Cyber Security

Vulnerable routers (2 global brands) and compromised monitor screens and fleet tracking systems were used extensively by hackers as part of large botnets to share and deploy rootkits across the globe in March. This resulted in a significant spike in botnet traffic recorded by our global honeypots in March. Though the spike has subsided a bit, the rise in infections caused by this sudden surge will only become apparent in the next few weeks. This trend presents a new reason for concern among IoT cybersecurity teams.     Most of the attacks were logged at 2.5 MBPS and above and the requests ranged from 1.5- 3 million requests per second on certain target websites. Based on the traffic patterns, over 150 command and control servers located across 15 countries were identified by Sectrio’s threat research team. These servers were coordinating not just the spread of the attacks but the propagation of a variety of rootkits and other payloads including Revil ransomware. The sudden botnet expansion could also be attributed to the use of older versions of certain operating systems in phones and other desktop and laptop machines. With such an expansion, hackers now have more bots at their disposal as well as a means to upgrade their botnet infrastructure by promoting more bots to command and control servers. The scope for many of these Bot networks to grow exponentially in the next weeks has increased with the rising number of bots getting added each week. Also Read: Why IoT Security is Important for Today’s Networks? Traffic from these botnets was not confined to any geography and each bot was sending traffic to multiple IP addresses across regions. Analysis of this traffic reveals a well-orchestrated strategy being deployed by hackers to target IoT projects at various levels and phases as well as to expand botnets by targeting consumer devices. The level of stealth and obfuscation is growing as hackers devise new means to bring down multiple target entities through the same botnet. Many of the old botnets are also being resurrected for this purpose as hackers are planning to increase their operations across geographies. For IoT projects, this is bad news as the lessons from 2020 and 2021 as articulated in our IoT and OT Threat Landscape reports seem to have been forgotten or ignored. While a portion of these new IoT-linked botnets may be connected to projects that are in the PoC phase, a larger volume of the traffic seems to be emerging from established projects as per the traffic patterns analyzed by Sectrio’s threat research team. This is quite a worrying development as it indicates the possibility of existing IoT devices being compromised or new and untested devices being added to existing projects without security-linked adequate testing. How will this impact IoT security? Coming in wake of the crisis in Ukraine and a period of excess activity within institutional and government-run SOCs, there is a possibility that many such attacks will turn into targeted attacks on specific projects and infrastructure (which could be the ultimate objective for these hackers). The reactivation of Sandworm hackers and the appearance of new and more stealthy rootkits in the wild are two separate trends that will converge over the next few weeks as these botnets expand their range and targets. Overall, this underscores the need to enhance IoT security and invest in the right set of cyber threat intelligence feeds. With vulnerability management, patching, and devise testing receiving little or no attention, the time is ripe to diversify IoT cybersecurity measures to cover more ground and deepen the digital moat surrounding your infrastructure.   While systems that are based on older OS hosts can be upgraded to minimize the number of botnets, what is also needed is action from IoT project operators who need to do some serious rethinking of their cybersecurity priorities. With the average ransom demand jumping by leaps and bounds each year, hackers are raking in profits and expanding their operations and targets. How can you improve IoT security? Always go by the ‘security-by design principle. Remember, the earlier you think of IoT security, the better are your chances of deterring hackers and bad actors Approval of IoT projects should also have a security component. That means that unless every stakeholder including IoT cybersecurity analysts are not convinced by the security measures, the project simply doesn’t get off the design board Cyber discipline and hygiene should be treated as aspects that are beyond compromises and placed above deadlines as a project imperative Go for IoT threat intelligence feeds Know what exactly is happening in your network at all times, do periodic security audits and checks From a security perspective, there shouldn’t be any difference between a PoC project and a fully operational one. This step alone could improve IoT security by a big margin Interested in learning the 7-step approach to improving IoT security in 7 days? Talk to our IoT cybersecurity experts today. Book your slot now. Download and use our compliance kits to improve your institutional security posture: visit Compliance Kits Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

