Author: hello@alienvault.com

Manufacturers are some of the most ambitious firms on the planet when it comes to harnessing the power of edge technology to modernize their businesses. As they make plans in 2023 to     enhance business outcomes through the use of technologies such as 5G and IoT, manufacturers should also increasingly be called to innovate in the spheres of governance and cyber risk management.

OT-IT convergence drives manufacturing modernization

The convergence of operational technology (OT) on the factory floor with information technology (IT) is nearly synonymous with manufacturing modernization. OT-IT convergence enables new digital processes, remote connections, and smarter operations. It's a business outcome-oriented transformation that executive stakeholders have future success pinned upon.

Recent studies from AT&T show that manufacturers are investing in initiatives  such as smart warehousing, transportation optimization and video-based quality inspection at such a rate that the industry is advancing ahead of energy, finance, and healthcare verticals when it comes to edge adoption today.

But to reap the business benefits from these investments, manufacturers need to recognize and attend to the cyber risk realities that are part and parcel with this inevitable convergence.

Cybercriminals are increasingly targeting industrial control system (ICS) technologies that are the bedrock of the OT ecosystems. Attackers have learned to take advantage of ICS hyperconnectivity and convergence with the IT realm to great effect. Last year's warning from the federal Cybersecurity and Infrastructure Security Agency (CISA) attests to this, as do high-profile attacks last year against tire manufacturers, wind turbine producers, steel companies, car manufacturers, and more.

Reducing risk through Zero Trust

One of the most promising ways that manufacturers can begin to reduce the risk of these kinds of attacks is through the controls afforded by a Zero Trust architecture. From a technical perspective, Zero Trust unifies endpoint security technology, user, or system authentication, and network security enforcement to prevent unrestrained access to OT or IT networks—and reduce the risk of unchecked lateral movement by attackers. With Zero Trust, access is granted conditionally based on the risk level of users (or machines, or applications). It's a simple, elegant concept that requires careful execution to carry out.

Thus, when looking at building a zero-trust strategy, ZTNA 2.0 solutions have a role to play in helping apply more effective controls at the application level that are responsive to account takeover attempts. ZTNA 2.0 combines fine-grained, least- privileged access with continuous trust verification and deep, ongoing security inspection to protect all users, devices, apps, and data everywhere – all from a simple unified product.

Most importantly, too, is that Zero Trust requires business stakeholder input and collaboration to get right. Just as business stakeholders in manufacturing drive the push to the edge and the push for all nature of digital transformation and OT-IT convergence, they've got to be intimately involved with Zero Trust initiatives to spur success.

“Technology can come and go, but what manufacturers are really after are business outcomes,” says Theresa Lanowitz,  head of cybersecurity evangelism for AT&T. “That's where we need to focus when it comes to Zero Trust—at its core it needs to be driven by the business, which really sets the North Star for Zero Trust governance.”

Zero Trust should be owned by business stakeholders

At the end of the day, Zero Trust projects should be owned by the business, agrees Dharminder Debisarun, worldwide industry security architect for manufacturing, Internet of Things and transport at Palo Alto Networks, who says that when his group is approached by manufacturers interested in building out Zero Trust infrastructure, the team always turns conversations back to the business basics.

“People bring us in and say 'We want to do Zero Trust, how can you help?'” Debisarun says, explaining that they're usually starting with very technical deployment questions about elements like Secure Access Service Edge (SASE) and remote access management. “We usually take a step back then and ask, 'Why do you want to do Zero Trust? What's the business goal for it?'”

Similarly, Debisarun says they try to involve business stakeholders into collaborative risk discussions before getting into the meat of architectural design. That step back will hopefully get a manufacturer focused on doing risk assessments and other business alignment activities that will shape the way risk is managed—based on business goals, rather than narrow technical specifications. It will also get the entire team thinking about how the value of OT and IT assets are determined and establish the roadmap for where and how Zero Trust security technologies are deployed over time.

Business stakeholders have the most prescient and intimate knowledge of the emerging business conditions, regulatory demands, partnership agreements, and supply chain considerations that are going to impact risk calculations. This is why business ownership is the cornerstone and foundation for Zero Trust governance.

When manufacturers direct the security team with an eye toward  business outcomes, these technical executors are less likely to take a tools-only approach to technology acquisition to engage in reactionary spending based on the latest breach headlines. Incremental improvements will be built up around security controls that manage risk to the most critical operational processes first, and also around the processes and systems most put at risk by new innovations and business models.

The post Governance of Zero Trust in manufacturing appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

A radius server uses a network protocol for remote user authentication and authorization. It is a client/server protocol that allows a remote user to access a network using a shared secret (usually a password). RADIUS servers are typically located on the perimeter of a network and use port 1812 (UDP) or 1645/1813 (TCP).

RADIUS was originally developed by Livingston Enterprises, Inc. in 1991. It is now an IETF standard (RFC 2865). The following are the most important things to know about RADIUS server authentication.

•  RADIUS is a remote authentication dial-in user service

It was developed to provide centralized authentication, authorization, and accounting management for networked devices such as routers and switches.

What does dial-in refer to here? Dial-in is a type of authentication that allows a user to connect to a network remotely using a phone line or other connection. RADIUS servers are used to manage user access to a network. They can be used to control who can access the network, what services they can use, and how much bandwidth they can consume.

•  RADIUS is an alternative to TACACS and is often used in conjunction with TACACS+ for authentication and authorization

The reason for this is that RADIUS is typically used for remote access, while TACACS+ is usually used for device administration. While both protocols can be used for both purposes, RADIUS is usually the preferred protocol for remote access.

•  A RADIUS server typically uses UDP port 1812 (or TCP port 1645/1813) to communicate with clients

RADIUS servers typically listen on UDP port 1812 (or TCP port 1645/1813). When a RADIUS client sends a request to the server, it includes the secret key in the request. The server uses this key to authenticate the client and authorize the request.

RADIUS is a client/server protocol, which means that each RADIUS client must have a corresponding RADIUS server. A RADIUS client is typically a network device such as a router or switch. A RADIUS server is a computer that runs the RADIUS software and manages user access to the network.

What this means is that for a user to be able to access the network, they must first authenticate with the RADIUS server. The RADIUS server then authorizes the user's access to the network and controls what services they can use.

•  RADIUS uses a client/server architecture

The RADIUS server is responsible for authenticating users and maintaining their account information, while the RADIUS client is typically a network device that forwards authentication requests to the server. The reason this distinction matters is that it allows the server to be centrally located and managed, while the clients can be distributed throughout the network. This architecture also makes it possible for the server to authenticate users against multiple databases, such as an LDAP server or a local file.

