As Bring Your Own Device (BYOD) and Remote Access policies ramp up, so too does the mad dash to secure these new endpoints. Gartner predicted that by 2017, half of employers will require employees to supply their own device for work purposes. With so many fresh attack surfaces, employers scramble to assemble additional security layers that prevent data leakage and intrusions. The nature of BYOD proves challenging as devices in the wild show volatility without proper VPN and next-gen firewalls to lock down security.
Our solutions
Secure Mobile Access – Powerful, cost-effective secure mobile and remote access means that your users have access to applications wherever they’re working, so they stay productive and your company stays competitive.
SonicWall VPN – Ensure secure access to crucial applications for Android & iOS mobile devices using SSL and policy-based enforcement.
Next-Generation Firewalls – Next-Gen Firewalls provide you the power to execute cutting-edge security without your performance withering away.
Secure Remote Access – SonicWall Secure Remote Access solutions provide users with easy-to-use, secure, and clientless remote access to necessary resources on the corporate network.
Aventail SRA Connect Mobile – SonicWALL Aventail with Connect Mobile provides robust remote access solutions for smart phone users, with “in-office” access optimized for the device.
Trouble setting things up?
Firewalls.com provides a video library chock full of helpful how-to’s and troubleshooting guides. One of our certified engineers will provide the answers you crave to set up your remote access VPNs.
Firewalls.com is a value-added reseller of firewall appliances & a vendor of managed security and Firewall-as-a-Service support. Whether you’re looking to add an appliance to your security set-up or expand BYOD and remote access security, we provide solutions that get you secure and keep you secure. Contact our sales staff to answer questions you may have about your network, next-gen firewalls, or BYOD!
While it may sound like the final technique learned from Jackie Chan in a young adult movie, Hidden Cobra is actually the moniker given to state-sponsored actors executing cyber crime activities on behalf of the North Korean government. Before federal agencies reported on the activities of DPRK’s Hidden Cobra, the group was dubbed by the private sector as Lazarus Group or Guardians of Peace. Hidden Cobra is an extension of the North Korean government and targets both public and private entities with malware, data wipers, DDoS, and SMB worm tools. Known variants of Destover, Duuzer , and Hangman exploits are common modus operandi for Hidden Cobra. In addition, Hidden Cobra is notorious for their use of powerful DDoS attacks with their denial-of-service tool, DeltaCharlie.
Flushing Out the Snake
Hidden Cobra tends to target systems that run older, unpatched operating systems. The lack of firmware updates and plethora of attack surfaces found in obsolete Microsoft operating systems makes for low-hanging fruit the serpents are able to reach. A Technical Alert issued by the Department of Homeland Security and Federal Bureau of Investigation includes a database of recognized IP addresses and network signatures that they consider Indicators of Compromise (IOCs).
In addition to these IOC’s, DHS has published a Malware Analysis Report detailing the unique functionalities and common tactics demonstrated by Hidden Cobra actors.
Like real snakes, we have accumulated antidotes for a majority of the Hidden Cobra’s venoms. The following Common Vulnerabilities and Exposures (CVEs) are typical susceptibilities targeted by Hidden Cobra:
If Adobe Flash and Microsoft Silverlight are no longer necessary applications in your system, we highly recommend removing these programs completely.
Delta Charlie
Perhaps the most perilous tool operated by Hidden Cobra is their DDOS tool, DeltaCharlie. Sporting a standard botnet infrastructure, DeltaCharlie is used to launch DNS attacks, NTP attacks, and CGN attacks. DeltaCharlie disguises itself as a svchost service. The tool can download and operate macros, alter its own structure, and perform denial-of-service attacks on command.