In a recent update, CISA and DoE (Department of Energy) jointly acknowledged the rising trend of cyberattacks and raised a concern over vulnerabilities associated with internet-connected UPS (Uninterruptible Power Supply) systems. This alert comes in light of the recent growth of cyberattacks targeting critical infrastructure not only in the United States but across countries that play a strategic role in various military and non-military geopolitical alliances. The alert raises concerns in the following areas: UPS systems are vulnerable to attacks when connected to unsafe networks Most UPS systems connected to the internet have little to no security on the cyber front. Out of the box, these systems come with default usernames and passwords and in most cases, the default credentials are unchanged for years after installation. In large organizations UPS systems bought in bulk often have the same login credentials across each installation to access them. Read more from the report here: Mitigating Attacks Against Uninterruptable Power Supply Devices Dependable, reliable, and omnipresent energy aid Uninterruptible power supply (UPS) has been a boon to humanity even before the dawn of the age of computers. In most cases, these systems are used to provide clean and emergency power supply in times of power outages or to regulate the surges in the flow of electricity. Also Read: Is NIST working on a potential cybersecurity framework update? In the early days, the UPS systems were often connected to critical industrial machines to prevent any occurrence of unsafe shutdowns or the breakdown of such machines due to surges in electrical power. In fairness, UPS has been a constant source of reliable and safe energy in times of desperate need. With the growth and the rise of digitalization, UPS was later introduced widely for consumer use and thus began its rise in popularity. Significant upgrades and advancements to UPS systems later followed in its evolution to provide vital insights into the networks and connected equipment. Such UPS systems now come with the ability to connect to the internet, provide vital insights into monitoring any surges in a steady stream of power, remind concerned authorities of timely maintenance, and much more. These internet-connected UPS systems are also actively in use by several healthcare (IoT sensors, IoMT equipment), manufacturers (OT, ICS, SCADA equipment), pharmaceuticals (OT and ICS equipment), enterprises (backups to servers), and other critical infrastructure industries while providing a steady flow of safe and uninterrupted energy during vital organizational operations. Also Read: Why IoT Security is Important for Today’s Networks? This growth of IoT or the internet-connected UPS systems has also become a critical component when integrated with network and poses grave cyberthreats when overlooked for its availability for functional operations. Potential casualties incurred by a successful cyberattack on internet-connected UPS systems. Manipulation of data on IoMT or denial of service on vital healthcare equipment Sensor manipulations Disabling the Automatic voltage regulation (AVR) Destruction via a surge in power supply Denial of service on enterprise servers Malware injection Lateral movement via a compromised network can lead to data leakage Privileged escalation It is hence established that internet-connected UPS plays a critical role. What can be done to secure internet-connected UPS? While the CISA and the DoE suggest regular and timely updates of software and the use of MFA as immediate steps, we at Sectrio, suggest all take a step back and follow these steps. Have ample visibility into your network, be it even a remote or a hearing aid that is connected to your network. Monitor for anomalies on the network Log network activities Segment your network into zones and conduits. Also read: How micro segmentation can help secure your connected assets. Use of MFA and strong passwords Use of safe VPN Regular vulnerability scans to identify gaps in security Compliance with IEC 62443, Zero Trust, and NIST CSF Working with real-time threat intelligence Reporting of cyber incidents or suspected incidents as quickly as possible to the right authorities. Will cyberthreats ever stop? On March 29th, 2022, a statement made before the House Judiciary Committee by the FBI cyber division stated that “As adversaries become more sophisticated and stealthier, we are most concerned about our ability to detect and warn about specific cyber operations against U.S. organizations. Maybe most worrisome is their focus on compromising U.S. critical infrastructure, especially during a crisis”. This official statement by the FBI’s cyber division brings perspective on the state of cybersecurity in North America and is an alarming wake-up call to all organizations for immediate cybersecurity revamp into their ever-growing converged cyber environment. For more information on the evolving threat landscape and insights into emerging cyberattacks and bad actors, read our latest IoT and OT threat landscape assessment report 2022Learn how Sectrio’s solutions can help secure your organizations today. Reach out to our cybersecurity experts to get started now. Join our upcoming webinar: Key Takeaways from the Sectrio’s Global Threat Landscape Assessment Report 2022 IoT and OT focused threat Intelligence feeds free for 15 days! Try it right now: Threat Intelligence