The implications of this are that if the server goes down, the entire network will be unavailable to users. This is why it is important to have redundant RADIUS servers in a production environment.

•  A RADIUS server can authenticate users against multiple databases

RADIUS supports multiple authentication methods, including PAP, CHAP, MS-CHAP, and EAP. PAP is the simplest authentication method and sends the username and password in clear text. CHAP encrypts the password but sends it over the network in plain text. MS-CHAP encrypts both the username and password. EAP is a more secure authentication method that uses digital certificates.

•  RADIUS uses UDP for transport

RADIUS uses UDP as its transport protocol. UDP is a connectionless protocol, which means that each packet is sent independently and does not require a connection to be established beforehand. This makes RADIUS very scalable, as it can support a large number of clients without requiring a lot of resources on the server.

It matters that RADIUS uses UDP for transport because UDP is a less reliable protocol than TCP. This means that RADIUS packets can be dropped or lost in transit. However, this is usually not a problem because RADIUS uses retransmission and error checking to ensure that packets are delivered reliably.

•  The RADIUS server must have a shared secret with the clients

The RADIUS server and clients must have a shared secret, which is used to encrypt and decrypt packets. This shared secret is typically a password or phrase that is known only to the server and clients. Without the shared secret, an attacker would not be able to read or modify the packets being exchanged between the server and clients.

•  RADIUS uses Access-Request and Access-Accept packets

When a client sends an authentication request to a RADIUS server, it does so using an Access-Request packet. The server then responds with an Access-Accept or Access-Reject packet, depending on whether the authentication was successful. If the authentication was successful, the server will also include an Access-Challenge packet, which contains a challenge that the client must answer to prove its identity.

•  RADIUS can be used for AAA

RADIUS can be used for AAA, which stands for Authentication, Authorization, and Accounting. Authentication is the process of verifying a user's identity, authorization is the process of determining what resources a user is allowed to access, and accounting is the process of tracking and billing for a user's usage.

AAA is a common security model that is used to control access to network resources.

•  RADIUS is standardized by the IETF

RADIUS is a standards-based protocol, which means that it is defined by an Internet Engineering Task Force (IETF) specification. The most recent version of the RADIUS specification is RFC 2865, which was published in June 2000.

•  RADIUS is commonly used by ISPs

RADIUS is commonly used by Internet service providers (ISPs) to authenticate and authorize users who are trying to access the internet. RADIUS is also used by corporate networks to authenticate and authorize users who are trying to access the network.

•  There are a few different RADIUS implementations

There are a few different RADIUS implementations, including FreeRADIUS, Microsoft NPS, and Cisco ACS. FreeRADIUS is the most popular open-source RADIUS server. Microsoft NPS is the RADIUS server included in Windows Server. Cisco ACS is a commercial RADIUS server from Cisco Systems.

Conclusion

These are the most important things to know about RADIUS server authentication. RADIUS is a critical part of many network security systems, and understanding how it works is essential for anyone who is responsible for managing a network.

The post RADIUS server authentication: Old but still relevant appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

When strategizing a security approach for the coming year, many solutions will cross a CISO’s desk, all useful in covering some part of the network. Organizations must scrutinize every layer and each solution to make sure their security stack runs efficiently while still boasting a Defense-in-Depth approach. There cannot be an overload of alerts, the learning curve must be worth the cost, and all solutions must integrate with each other. Not surprisingly, the search can be tedious, complex, and confusing.

Broadly speaking, cybersecurity defends the network and the devices on that network. Both are key and must be protected. Endpoint security and response includes “not only the automated monitoring and detection of threats on the endpoint, but also a combination of autonomous and manual investigation, remediation, and response.” While not every tool will make the cut, here are seven reasons why Endpoint Detection and Response (EDR) should not be ignored.

1. Cybercriminals aren’t ignoring endpoints. It’s not surprising that in a recent study, 76% of IT decision-makers reported their company use of endpoint devices has gone up. This can include workstations, servers, tablets, smartphones and a host of IoT devices like cameras, smart speakers, and lighting. However, it is equally unsurprising that bad actors have capitalized on this gain, and consequently, 79% of IT teams have seen a rise in endpoint-related security breaches.
2. The cyber talent crisis creates the need for autonomous response on the endpoint. With an increase of both endpoints and endpoint-related attacks, a proportional increase in endpoint security measures is needed; unfortunately, the ongoing cyber talent deficit hamstrings those efforts and makes whatever qualified cybersecurity experts are available difficult to attain for many small to medium-sized businesses. Endpoint security solutions use automatic investigation and monitoring techniques to spot threat 24/7/365 and often respond autonomously to mitigate them. This cuts back significantly on the work remaining for already-strapped security teams to do.
3. EDR offers cloud-based security for end-user devices. One of the primary security problems facing fast-expanding, digitally native, and mid-transition companies is how to secure both on-premises and cloud-based assets. Endpoints, while not in the cloud, connect to it and bad actors can use vulnerabilities in device software to pivot to the rest of your network. State of the industry endpoint security platforms can deploy patches and run reboots from the cloud and offer enterprise-wide centralized cloud management.
4. Remote device security trends downward as workers mix personal with professional. The rise of BYOD has been significant and ubiquitous in the wake of the remote-work migration, and a study by Gartner revealed that over 50% of workers used their own laptop or smartphone for work activity. Interestingly, a Ponemon study indicated that 67% of respondents reported that personal mobile devices have negatively impacted their company’s security posture, and 55% cite smartphones as the most vulnerable endpoint in their organization.
5. EDR secures email. As many as 91% of all breaches begin with a phishing email. Email servers are a widely exploited endpoint. Endpoint security solutions can clean email messages before they reach the network, isolate and investigate links, and alert users when sensitive data is about to leave the organization.
6. Firewalls are not foolproof. While having a firewall is a best practice, it only represents one part of a defense-in-depth approach. Firewalls are susceptible to misconfiguration, and their signature-based policies miss new exploits that recompile their code or use fileless malware. Additionally, freshly spun-up domains can cause many malicious sites to slip by undetected, and the popularity of this method is rendering firewalls even more ineffective. Not having an additional layer of defense directly on the endpoint device can be problematic as these trends continue.
7. EDR can proactively prevent zero days from entering your network. Macros used to be the loose cannon of inboxes, infecting the victim device directly upon opening. While Macros are largely disabled by default now, malicious code (largely HTML) still lurks in attached documents that only require a bit of social engineering to get the user to click. By sandboxing email attachments and vetting them for safety prior to opening, email security tools can prevent zero days from detonating on your network.