If You’ve Been Targeted
Report the attack to DHS or FBI – Federal agencies are very interested in keeping tabs on the activity of North Korea’s state-sponsored cyber warfare adjuncts. You can report malware to the DHS here. They will certainly appreciate the information. Review visitor logs for IOCs – If you suspect Hidden Cobra is responsible for a raid on your network, cross-check records from your perimeter defenses against those IP addresses outlined in the Indicators of Compromise spreadsheet provided above. Run YARA– For readers unfamiliar with YARA, it is a tool developed by malware researchers to detect attack signatures. The Technical Alert issued by DHS and FBI include a variety of YARA rule definitions that can quickly and effectively track down signs of Hidden Cobra malware.
Preventing Hidden Cobra Attacks
Limit admin privileges – We’ve talked about this one before. When an attacker gets into your system, you don’t want everyone inside carrying around skeleton keys. Update your firmware – Hm. This one sounds familiar too. The straight-forward warning: the older your operating system, applications, or security patches, the more likely you are to be on the receiving end of cyber crime. This is as self-explanatory as comparing a modern digital security system to a string of rattling cans strung across the lawn. Go invite-only for your applications– The practice of whitelisting applications drastically cuts down potential attack surfaces in your network. In short, whitelisting is allowing only prescreened applications access to your system. If it’s not on the list, it stays outside. Leverage your firewall – Firewalls provide gateway security, content filtering, IP whitelisting, application controls, user groups, and more. There are a vast number of security options available to organizations to protect their data against the likes of Hidden Cobra, but most of them require a firewall appliance to operate. Think of your firewall as the command center of your security infrastructure. Next-generation firewalls are platforms designed to provide all of the security resources you need in one powerful appliance, known as Unified Threat Management.
Learn about UTMs offered by our manufacturer partners!
Stroll into any mid-range hotel with a flash drive in your pocket. Don’t bother with the old desktop computer in the lobby “business center.” Stop at the front desk, smile wide, and slap your USB device on the counter. Politely ask the guest services agent to print a document for you. If they direct you to the business center, claim that you tried it the previous night and couldn’t get it to work. Then observe.
Congratulations, you just slipped past the perimeter defense of a multi-billion dollar corporation. Let me lay out what happens next. The front desk staff takes your flash drive to the back, pops it into a USB port, and joyfully opens whatever file you ask them to.
I know this trick works because I’ve witnessed the scenario play out a thousand times. In a few instances, I was the unwitting hand guiding the thumb drive into a terminal. While most Firewalls.com blog posts shy away from anecdotes and keep individual histories at a professional arm’s length, this post is based on personal experience.
I worked in the hospitality industry for half a decade before shifting into the info sec market. This is what I learned.
Corporate Will Do the Leg Work for You
Okay, getting a file onto a machine was easy, but you’ve only infected a single computer on a closed network. Now what? Wait for corporate to do the heavy lifting.
Each night when the hotel audits their daily transactions, troves of data are gleaned from employee desktops and rolled up to the corporate servers for safe keeping. Your freeloading file needs only loiter on the network until about 2:00 or 3:00 in the morning, when corporate provides a free lift to the database where comprehensive financial data, transaction history, and confidential customer information for a multinational brand is stored.
Security Culture in 10 Minutes or Less
Hotel new hires typically sit through a series of training modules where the mainstays of employee on-boarding make their appearances: OSHA policy review, incident reporting, benefits programs, core values. If the brand is more forward-thinking, then somewhere in this hodgepodge of instructional videos is nestled the briefest touchpoint on cyber security.
Included in one training excursion I trudged through, the company splurged on commissioning Kevin Mitnick to narrate a nine-minute video on cyber crime. After a Spark Notes’ tier definition of social engineering, Kevin encourages new employees to address further email fraud questions to their direct supervisors.
Hoteliers Wear Many Hats, But None of Those are White Hats
Asking superiors for further information sounds reasonable, in a script. But I was a direct supervisor to over a dozen employees and was granted no special insight into preventing cyber crime. I was consistently preoccupied with expanding a repertoire of customer service, accounting, management, sales, payroll, quality control, HR, safety, facilities management, commercial kitchen, and plumbing skills. Hotel employees tend to be jacks of all trades at the expense of being even a journeyman in any specific talent. Specialists graduated away from the front lines quickly or were chased out when one of their duller skills failed to impress.