Internet of Things is the acronym for IoT. With each ticking second, our lives are becoming more intertwined with digital gadgets and spaces. The Metaverse revolution set to unfold soon only deepens our digital interactions. Given the non-standard manufacturing of IoT devices and troves of data flowing through the IoT devices, we are constantly exposed to cyber-attacks. Vulnerabilities, cyber-attacks, data theft, and other risks arising from the usage of IoT devices make the need for IoT security solutions even more. Why do we need IoT Security Solutions in today’s networks? Lack of physical boundaries, improperly configured systems, non-standard gadget manufacturers, poor QC & QA (Quality Assurance and Quality Control) make a strong case when talking about IoT Security Solutions. The need for IoT security solutions is supported by two primary cases: Securing the functionality and digital perimeter of a network Data privacy IoT Devices – Network – Data in Numbers: Division Value Estimated IoT connections (by 2024) 83 Billion Active IoT Devices as of 2021 10 Billion IoT Devices Market by 2026 $1.3 Trillion IoT Medical Devices by 2025 $62 Billion Data generated by IoT devices by 2025 73.1 Zettabyte IoT Device connections per minute by 2025 150,000+ Global IoT Healthcare Market reach $14 Billion Estimated IoT Spending 2019 – 2025 $15 Trillion Market size of IoT in retail by 2025 $94.5 Billion Estimated Cellular IoT Connections by 2023 3.5 Billion The worth of IoT enabled Smart Factories in the US by mid-2022 $500 Billion IoT devices used in clinics, medical offices, and hospitals in 2020 (according to Forbes) 646 million Annual spending on IoT Security Solutions in 2021 (according to Forbes) $631 million Common Threat for IoT devices: The foremost challenge for IoT devices is the wide range of threat vectors that they are often subjected to. While few are due to manufacturers and firmware developers, others can be due to targeted cyber-attacks and system exploitation. No wonder, as many as 2 in every 3 households in the United States complained about cyber encroachment in the past couple of years. Most of them don’t have IoT security solutions in place to protect their data.  How hackers enter networks: Outdated Operating Systems IoT devices running outdated/unsupported OS are easily exploited. Hackers can bring down an entire network by accessing a single vulnerable system on the network. The 2017 WannaCry Ransomware targeted 300,000 machines running on Windows. It successfully breached those systems which had no security updates. Poor Testing & Encryption Poor QC and QA lead to poor testing and encryption. Adding the lack of IoT security solutions to the network with such devices means exposing the network to attacks. With the increased availability of high technology, eavesdropping has become a profession. Israeli researchers managed to eavesdrop using a light bulb! Exposed Service Ports (Telnet and SSH) A report on ZDNet in 2020 revealed that credentials of over 500,000 IoT devices, home routers, and servers were published by a hacker, after the Telnet ports we left open. Similarly, in 2017, Rapid7’s National Exposure Index claimed that over 10 million IoT and other devices have their Telnet ports open. The development teams should close the Telnet ports post-product deployment. DDoS (Distributed denial-of-service) Attack Botnets are used to send enormous traffic to the server/device causing it to stop functioning. In 2016 internet service provider Dyn became the victim of a large DDoS attack. This led to a severe outage. Entry through HVAC and other Systems Entry through HVAC and other remotely controlled systems is the biggest threat IoT networks face. Usually, vendors are given remote access for the installation of systems and firmware. The endpoints of the vendor systems are often unprotected by a strong firewall and IoT security solutions. Hackers see this as an entry to gain access to the entire IoT network. Also Read: Rising threats on Critical Infrastructure amidst the Ukraine crisis 3 Most Vulnerable IoT Networks for Hackers! Each IoT network comes with its band of IoT security solutions deployed at various levels and failure points. The Medical, Consumer, and Commercial IoT networks are often the most affected. In a Consumer IoT network, the failure points are one too many. Devices operating on ancient operating systems and default passwords are the most vulnerable points. In Commercial IoT networks, remote access vendors of unmanaged IoT devices are often the primary cause. Affordability (in the case of Consumer IoT devices), and insufficient security testing are often the primary reasons for threats arising in Consumer IoT and Commercial IoT networks. Unsupported/outdated operating systems and devices from diverse vendors running various operating systems are the challenges faced by the Minerals and Mining industry. Despite various IoT security solutions that enterprises and consumers deploy, hackers still manage to break into networks through IoT devices and cause cascading effects. Without real-time management and dependable security solutions, these networks are often the softest targets for any hacker, hands down. Even critical infrastructure is currently nowhere equipped to deal with a swarm of intense cyber-attacks.   Insiders make the case for IoT Security Solutions compelling! Many industries face the threat of snooping by their employees. There are verified reports of insiders planning to inject ransomware into systems, giving autonomous control and access to critical data to hackers. If not for the change of mind of the employee, Tesla would have been the victim of a bribed ‘malware attack’ on its system in 2019. Enterprises must step up in how they would limit the access to critical and sensitive information only to a very few, without affecting the Knowledge Transfer and other production aspects. This opens up a whole new dimension – the need to protect data even when internal systems are compromised. This is where IoT security solutions come into play and are often the salvation for many enterprises. Take a look at the state of OT and IoT cybersecurity in North America to understand how the kind of challenges OT and IoT infrastructure is currently facing. The big question: Are IoT Devices safe? The answer is