Remote work leaves endpoints more exposed than ever, vulnerable to human error and consumer-side attacks. Cybercriminals continue to target firmware, and the shortage of qualified cybersecurity professionals can leave various parts of the network at risk. Struggling SOCs can offload some of the burden of network monitoring as EDR solutions autonomously investigate and respond to incidents on the endpoint. Next-generation EDR tools can aid ongoing security measures by collecting data at the source.

Keeping EDR an integral part of a Zero Trust security strategy will be ever more imperative as time goes on and threats continue to evolve. Cybercriminals aren’t lessening their attention to the endpoint, so organizations shouldn’t either.

The post 7 reasons why Endpoint Security and Response shouldn’t be ignored appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In a world where you can scan the veins in your hand to unlock a smartphone, how do you maintain control over personal data? Biometric authentication, the use of distinctive human features like iris patterns, fingerprints and even gait in lieu of a password, is gaining ground in the tech world.

Proponents tout its inherent, hard-to-replicate qualities as a security benefit, while detractors see the same features as an invasion of privacy. Both sides may be right.

The problems with biometrics

Unlike a password, you can’t forget your face at home. But also, unlike a password, you can’t reset your face — meaning you’re out of luck if someone steals a photo of it.

In 2016, a biometrics researcher helped investigators hack into a murder victim’s phone with only a photo of the man’s fingerprint. While security systems are getting more advanced all the time, current technology also allows cybercriminals to run wild with a single piece of biometric data, accessing everything from laptop logins to bank accounts.

By its very nature, biometric authentication requires third parties to store biometric data. What happens if the information is exposed?

In addition to potential hacking, breaching people’s personal data might reveal something they’d rather keep private. Vein patterns could reveal that a person has a vascular disorder, raising their insurance premiums. Fingerprints could expose a chromosomal disease.

True, people give this same information to their doctors, and a medical data breach could have the same repercussions. But handing off biometric data to a commercial company — which isn’t bound by HIPAA or sworn to do no harm — is a much grayer area.

Another issue that occasionally plagues biometric authentication is injuries and natural bodily changes. A single paper cut can derail a fingerprint scanner, and an aging eye throws iris scanners for a loop. People will have to update their photos every few years to remind the system what they look like.

Some facial recognition programs can even predict how long a person will live. Insurance companies have expressed interest in getting hold of this data, since the way a person ages says a lot about their health. If stolen biometric data fed into an algorithm predicts a person won’t make it past 50, will their employer pass them up for a promotion?

In the event of an accident, your family won’t easily be able to access your accounts if you use biometric authentication, since it’s not as simple as writing down a list of passwords. Maybe that’s a good thing — but maybe not.

Another ethical dilemma with biometric data use is identifying people without their consent. Most people are used to being on camera at the grocery store, but if that same camera snaps a photo without permission and stores it for later retrieval, they probably won’t be too happy.

Some people point out that you have no right to privacy in a public space, and that’s true — to an extent. But where do you draw the line between publicity and paparazzi? Is it OK to snap a stranger’s photo while you’re talking to them, or is that considered rude and intrusive?

The benefits of biometric data

Of course, no one would be handing off a photo of their face if the technology was good for nothing.

It’s quick, easy, and convenient to log into your phone by putting your thumb on the home button. Though it’s possible for a hacker to find a picture of your thumbprint, they’d also have to snag your phone along with it to log in, essentially having to bypass a two-factor authentication system. Who has time for that just to steal a reel of cat photos?

Hackers also can’t brute-force their way into guessing what your face looks like. Letter and number combinations are finite, but the subtle variations of the human body are limitless. Nobody can create a program to replicate your biometric data by chance. Consequently, biometric authentication is an extremely strong security measure.

Police can also use biometric analysis to get criminals off the streets. Unlike a human with questionable accuracy, a camera is a reliable witness. It’s not perfect, of course, but it’s much better than asking shaken crime victims for a description of who mugged them. Smart cameras equipped with facial recognition can prevent wrongful detainments and even acquit people who would otherwise languish in jail.

The flip side is that facial recognition does occasionally get it wrong — people have been arrested for crimes they didn’t commit thanks to camera footage of a lookalike. As camera technology improves, hopefully the incidence of people being wrongfully accused will lessen. But for the few outliers who still get misidentified, the consequences can be grave.

Facing the facts

Ultimately, people will have to decide for themselves if they’re comfortable using biometric technology. You probably won’t encounter any problems using biometric authentication to access your phone or laptop, and it can vastly improve your security. The bigger ethical debate is in how third parties can use publicly available data — whether legal or leaked — to further their own gains. In the meantime, just know that your face is probably already in a database, so keep an eye out for doppelgangers.

The post The ethics of biometric data use in security appeared first on Cybersecurity Insiders.

Website defacement

Websites are central to business operations but are also the target of various cyber-attacks. Malicious hackers have found several ways to compromise websites, with the most common attack vector being SQL injection: the act of injecting malicious SQL code to gain unauthorized access to the server hosting the website. Once on the server, the hacker can compromise the target organization's website, and vandalize it by replacing the original content with content of their own choosing. This criminal act is referred to as website defacement. See Figure 1 for examples of past website defacements.

Figure 1. Examples of past website defacements.

While the act of vandalizing a website may seem trivial, it can be devastating for the victimized entities. If an e-commerce site is publicly compromised, for example, they suffer direct and indirect financial loss. The direct losses can be measured by the amount of revenue that would have been generated had the website not been compromised, and by the time and money spent to repair the damaged site. Indirect losses occur because of reputational damage. Potential customers may be deterred from providing their banking information to an organization portrayed and perceived as incapable of protecting their assets.

Threat actors

Unlike most forms of hacking, website defacement has a public facing component. Assailants are eager to get credit for their success in compromising websites and are notorious for bragging about their exploits across various platforms, including general social media (e.g., Facebook, Twitter, Youtube, etc.) and hacking specific sites. The most popular platform on which hackers report successful defacements is Zone-H. Users of the platform upload evidence of their attack, and once the attack is verified by the site’s administrators, it is permanently housed in the archive and viewable on Zone-H’s webpage. Zone-H is the largest hacking archive in the world: over 15 million attacks have been verified by Zone-H thus far, with over 160,000 unique active users. The archive, as depicted in Figure 2, includes the hackers’ moniker, the attacked website's domain name, and an image of the defacement content (resembling the images depicted in Figure 1).

Figure 2. Zone-H: The largest hacking archive in the world.