Perhaps further up the chain of command an answer could be uncovered? But my direct supervisor played audience to the very same training modules I watched. And his supervisors, now nearing the vice presidential or regional territory types, likely hadn’t seen a training video since before cyber crime was a credible threat. But surely further up the ladder, someone was watching over us. I’m certain that scouring LinkedIn or the company Outlook Address Book would inevitably turn up a VP of Technology or comparable title, but they were off in a lofty C-suite well outside the reach or even the zeitgeist of any ground-level employees looking for answers. For all intents and purposes, further information is impractical beyond utility if it exists at all.
Throwing the Baby Out With the Hogwash
An anecdote burned forever into my psyche involves an umbrella term that some corporate security wonk for one hotel brand took a liking to: hogwash. The term ‘hogwash’ and cyber security were married after an impassioned email in which the word was typed in bold font, in all capital letters, a total of 7 times. Several months later this diatribe lead to the introduction of a “hogwash button” on corporate email applications. At no point was it expounded exactly what ‘hogwash’ entailed or why reporting it proved crucial to company goals. The only instruction given was to delete and report any email that looked suspicious. The grounds for basing our suspicions, I suppose, were left to individual interpretation.
The Lesson to Be Learned
This is no simple attempt at picking on the hospitality industry. Instead, take this post as a wake-up slap. When discussing information security, there is a magnetic draw to discussing the healthcare industry, banking and financial institutions, or vulnerabilities haunting our governmental or infrastructure systems. But if we trot out the conversation to less flashy or FUD-inducing industries, we find a landscape brimming with entities just begging to be caught with their pants down. And while malware crashing the power grid makes for better thriller movie material, the hospitality industry still handles the confidential information of millions of travelers each day.
We must address the disconnect between security administrators in high towers and front-line employees operating in distant venues. Real human connections are necessary to impart the axioms of cyber security to ground level employees. This is personnel that doesn’t spend hours browsing Dark Reading or CNET.
Firewalls.com dedicates a lot of time and screen space to the cause of nurturing cyber security cultures in the office. We understand that even the most expensive and sophisticated security setup will fail if employees leave gateways wide open.
It’s time to revamp your library of training videos. It’s time to review SOPs with VPs who have occupied their positions since before the hazards of cyber crime fleshed out. It’s time to put cyber security on the same pedestals as accurate payroll, helpful customer service, and efficient logistics. And for the hotel industry in particular, it is time to leave the printing of boarding passes to airline kiosks.
Firewalls.com is a value-added reseller of firewall appliances & a vendor of managed security and Firewall-as-a-Service support. Our engineers are rigorously trained and certified by all of the major manufacturers that we partner with. Whether you’re looking to add an appliance to your security set-up or seek ongoing support from seasoned experts, we can provide the security solutions necessary to get you secure and keep you secure. Contact one of our knowledgeable sales staff to answer any questions you may have about your network, firewalls, or endpoint protection.
Metaphors for cyber security tend to gravitate towards the adversarial. We break into teams. We assign colors. We talk in terms of warfare. We man battle stations and try to push back against bad guys on active fronts. When discussing cyber security in the mindset of battle, of raiders and defenders, we find our line of thinking entrapped by binary outcomes of victory or defeat. However, framing the conversation in a fresh conceit fosters perspectives that may otherwise elude us.
While stock photo options for warfare are objectively more metal, we would like to investigate cyber security through the lens of epidemiology. Public health is a struggle that does not produce 100% winners or 100% losers. Instead, the goal revolves around mitigating infectiousness to the point that a disease no longer possesses the means to reproduce its efforts en masse, thus undercutting its capability to evolve into more sophisticated strains. This change in victory conditions births discussion of herd immunity.
What is herd immunity?
