Skip to main content

Featured

Will TLS 1.3 Ruin Security Production Tools?

With the ever-escalating cyberthreats, newer versions of encryption protocols have been developed to address vulnerabilities and support stronger, more secure ciphers and algorithms.

The Background
The Transport Layer Security (TLS) protocol was developed as a successor to the Secure Sockets Layer (SSL).  SSL and TLS are mostly the same cryptographic protocols running at the application layer of the Open Systems Interconnection (OSI) model. Both provide authentication and data encryption between servers, devices, and applications operating over a network.  SSL 1.0 was initially developed by Netscape in 1995 with SSL 2.0 version released for general use. In 1996, it was replaced by SSL 3.0 after several vulnerabilities were discovered. As more vulnerabilities were found, both SSL versions were deprecated in 2011 and 2015 respectively.

TLS 1.0 was released in 1999 through the Internet Engineering Task Force (IETF) organization to standardize SSL. While both SSL and TLS are mostly the same,…

How Cybercriminals Attack the Internet of Things


The proliferation of the Internet of Things (IoT) devices is transforming entire industries requiring all of us to rely on the products they market.  According to a Gartner analysis, an estimated 20.4 billion IoT devices will be connected by the year 2020. This staggering number is making it far more accessible than ever for cybercriminals to execute an attack.

Cybercrime as a Business


Today, cybercrime is a business and is ruthlessly dangerous attacking a broad spectrum of devices from medical, to household thermostats, smart appliances, and every type imaginable connected to the Internet. The illicit business operates around the clock but typically attacks victims during unsuspecting hours. They measure their cost/benefit to mainly generate revenue by selectively striking them during off-hours. Their tools of choice are custom built and unleashed against a specific class of IoT devices. Malware is commonly acquired online then modified to exploit their victims.


There are many examples such as in medical systems where ransomware often is used for extortion. More importantly, their attacks have exfiltrated patient records, changing or deleting diagnosis and treatments, damage critical infrastructure, and hijacking life-saving medical equipment. In another example, the Mirai botnet compromised millions of DVR devices that created a massive denial-of-service attack shutting down large segments of the Internet.

Built with Incompetence


In a rush to market, many manufacturers of IoT devices are designing them without regard to security. These vulnerabilities are at the heart of cybercrime, and these bad actors are opportunistic. They prey on IoT built with unsecured communication protocols, sloppy code, backdoor passwords, weak to the non-existent device and user authentication.  Not surprising and common practice in the IoT industry, manufacturers routinely obtain their code from open source repositories. Without a doubt many vulnerabilities originate in a wide variety of IoT devices from a manufacturer and the pattern is seen with others.

Anonymity


Cybercriminals desire to cloak their activities and target IoT devices to provide a layer of anonymity. This is accomplished by using the victims’ device as a proxy to transmit data using it's assigned IP address.  By using this method to mask themselves, the actors are able to send spam, obfuscate networks, conduct click-fraud, and trade illegal contraband. 


Users of IoT must be vigilant with their devices as the cybercriminal will seek out to compromise the ones with weak authentication or engage with brute force attacks using default user ID and passwords.

Detecting and Protecting


Users of IoT will find it difficult to discover if their device is compromised without specialized software tools and techniques. However, these troubleshooting observations will expose it:


  • The sudden and unexplained increase in your Internet usage and service bill.
  • The device exhibits sluggish behavior, connections to the Internet is slow and may entirely stop functioning consuming available bandwidth.
  • With tools from the network gateway, detection of unusually high outbound DNS queries.
By employing these best practice techniques will provide an essential defense to guard against becoming a victim:
  • Change the default user ID and password making it easy to remember but hard to guess. An alpha-numeric sequence of 8 characters or more is recommended and change it periodically will thwart brute force attacks.
  • Reboot the device on a regular basis. Cybercriminals who might be camped on will be halted as most malware ran in memory and cleared at reboot. When you change the password always reboot, these bad actors commonly use harvested user IDs and passwords against other devices.
  • Install and use anti-virus (AV) making sure it is up to date. AV will detect and quarantine malware running in memory and residing in the device.
  • Ensure device firmware and security patches are up to date from the manufacturer. Researchers and industry sharing communities responding to incidences will expose security vulnerabilities requiring mitigation.
  • Configure the firewall to block all outbound traffic from unauthorized IP addresses and disable port forwarding. IoT devices commonly are assigned an IP address and communicate via designated TCP/UDP ports to function.
  • Isolate IoT devices via network segmentation. This is important as it will prevent a compromised one from having access to critical internal systems.
It is crucial to understand the advanced sophistication IoT cyber attacks have evolved into. They are orchestrated autonomously and with staggering scale against millions of victims simultaneously. The victims of ransomware will be asked how much will they pay to turn on a smart refrigerator, an entertainment center, or the home ventilation system. Hospitals will be asked by cybercriminals to pay dearly to restore a life-saving medical device.