Hackers tend to use the same moniker across platforms to bolster the reputation and status of their online identity, which allows for the gathering of digital artifacts and threat intelligence pertinent to the attack and attacker, respectively. Indeed, we have been systematically gathering data on active malicious hackers who report their successful defacements to Zone-H since 2017 and, in doing so, have uncovered several interesting findings that shed light on this underground community. For example, and in direct contrast to Hollywood’s stereotype of the lone actor, we observed an interconnected community of hackers who form teams and develop their skills through collaboration and camaraderie. We also found variation in hackers’ attack frequency: some hackers are extremely prolific and can be classified as persistent threats, while others only engage in a few attacks before disappearing. These findings served as motivation for this study.

Criminal trajectories           

Recently, we built an analytic model capable of predicting which new hackers will become persistent threats at the onset of their criminal career. The study began by identifying 241 new hackers on the Zone-H archive. We then tracked each of these hackers for one year (52 weeks) following their first disclosed website defacement. We recorded their total number of attacks, extracted and analyzed content from their defacements, and gathered open-source intelligence from a litany of social media and hacking sites. In total, the 241 hackers in our study defaced 39,428 websites within the first year of their hacking career. We identified 73% of our sample on a social media site and found that 50% also report their defacements to other hacking archives. Finally, we extracted and analyzed the content of each new hacker's first defacement and found that 39% of hackers indicated involvement with a hacking team, 12% posted political content, and 34% left their contact information directly on the compromised site. 

To plot trajectories, we had to first disaggregate the dataset to determine whether each of the hackers in our sample defaced at least one website each week for the 52 weeks following their first defacement. Upon completion, we employed latent group-based trajectory modeling to determine if, and how many, unique criminal trajectories exist. Results are presented in Figure 3. We found that new hackers follow one of four patterns: low threat (28.8%), naturally desisting (23.9%), increasingly prolific (25.8%), and persistent threat (21.5%). Hackers classified as low threat (blue line) engage in very few defacements and do not increase their attack frequency within one year of their first attack. Those labeled as naturally desisting (red line) begin their careers with velocity, but this is short-lived. Conversely, those classified as increasingly prolific (green line) engage in more attacks as they advance in their criminal careers. Finally, those deemed as persistent threats (yellow line) begin their careers with velocity and remain prolific. To our knowledge, we are the first to plot the trajectories of new malicious hackers.

Figure 3. The one-year trajectory of new malicious hackers.

After plotting the trajectories, we employed a series of regression models to determine if open-source intelligence and digital artifacts can be used to predict the evolution of a new hacker's criminal career. Contrary to our expectation, we found politically driven hackers are at an increased odds of naturally desisting. While these hackers may engage in a high number of attacks at the onset of their career, this is short-lived. We suspect eager new hacktivists simply lose sight, or get bored, of their cause. Conversely, new hackers who post their contact information directly to the compromised site are at a decreased odds of naturally desisting. Tagging a virtual crime scene with contact information is a bold move. We suspect these hackers are rewarded for their boldness and initiated into the hacking community, where they continue defacing websites alongside their peers.

Different patterns emerged when predicting who will become a persistent threat. We found that social media engagement and reporting defacement activity to other platforms increase the odds of being a persistent threat. This may boil down to commitment: hackers committed to building their brand by posting on multiple platforms are also committed to building their brand through continual and frequent defacement activity. The most interesting, yet also intuitive, patterns emerge when predicting who will become increasingly prolific. We found that hackers who report to other platforms and indicate team involvement engage in more attacks as they progress in their career. Joining a hacking team is a valuable educational experience for a new hacker. As a novice hacker learns new skills, it is no surprise they demonstrate their capabilities by defacing more websites.

Taken together, these findings offer insight into the development of proactive cybersecurity solutions. We demonstrate that open-source intelligence can be used to predict which hackers will become persistent threats. Upon identifying high-risk hackers, we believe the next logical step is to launch early intervention programs aimed at redirecting their talent toward something more constructive. Recruiting young hackers for cybersecurity positions could create a safer cyberspace by filling the nation’s skills shortage while simultaneously removing persistent threat actors from the equation.

Acknowledgements

This work was conducted alongside several members of the Evidence-Based Cybersecurity Research Laboratory. We thank Cameron Hoffman and Robert Perkins for their continual involvement on the hacking project. For more information about our team of researchers and this project visit https://ebcs.gsu.edu/. Follow @Dr_Cybercrime on Twitter for more cutting-edge cybersecurity research.

The post Predicting which hackers will become persistent threats appeared first on Cybersecurity Insiders.

In today's world, cybersecurity is an ever-growing concern for businesses. With the rising threat of cyber threats and data breaches, it can be difficult for companies to keep up with the latest security technologies and stay ahead of the curve. Managed Security Services Providers (MSSPs) provide comprehensive security solutions to clients. They offer various services, from monitoring and threat intelligence to incident response. MSSPs are ideal for businesses looking for an all-in-one security solution tailored to their specific needs. MSSPs offer a wide range of services to help protect businesses from cyber threats. Here are some initiatives that MSSPs should consider when looking to help customers in 2023.

Making Zero Trust attainable

As the global landscape continues to test our resiliency, staying focused on a security-first mindset is critical. Organizations must consider the most significant risks and take a proactive approach to address cyber risk concerns. This means assessing the current state of their cybersecurity, understanding their attack surface, and rethinking their security strategy with a Zero Trust model. By taking a risk-based approach to vulnerability management, implementing cloud security measures, and developing third-party risk management solutions, organizations can ensure they are prepared to adapt to the ever-changing digital landscape and remain resilient in the face of cyber threats.

The traditional perimeter as we know it is no longer viable due to the shift to remote and hybrid working. To keep our networks secure, Zero Trust architecture is essential. Zero Trust reduces the risk of security breaches by authenticating and authorizing every person and system before granting access. Nowadays, the security industry is figuring out how to apply Zero Trust practically. Established companies are using the term Zero Trust in their product portfolios to capitalize on the opportunity. Ultimately, Zero Trust will become more prominent with measurable results.

Risk-Based vulnerability management

Managing vulnerabilities inside your environment are challenging. New attack vectors for threat actors to breach your network are identified daily. Organizationally, the attack surface is constantly changing due to IT device and platform lifecycle issues, changing operational priorities, and the adoption of emerging technologies. With every change comes the risk that a new flaw or configuration issue will provide a threat actor with the final link in their attack chain, resulting in an impact on your users, operations, and customers.

Your network is expanding in the traditional sense and with the ever-increasing role of endpoints, devices, and the Internet of Things. Each year you see the amount of data multiply exponentially, the threat of attacks become more sophisticated, and the challenge of minimizing risk and optimizing operations grow more challenging. It can feel like a never-ending battle, yet identifying, prioritizing, and managing vulnerabilities through remediation is not only possible—it can be simple.

Vulnerability management is an established function of information security, but with technology configurations constantly evolving and cloud and container infrastructure expanding, the complexities of vulnerability management persist. Today's best vulnerability management platforms have been designed with visibility, remediation automation, and improved vulnerability prioritization.