Herd immunity is a term used in epidemiology describing a secondary line of defense against infection that benefits individuals who cannot or have not gained immunity already. Vaccines are widely regarded as the primary security point against the spread of infectious diseases but thanks to the effects of herd immunity, those persons who cannot receive vaccination find shelter in a majority of the population being unable to spread disease.
Like malware, the first goal of a disease is to spread to the greatest number of hosts possible. A higher percentage of individuals infected by a disease grants that disease better potential to spread to new hosts. However, as the percentage of the population with immunity to that disease grows, the ability for the disease to spread softens.
Simply put, a disease with fewer bridges available to cross is limited in the distance that it can travel. Without delving too deep into epidemiology theory, a concept exists of thresholds that, once crossed, generally spell the end of outbreaks. In some cases, a combination of vaccination and herd immunity has led to the effective eradication of a disease. When was the last case of polio in the United States? The elimination of wild polio strains in certain regions is thanks to the fact that widespread immunity makes it more difficult for a polio outbreak to gain footholds in a human ‘herd’ and even more difficult for an outlier case to spin out of control.
In the past, human populations were concentrated in small, isolated groups. This meant that the extent of outbreaks were limited by geological factors. Spatial limitations no longer come into play in the modern era where humans can travel over mountains, across oceans, and hop between continents in a day’s time. Increased globalization and greater access to remote geographical regions mirrors the growth of interconnected, Internet-connected devices represented by the Internet of Things.
If we think of the Internet of Things as a population, we see a growing potential for infections to spread over new channels and pathways. The threat of more interconnected and heterogeneous mixing pushes higher the necessary threshold to trigger the benefits of herd immunity.
What does this have to do with me?
Framed in the perspective of public health, cyber security is an issue that concerns everyone.
If, like polio, over 90% of the Internet-connect populace were immune to ransomware, what motivation remains for hackers to continue developing exploits and writing malicious code? The cost-to-benefit analysis would be a quick calculation: the risk of deploying a cyber attack would outweigh the peanuts that attackers stand to make off the 5% of computers still exhibiting vulnerabilities.
Ensuring that 100% of devices are exploit-proof is a pipe dream. But if we apply the ideas of herd immunity, we can see that the goal never was absolute immunization. Instead, it would suffice to balance the equation in such a way that cyber crime is an untenable career.
The question then becomes how to make a life of cyber crime unappetizing.
Washing our hands of accountability
There is more to public health epidemiology than distributing vaccines until we pass thresholds.
Consider the signs hanging in bathrooms all around the nation urging people to wash their hands. Spend one winter on a college campus and you’re sure to see plenty of warnings posted about hand washing, sneezing etiquette, and more. Over television and radio we receive public service announcements outlining precautions against the common cold and announcing schedules for flu shot season. Unfortunately, cyber security has no such mass public effort.
Often, the only groups preaching cyber health gospel are organizations that sell cyber security products or the creators of targeted software. This raises a question: where would we be if public awareness campaigns for cyber security were as prevalent as those for physical well-being?
Imagine strolling down a corridor and spotting a sign on the wall asking “Have you updated your firmware yet?”
Imagine a world in which school children were taught about phishing alongside the practice of covering their mouth when they cough.
Imagine if the end of every fiscal quarter heralded radio airtime dedicated to the whens, whys, and hows of data backup.
We may one day consider it myopic that mankind did not charge into the age of information on the wings of federally-funded education and information campaigns. The facts bear out that there is no such public health campaign for our cyber well-being. The onus for protecting our networks rests in our own hands. Despite a mirage of isolation, we find ourselves in a constantly more connected community.
A herd.
Firewalls.com continues to push for a larger umbrella of security for the Internet community not only because it benefits our own security, but that of the entire herd. Everyone has a stake in the outcome of this struggle. Encourage a culture of cyber security in your workplace. Host open discussions about Internet safety measures. Ensure that policies are in place and understood by employees.
