to as the “known-knowns” – they are blind against the unknown. The attacks that haven’t been seen before are the very ones that do the most damage.

Moreover, the need to provide far more robust and sure security to federal agencies is assuming an even greater importance, as agencies look to take advantage of technologies such as voice integration and the myriad of possibilities in the Internet of Things (IoT) to deliver on the mission much more cost effectively and intuitively. We’re talking about securing all interactions and data, from delivering citizen-services via home assistants, like Alexa, to protecting the warfighter while in theater.

While these are brilliant and necessary innovations, they also dramatically expand the attack surface for adversaries. Not only does this mean that security must be incorporated into the architecture of networks and systems, but that unless we can integrate a much smarter form of security, our cybersecurity teams will tie themselves in knots chasing red herrings and failing to secure much of anything from attack.

Even though security practitioners are used to their legacy signature-based defenses being minimally effective and forcing them to be reactive to security threats, rather than pro-active, there is another more effective way. It is at this intersection of defeat and frustration that AI-powered cybersecurity comes into its own.

In being able to detect the unknown events and thwart them before they develop into a full-scale attack, AI provides a far more certain and effective defense from cyberattacks. Take, for example, the WannaCry attack; we developed an algorithm that could thwart WannaCry in 2015. While no one had heard of WannaCry then and it certainly hadn’t been used as a mass exploit, it was just two years later that it was used to provoke a global crisis in healthcare and manufacturing, and supply chains. The same trajectory applies to NotPetya and will, I predict, become more common in 2018 as the number of ransomware outbreaks ticks upwards and more sectors are affected.

But if we have the tools that can adapt to, and manage, this furious volume and velocity of attacks, why aren’t we putting them in the hands of our frontline cyber defenders?

 

The information contained in this website is for general information purposes only. The information is provided by Cylance and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.