Vulnerability and patch management are essential for any organization, as is the need for risk reduction. With the right risk reduction strategy, organizations can improve their cyber resilience and reduce their risk. To help ensure that organizations keep their IT infrastructure up-to-date and secure, they should focus on strengthening the fundamentals of vulnerability and patch management, risk reduction, and Managed Extended Detection and Response (MXDR). By implementing these strategies, organizations can reduce risk and improve security posture.

Security Mesh, Zero Trust, and SASE (Secure Access Service Edge)

These are three technology trends converging to allow organizations to consolidate and optimize their Zero Trust initiatives. Security Mesh provides a cloud-based fabric that enables organizations to connect to users, applications, and data in a secure and unified fashion. Zero Trust is a security model that eliminates the concept of trust assumptions based on internal network boundaries.

And SASE is a cloud-delivered service that combines network and security functions, including secure access, cloud security, and network security, into a single integrated solution. These technologies can be used together to reduce complexity and help organizations to implement their Zero Trust strategies quickly and effectively. By consolidating and optimizing Zero Trust initiatives, organizations can gain the security, agility, and scalability needed to accelerate their digital transformation.

The biggest challenge for SASE adoption is the split decision between networking and security components. While the two technologies have their strengths and weaknesses, their integration is the most critical factor for successful SASE deployments. Enterprises need to evaluate both solutions' performance, scalability, scalability, reliability, and cost to determine which is best suited for their needs. Additionally, at the same time, they need to consider the synergies between both solutions to make sure that the combination of them will yield the best results. The primary benefit of SASE is the integration of networking and security services, which simplifies the provisioning and maintenance of both solutions.

Additionally, the service provider can offer more tailored solutions to its customers, allowing them to customize their SASE deployments to meet their specific needs. This makes the solution more attractive to enterprises and increases the likelihood of adoption. Ultimately, the split decision between networking and security components is a challenge that SASE must overcome to remain relevant in the future. Enterprises need to weigh both solutions' pros and cons and ensure they invest in the right technologies. By doing so, they can ensure that they get the most out of their SASE deployments and guarantee that their solutions remain up-to-date and secure.

Cyber Resilience

As MSSPs look to offer a Cyber Resilience service that leverages expertise to enhance protection, detection, and response capabilities while driving an organization's ability to recover in the event of a malicious attack rapidly. MSSPs can help shift an organization's model from reactive to proactive, helping the team prepare for potential cyberattacks by implementing a resilience model. This end-to-end service capability helps reduces risk holistically and supports an organization's ability to identify, protect, detect, respond, and recover from malicious activity. Cyber Resilience service is a customized strategy to enhance your current people, processes, and technology based on comprehensive strategic and tactical evaluations across an enterprise.

The post Building blocks for Cyber resilience:  MSSPs can lead the way appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  

Most, if not all, industries are evolving on a digital level heading into 2023 as we take the journey to edge computing. But the automotive industry is experiencing technological innovation on another level. A rise in the production of connected vehicles, new autonomous features, and software that enables cars to self-park and self-drive are great examples of the digital evolution taking the automotive industry by storm. 

According to the AT&T 2022 Cybersecurity Insights (CSI) Report, 75% of organizations plan to implement edge security changes to help mitigate the kind of risks that affect cars, trucks, fleets, and other connected vehicles and their makers. And for a good reason.

These automotive features and advancements have offered cybercriminals an array of new opportunities when it comes to cyberattacks. There are several ways that threat actors are targeting the automotive industry, including tried and true methods and new attack vectors. 

In this article, you’ll learn about the top 8 cybersecurity threats facing the automotive industry heading into 2023 and what the industry can do to prevent threats. 

Automotive Cybersecurity threats

As autos increasingly come with connectivity features, remote threats are more likely. A recent report revealed that 82% of attacks against the automotive industry (including consumer vehicles, manufacturers, and dealerships) were carried out remotely. Plus, half of all vehicle thefts involved keyless entry. 

Automakers, dealers, and consumers play a role in automotive cybersecurity. But as the industry continues to adopt connected technologies, it will become increasingly important that organizations take a proactive approach to cybersecurity. 

When it comes to automotive threats, there are countless methods that hackers use to steal vehicles and driver information and cause problems with the vehicle’s functioning. 

Let’s explore the top 8 cybersecurity threats facing the automotive industry this year.

Keyless car theft

As one of the most prominent threats, keyless car theft is a major concern for the automotive industry. Key fobs today give car owners the ability to lock and unlock their doors by standing near their vehicle and even start their car without the need for a physical key. 

Autos enabled with keyless start and keyless entry are prone to man-in-the-middle attacks that can intercept the data connection between the car and the key fob itself. Hackers take advantage of these systems to bypass authentication protocols by tricking the components into thinking they are in proximity. Then the attacker can open the door and start the vehicle without triggering any alarms. 

EV charging station exploitation

Electric vehicles are becoming more popular as the globe transitions to environmental technologies. Charging stations allow EV owners to charge their vehicles in convenient locations such as public parking lots, parks, and even their own garages. 

When you charge an EV at a charging station, data transfers between the car, the charging station, and the company that owns the device. This data chain presents many ways threat actors can exploit an EV charging station. Malware, fraud, remote manipulation, and even disabling charging stations are all examples of ways hackers take advantage of EV infrastructure. 

Infotainment system attacks

Modern cars require over 100 million lines of code to operate. Most of that code goes into the vehicle’s firmware and software that allows navigation, USB, CarPlay, SOS functions, and more. These infotainment systems also provide criminals an open door to an automobile’s ECU, endangering lives and compromising control of the vehicle. 

There are many code vulnerabilities that manufacturers need to look out for, and as infotainment systems continue to become more complex and sophisticated, there will be even more vulnerabilities to uncover. 

Brute force network attack

Another common attack type that affects the automotive industry is the good old-fashioned brute force network attack. Many of the threats that face connected and automated vehicles and businesses in the automotive industry are similar to common cloud security threats, but that doesn’t make them any less damaging.

Brute force attacks are tried and true cyberattacks that target a network with the goal of cracking credentials. In the automotive industry, the brute force attack can have far-reaching impacts. Manufacturers, dealers, and owners can all become victims of this type of attack. When credentials become compromised, entire systems can easily become the target of sophisticated attacks that can end in faulty firmware, large-scale data leaks, and vehicle theft. 

Phishing attacks

Another way that hackers can obtain the credentials to enter a target network is through social engineering attacks such as phishing. The attacker will send automotive company employees an email where they pose as a trusted sender, complete with official-looking HTML and signature. Sometimes the attacker will ask for the credentials outright, but usually, attackers will place a link with malicious code in the email. 