While we do not all possess the skills and knowledge to be soldiers in a cyber crime war, we can take steps to provide the herd with a robust profile of immunization.
Whether you’re an organization of three employees or three thousand, you have joined a pool of potential victims. Firewalls.com has the expertise to make that pool a little shallower. Whether it be endpoint security suites, physical appliances, or managed services, cyber security solution providers want to guide you to the vaccines and best practices that simultaneously protect your organization and deny the bad guys another attack vector.
Firewalls.com is a value-added reseller of firewall appliances & a vendor of managed security and Firewall-as-a-Service support. Our engineers are rigorously trained and certified by all of the major manufacturers that we partner with. Whether you’re looking to add an appliance to your security set-up or seek ongoing support from seasoned experts, we can provide the security solutions necessary to get you secure and keep you secure. Contact one of our knowledgeable sales staff to answer any questions you may have about your network, our firewalls, or endpoint protection!
Without peeking, tell me the number of Internet-connected devices in the room with you. How about in the whole building? In 2017, it’s likely that the building itself is connected to the Internet. Whether it be through mobile-controlled thermostats, security cameras, or the traffic lights right outside your window, you live in a reality in which an Internet-capable device is likely within a few steps of you at any given time. This is the Internet of Things. And while the name doesn’t seem all that inspired (the term was coined by Kevin Ashton of MIT’s Auto-ID Center in 1999), it describes a nebulous world of Wi-Fi, RFID, and microcode that affects just about every transaction and interaction throughout your day.
As years pass, the Internet of Things grows. When an app is launched allowing you to refill your dog’s food bowl while you’re at the office, the Internet of Things grows. When cutting-edge garden tech allows you to water your herbs from halfway around the globe, the Internet of Things grows.
It is important to understand, though, that the IoT is not Skynet biding time to build its cyberspace army. The IoT is used to automate inventory and improve communications between people. It assists in search and rescue operations and monitor heart implants. Nonetheless, for all of the good that the IoT is capable of, it nurtures growing security risks as well.
So What is the Internet of Things?
The Internet of Things is an umbrella term describing the vast array of Internet-accessing devices that we interact with on a daily basis. This includes mobile devices, vehicles, buildings, thermostats, home appliances, street cameras, air purifiers, refrigerators, childrens’ toys, and much more. Objects that possess sensors, software, or microchips are known as cyber-physical systems and likely to fall under the IoT umbrella. The concept is hard to wrap your head around because it reaches across every industry and every channel one could imagine.
The great fear in the cyber security world in regards to the IoT is a potential for hackers to remotely access and control devices over networks shared by the IoT.
Welcome Aboard: An IoT Metaphor
Let’s picture the Internet of Things as a cruise liner. The klaxons sound in response to an engine room breach–in the case of the IoT, a hacker; in the case of our cruise liner, a hole in the haul—and seamen begin to combat the leak.
Water-tight hatches are sealed between various compartments of the ship, ensuring that water coming in through the engine room is unable to spread into neighboring compartments. However, in our IoT analogy, there’s an open pipe running from the engine room to the officers’ quarters because the sailors requested soda fountains. Another pipe runs from the engine room to the storage compartments because water is needed to humidify the air. A third set of pipes runs between the engine room and the ballast compartments for regulating buoyancy. Even though the maintenance team has sealed off all the main hatches between compartments, the leak continues to spread through the innumerable channels made possible by the demands of the crew.
Issues of IoT Vulnerability in the Real World
Devil’s Ivy – On July 18th, 2017, Senrio released an in-depth write-up of an IoT zero-day exploit dubbed “Devil’s Ivy.” The threat was discovered in an Axis Communications M3004 security camera. The exploit was made possible thanks to an open source toolkit called gSOAP, which boasts over one million downloads and counts IBM, Microsoft, Adobe, and Xerox among their customer base. Senrio claims “It is likely that tens of millions of products—software products and connected devices—are affect by Devil’s Ivy to some degree.” But don’t take our word for it, check out the video published by Senrio Labs below.