When the receiver clicks the link, the malicious code is executed, and the cybercriminal can roam freely in the target system, access sensitive data, and perform further attacks from the inside. 

Compromised aftermarket devices

Insurance dongles, smartphones, and other third-party connected devices also pose a cybersecurity threat to the automotive industry. These aftermarket devices are connected directly to vehicle systems, offering hackers another way to launch an attack. 

This threat also leaves much to consider for those that want to buy a used car. Many people choose to sell or trade used cars through car dealerships, where consumers can find a deal on a previously owned vehicle. Connected devices can leave malware and backdoors in the auto’s system, putting the next owner at risk, too. 

Ransomware

Ransomware is one of the most pervasive threats in tech today. Unfortunately, the automotive industry is no exception. Ransomware is a significant threat to the vehicle industry, including OEMs, consumers, and dealers. 

A threat actor can hold an organization’s data hostage in exchange for a significant ransom. Without the right credit protection services, automotive businesses can find themselves in financial trouble. These attacks affect IT systems and operations and can cause expensive shutdowns.

Automotive supply chain attacks

The auto industry utilizes a complex supply chain to source the components that are used to build new vehicles, perform repairs, and provide services. This supply chain presents a huge risk to the industry, as each connected endpoint is a vulnerability waiting to happen. 

But supply chain attacks can trickle down to consumers as well. Updates containing malicious code can be pushed to connected cars, bad actors can compromise firmware, and malware can put supplier operations to a complete halt. 

How the industry can keep automotives secure

Cybersecurity should be a central goal throughout the automotive lifecycle. But it’s also important that automakers improve their cybersecurity expertise to monitor connected and automated vehicles on the road. 

The National Highway Traffic Safety Administration (NHTSA) recently released its recommended cybersecurity best practices for modern vehicles to help strengthen the underlying data architecture of vehicles and protect against potential attacks.

They say that the automotive industry should follow the cybersecurity framework from the National Institute of Standards and Technology (NIST) that focuses on five key functions: identify, protect, detect, respond, and recover. The NHTSA recommendations for vehicles are based on the NIST framework but written specifically for the automotive industry. 

And finally, the Federal Trade Commission (FTC) has also established regulations for connected and automated vehicles. Under the new Safeguards Rule, dealers are expected to meet cybersecurity compliance for their organizations and vehicles by June 2023. 

Final thoughts

Automotive manufacturers, sellers, consumers, suppliers, repairers, and all others in the industry play a critical role in improving the security of connected vehicles in 2023 and beyond. Learn more about how to defend your network from critical incidents. 

The post The top 8 Cybersecurity threats facing the automotive industry heading into 2023 appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Recent trends show that car dealerships are becoming a prime target for cyber-attacks, partly due to the rise in autonomous and connected vehicles. This is in addition to more traditional attacks such as phishing. Therefore, car dealerships are urged to take measures to improve their cybersecurity. 

Throughout this article, we will focus on how to protect your car dealership from cyber-attacks, from technological solutions to raising staff awareness, and more. 

Why are car dealerships being targeted by cybercriminals?

Car dealerships collect a significant amount of data which is often stored on-site. This data includes things such as names, addresses, email addresses, phone numbers, and perhaps more importantly, financial information such as bank details and social security numbers. Gaining access to this database can be very lucrative for criminals. 

According to the Second Annual Global State of Cybersecurity Report by CDK Global in late 2022, 15% of all auto dealerships surveyed sustained a cyberattack that year, with 85% of the incidents occurring due to phishing specifically. The report also found that as customers move to a more mobile environment, dealerships will need to secure their desktops and mobile devices to protect against potential cyberattacks.

A cybercriminal’s life is made much easier if a car dealership uses outdated IT infrastructure and lacks sufficient processes in terms of protecting employee login details. 

How are car dealerships vulnerable to cybersecurity attacks?

Before we discuss how to protect your car dealership from a cyber-attack, it is important to know what makes a car dealership vulnerable, and what sort of attacks it could be subjected to. 

• Open Wi-Fi Networks – Many car dealerships have open Wi-Fi networks for their customers to use freely. However, this provides an opportunity for hackers who can potentially access other areas of the network that store sensitive data.
   
• Malware – Malware is possibly the most likely form of cyber-attack, targeting individuals within your organization with malicious email attachments that execute software onto the victim’s device. This software can then grant the attacker remote access to the system.
   
• Phishing – Phishing emails are much more sophisticated than they used to be, appearing much more legitimate, and targeting individuals within the company. If an email seems suspicious or is from an unknown contact, then it is advised to avoid clicking any links.
   
• User error – Unfortunately, anyone working for the car dealership, even the owner, could pose a risk to security. Perhaps using lazy passwords, or not storing log-in details in a safe place. This is why cyber security training is now becoming mandatory at most businesses. 

The consequences of cyber-attacks on car dealerships

If a small-to-medium-sized car dealership is the victim of a cyber-attack, then it can have a much bigger impact than just a short-term financial loss. Some smaller businesses that suffer a data breach may go out of business after such an event, losing the trust of their customer base, and failing to recover from the financial impact.

Research suggests that most consumers would not purchase a car from a dealership that has had a security breach in the past. Failing to prevent a cyber-attack and a criminal from gaining access to customer information is extremely detrimental to a business’s public image. 

How to protect your car dealership from cyber-attacks

Regardless of whether you already have security measures in place, it is always advised to assess how they can be improved and constantly be on the lookout for vulnerabilities within the organization. 

In this section, we will discuss how to improve cybersecurity within a car dealership, breaking down the process into three key stages. 

Stage one – Implementing foundational security

Establishing strong foundational security is key to the long-term protection of your business. When creating your foundational security strategy you should focus on seven main areas.

1. User permissions 

Ensure administrative access is only provided to users who need it as granting unnecessary permissions to standard users creates numerous vulnerabilities. Ensure that only the IT administrator can install new software and access secure areas. 

2. Multi-factor authentication 

Multi-factor authentication means more than just a traditional username and password system. Once the log-in details have been entered, users will also need to enter a PIN that can be randomly generated on their mobile phone, or issued periodically by the administrator.

For added protection, you could also implement a zero-trust strategy. 

3. Data backup recovery processes

The effects of ransomware attacks can be sometimes avoided if important files are regularly backed up, such as each morning. Once stored, there should also be procedures in place to quickly restore this data to minimize any downtime. 

4. Firewalls and other security software

Many car dealerships continue to use older firewall software and outdated security services. Newer, next-generation firewalls offer much more protection, securing even the deepest areas of the network while being more effective at identifying threats. 

5. Endpoint protection 

The endpoint refers to a user’s mobile device or computer that may be targeted by attacks such as phishing emails. Endpoint protection can help secure these devices, identifying malware and preventing it from spreading to other parts of the network.

As part of modernization efforts, some businesses are choosing to protect their phone systems by using a cloud solution.

6. Email gateways

Similar to the above, email and web scanning software is essential to protect data and business operations. This can identify threats and warn the user to prevent them from opening malicious links or opening suspicious attachments. 

7. Email training

Many businesses test their workforce by sending fake phishing emails to see how employees respond. If the correct actions are not taken, then the individual can be given cyber security training to raise their awareness so that they take appropriate action in the future. 

Stage two – security processes

Once all of the above has been assessed and the necessary course of action has been taken, it is time to think about the critical security processes that need to be implemented. These are vulnerability management, incident response, and training. 

1. Vulnerability management 

Firstly, an inventory of your assets (software and devices) needs to take place so you know what needs to be protected. Once this has been done, all software should be checked to determine if it has been patched with the latest update. 

Finally, vulnerability scans should be run on a monthly or quarterly basis. This can be done via penetration testing or an internal network scan. 

2. Incident response

Policies should be drafted in the case of an incident or data breach so the correct course of action can be taken in terms of contacting the necessary parties. Numerous people should also be trained to respond to an incident should a key individual, such as the IT manager not be present. 

Network analysis needs to take place immediately after an incident, whether this is in-house or externally. This is necessary for insurance purposes.

3. Training

Cybersecurity and Acceptable Use policies need to be created so everyone knows what needs to be done in the event of a breach and what their responsibilities are. This can be combined with thorough security training to increase awareness. 

Stage three – ongoing security activities

To ensure your business is protected at all times, it is vital that your IT team is on top of things and you do not rest on automated tasks and policies. 

Key activities include:

• Using an encrypted email solution
• Employing a VPN for remote workers to encrypt the connection
• Mobile device security, management, and protection 
• On-going monitoring, risk assessments, and sticking to best practices

Protecting your car dealerships from Cyber-attacks – summary

According to October, 2022 research from CDK Global, car dealerships are being targeted by cybercriminals who see them as an opportunity to steal sensitive information and financial details. This can be done in multiple ways including phishing scams and malware.

To tackle this, car dealerships should focus on three key areas: the business’ foundational security, implementing security processes, and performing key security activities on an ongoing basis.

The post How to protect your car dealership from cyber-attacks appeared first on Cybersecurity Insiders.

Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Extended Detection and Response customers. 

Executive summary

Since mid-June 2022, AT&T Managed Extended Detection and Response (MXDR) Security Operations Center (SOC) observed an enormous number of attacks from Mirai botnet-C2 attempting to gain access to SSH servers instead of Telnet.

Due to the various tactics, techniques, and procedures (TTP) observed, this attack has been associated with RapperBot botnet (Mirai variants.) RapperBot’s goal is still undefined.

According to the analysis that was published by FortiGuard Labs, while the majority of Mirai variants can naturally brute force Telnet servers that use default or weak passwords, RapperBot in particular scans and attempts to brute force SSH servers that are designed to require password authentication.

A large part of the malware is executing an SSH 2.0 client which is able to connect and brute force any SSH server using Diffie-Hellman key exchange with 768-bit or 2048-bit keys and data encryption using AES128-CTR. A unique characteristic of brute forcing in RapperBot is the use of SSH-2.0-HELLOWORLD in order to identify itself to the targeted SSH server during the SSH Protocol Exchange phase.

One of the malicious Mirai botnet IP addresses had allowed network traffic with an asset in an organization over SSH port 22. After some data transferring, the session closed with the client-reset action. The MXDR SOC team quickly identified and recommended mitigation steps to prevent lateral movement and the attacker going further.

Initial alarm review

Indicators of Compromise (IOC)

The alarm initiated with the multiple Open Threat Exchange (OTX)  pulses (Miraibotnet-C2- CDIR Drop List) and an OTX indicator of a known malicious IP. There was network traffic between the known malicious IP and a public IP of an internal asset in an organization. The network traffic was over SSH port 22, and the security system (firewall) action was a deny. The security system (firewall) deny action was evidence of the auto-mitigation. In this case, auto-mitigation means the attack is prevented by firewall rules and threat intelligence by denying the connection from malicious IP.

However, further analysis of the events showed that the traffic was allowed from the malicious IP to another internal asset. In addition to this, there were signs of data transfer from source IP with “sentbyte=1560, rcvdbyte=2773, sentpkt=15, rcvdpkt=13”

** Risk mitigation in Cybersecurity is the reduction of the overall risk/impact of cyber-attacks. Detection, prevention, and remediation are three components of risk mitigation in cybersecurity.

Expanded investigation

Events search

After checking events associated with the alarm, the team always checks the environmental security to see if the malware had further penetrated the environment or attempted any lateral movement.

The team searched events by pivoting on the indicator IP, filtering the past 90 days of events, and the security system (firewall) allowed action types. It was determined that there were a few connections from malicious IP to different internal assets with the client-rst, server-rst, timeout, and closed events.

Client-rst – Session reset by client, Server-rst – Session reset by server

These are usually session end reasons that show who is sending TCP (Transmission Control Protocol) reset and the session terminates – so this does not mean that a security system (firewall) is blocking the traffic. It means after a session is started between client-to-server, it is terminated by (client or server), depending on who sent the TCP reset. Session-end results can be found in traffic logs.

The team suspected that the system might be compromised because the session was reset from the client side (which is the adversary side.) It was then observed that the session was closed (terminated) with a large amount of packet transmissions.

Event deep dive

After further examination of the allowed connections, the malicious IP showed traffic with the customer security system (firewall) over SSH port 22. SSH port 22 uses a TCP connection. Therefore, before transferring data  it needs to establish a reliable connection with the 3-way handshakes.

In order to handshake the header (first two packets), TCP uses approximately 24 bytes and for normal transmission of packet about 20 bytes. Establishing a reliable connection with 3-way handshake needs just three packets to be transmitted. Establishing a connection: ~ 128-136 bytes.

Another observation is that the sent and received bytes with the packet size are indicators of data transferring due to the packets and bytes being bigger than normal packets and bytes of TCP 3-way handshake. This is believed to be an indication of a payload or compromised credentials.

Rapperbots work like an SSH brute-forcing campaign. After it has gained access on a device, it sends its architecture to the C2 server – the device’s IP, and the credentials used. Then the adversary tries to load the main payload binary on the compromised device via binary downloader or software like ftpget, wget, curl, or tftp, that is installed on the device.