FBI Announcement for IoT Toys – On Monday the 17th, the Federal Bureau of Investigation issued a consumer notice to parents warning them of the threats associated with Internet-connected toys. As interactive toys grow in popularity, toys are being made with sensors, microchips, data storage, microphones, cameras, and more. The FBI warns that these types of toys may be used to compromise the privacy of children. The Public Service Announcement can be found here.
IoT Security is Expensive – The costs associated with IoT security are rapidly growing to keep pace with the sheer size of the Internet of Things and the ripe potential for bad guys to exploit it. According to a white paper published by Altman Vilandrie & Co., the IoT is projected to encompass 18,000,000,000 devices by 2022. That’s more than double the number of human beings on the planet. Altman Vilandrie also estimated that spending on IoT security will outgrow spending on “traditional” cyber security at a rate of nearly two and a half times.
Passenger Drones Over Dubai – And the award for “Most Terrifying Place to Learn About IoT Breaches” goes to… the inside of a passenger drone hovering hundreds of feet above the ground. Dubai has announced its intention to implement passenger-carrying quadcopters as exasperatingly luxurious taxis in the summer of 2018. Passengers will have no manual controls, relying instead on Internet-connected GPS to deliver them at their destination. Keep an eye out for this new cyber security threat to become a special effects whirlwind shoehorned into the next James Bond film!
Optimizing Security for the IoT
Disable UPnP – Many firewalls and routers possess a feature known as Universal Plug and Play (UPnP). This setting allows a device to plug into a network and configure itself, making it more convenient and mobile. However, this extra versatility comes at a price: security experts believe that UPnP may allow exploits to automatically jump from the IoT to the network during configuration. Once your appliance is positioned, it is a great idea to disable UPnP. Learn more about UPnP from our friends at Sophos.
Strengthen Your Passwords – Yes, this is the same advice we give to those seeking to optimize their more traditional cyber security. However, the IoT carries with it further complications in this arena: in many cases when one wants to set a password, they are presented with a numpad and asked to enter a 4-digit PIN. This can make it difficult to secure your devices with strong enough passwords. We suggest that you create a unique password for each device. Yes, it will mean that you have a lot more passwords to keep track of, but it does protect your data in case of a breach.
Patch Your Firmware – Wow, I think we’ve heard this one before too! Again we cannot stress enough the importance of keeping your security patches and firmware up to date. If you dissect most major cyber attacks, you will discover over and over and over that the affected demographics tends to gravitate around those who shrug and ignore the latest updates. In the IoT world, firmware may also sometimes be referred to as “microcode.”
Segregate IoT Devices to Your Guest Network – Many businesses now provide guest networks that remain overtly separate from their private network. Doing so provides the peace of mind that some schmuck on the street isn’t going to walk into your lobby, connect to your wireless network, and spread his nasty bugs around your system. If possible, try to quarantine as many IoT devices onto this guest network as possible. This way if a breach does occur, your most precious data is sheltered.
The cyber security industry absolutely buzzes with excitement, anxiety, and doubt when the discussion turns to the Internet of Things. It is an explosive matter. The IoT will continue to grow. Its ability to make our lives more convenient and connected will continue to grow. So too will the threats and vulnerabilities that it represents. Expect to see high-profile news stories revolving around Internet-connected objects and expect to see your budget in this area balloon as the IoT expands. From cars to toys to cameras, every industry and interest contributes to the ever-expanding galaxy that is the Internet of Things.
Firewalls.com is a value-added reseller of firewall appliances & a vendor of managed security and Firewall-as-a-Service support. Our engineers are rigorously trained and certified by all of the major manufacturers that we partner with. Whether you’re looking to add an appliance to your security set-up or seek ongoing support from seasoned experts, we can provide the security solutions necessary to get you secure and keep you secure. Contact one of our knowledgeable sales staff to answer any questions you may have about your network, our firewalls, or the Internet of Things!