Reviewing for additional indicators

At this point, the attacker tried to get “Initial Access (tactic)” into the network by using “Exploit Public Facing Application” technique based on the Mitre Att&ck Framework.

Exploit Public Facing Application is a technique which is used by adversaries to take advantage of vulnerabilities/weaknesses in a program or internet facing computer to gain Initial access to a network. In this case, even though there was evidence of data transfer, evidence of payload or lateral movement activity were not seen.

Response

Building the investigation

An investigation was created by following the incident response process. The investigation included identifying the incident, finding the root cause of the incident and Indicators of compromise. Then we made recommendations to the customer on mitigation/remediation steps. We communicated with the customer to ensure necessary actions are executed. Recommended mitigation steps were:

• Blocking the malicious IP
• Disabling SSH password authentication (if possible)
• Changing passwords to stronger passwords for the device.

Incident response is an organizationed approach and process to manage cybersecurity breaches/incidents or cyberattacks. It includes multiple steps:

• Identifying an incident/attack
• Minimizing damage
• Eradicating the root cause
• Minimizing recovery cost and time
• Learning lessons from the incident
• Taking preventative action

According to the analysis that was published by FortiGuard Labs, Rapperbot developers improved their code to maintain persistence, which differentiates it from other Mirai variants. Even after rebooting infected assets or removing malware, intruders can continuously access infected assets via SSH. Therefore, rebooting the device or removing malware Is not a permanent mitigation option.

The Rapperbot’s primary threat is brute forcing the credentials of SSH. By disabling SSH password authentication (if possible), or changing passwords to stronger passwords for the device, the Rapperbot mitigation can easily be done.

Customer interaction

The customer wanted to be kept in the loop and informed if the attack continues.

Limitations and opportunities

Limitations

In this investigation, MXDR was unable able to see inside the transmitted packets. As a result of the lack of visibility into the network flows in the environment, MXDR has limited access to the customer environment. However, MXDR suspected the data transfer could include the main payload binary on the compromised device.

The post Stories from the SOC – RapperBot, Mirai Botnet – C2, CDIR Drop over SSH appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

A smart device is any device connected to the internet and can be controlled by a computer or smartphone. This includes devices such as home appliances, security cameras, thermostats, doorbells, lighting systems, and other connected gadgets.

Smart devices are becoming increasingly popular due to the convenience they offer. However, with this convenience comes a greater risk to your privacy.

When people talk about smart devices, what they are referring to more broadly is the internet of things (IoT) and its ability to connect all your devices together. This means that all the data collected by each device can be accessed and shared with other connected devices, potentially exposing personal information about you and your home life.

Here are 9 ways in which smart devices can compromise your privacy.

1. Location tracking

Many smart devices track and store users’ locations, which can be used to build detailed profiles of their activities. This data can then be sold to third parties without the user’s knowledge or consent.

This has become a major problem with smart devices such as fitness trackers and smartphones. If you’re not careful, your device could be sharing more data than you think. You might be under the impression that you’re in control of the data it collects, but this is not always the case.

2. Insecure Wi-Fi connections

Many smart devices use Wi-Fi to connect to the internet. This means it can be vulnerable to hackers if proper security protocols are not in place. Hackers can access your device, view sensitive data such as passwords, and even take control of it.

There have been instances of hackers hijacking smart devices via Wi-Fi connections and using them to launch cyber-attacks. This is especially true if you travel with smart devices like phones or laptops, as they may be connecting to unsecured Wi-Fi networks.

3. Vulnerable webcams

Smart devices often come with built-in cameras and microphones, which can be hacked into to gain access to audio and video recordings of the user. This has been a major issue in recent years with reports of “webcam hacking” becoming increasingly common.

It is increasingly common for people to have cameras in their doorbells, in their baby monitors, and even in their TVs. All of these can be hacked into if the user doesn’t take proper security measures.

For example, there have been instances where hackers have hijacked security cameras and used them to spy on unsuspecting users in their homes. This is an extreme case of a privacy violation that can be prevented with proper security measures.

4. Poorly secured cloud databases

Many smart devices store data such as pictures and videos in the cloud, meaning they are accessible from any device. However, this also leaves them vulnerable to hacking.

If the cloud service that stores your data is not properly secured, hackers can gain access to it and view, copy, or delete sensitive information. This could be anything from your banking details to private photos of you and your family.

5. Third-party app permissions

Many smart devices have a range of third-party apps that users can download. However, these apps often require access to certain permissions to work.

For example, an app might need permission to access your contacts or your location data. This means it can collect and share this information with other companies without the user’s knowledge or consent.

It’s important to read through the terms and conditions carefully before downloading any app, as it may be collecting more data than you think.

6. Data breaches

Smart devices often store data on servers located off-site. This means that if those servers are hacked, your data could be exposed to malicious actors. It is important to make sure your device is regularly updated with the latest security patches and that you are aware of any data breaches that could affect it.

As more and more people adopt smart tech, there is an increased risk of data breaches. Both companies and individuals must take extra steps to ensure the security of their customers’ data, or else they face serious consequences.

7. Unsecured Bluetooth connections

Many smart devices make use of Bluetooth technology to connect to other devices wirelessly. While this is convenient, it also leaves the device vulnerable to hackers. If a hacker can access your Bluetooth connection, they can gain access to the data stored on the device.

It is important to keep your Bluetooth connection secure by regularly changing the password and only pairing devices you trust. Additionally, it’s a good idea to periodically scan for any unauthorized connections.

8. Data mining

Many smart devices collect data about users’ habits and activities, which can then be used for targeted advertising or other commercial purposes. This means your device might be collecting more information about you than you realize.

It’s important to be aware of what data your device is collecting and who it is being shared with. You can also adjust the settings on your device to limit the amount of data that is being collected. Even if it's just for commercial purposes, you should know and be able to control what data is being collected.

9. Voice commands

Smart devices often come with voice-activated assistants such as Alexa and Google Home. These are designed to make our lives easier, but they can also be used to gather sensitive information about your home life.

When you speak to a voice assistant, your voice is stored on the company’s servers and could potentially be accessed by other parties without your knowledge or consent. What's more, a lot of people find it creepy that these devices can actually listen to what you are saying even if you are not giving direct commands to the smart device, which can be a huge privacy concern.

Conclusion

Smart devices can be a great addition to any home, but it is important to keep in mind the potential risks associated with them. From unsecured cloud storage and third-party app permissions to data mining and voice commands, there are many ways that these devices could compromise your privacy. By being aware of these potential risks and taking the necessary steps to protect your data, you can help ensure that your privacy remains safe.

The post 9 Ways smart devices can compromise your privacy appeared first on Cybersecurity Insiders.