Tag: Outdated | SpinSafe

Outdated switches targeted by China-linked hacking campaign

February 12, 2024/in Computer Security

The FBI thwarted a hacking group backed by the Chinese government that was targeting hundreds of routers and had been working to compromise U.S. cyber infrastructure, according to FBI Director Christopher Wray.

Wray made the announcement at a House Select Committee hearing. The group, codenamed “Volt Typhoon,” hacked into hundreds of routers primarily used in home offices and SMBs to allow the Chinese government to access their data.

Wray told the committee that the routers were outdated, which made them “easy targets.” The routers together formed an assembly of malware-infected devices, known as a botnet, which the threat group could use for launching an attack against U.S. critical infrastructure, the FBI said in a statement on Jan. 31

The routers were just the starting point. The hackers were using them as a launchpad to target U.S. water treatment plants, the power grid, oil and natural gas pipelines, and transportation systems, according to the FBI.

On Feb. 7, the Cybersecurity And Infrastructure Security Agency (CISA) along with the FBI issued guidance for owners of these routers to secure them. This includes applying patches for internet-facing systems, prioritizing patching critical vulnerabilities in appliances known to be frequently exploited by Volt Typhoon, as well as implementing phishing-resistant multifactor authorization (MFA) and ensuring logging is turned on for application, access, and security logs and store logs in a central system.

CISA and the FBI have not publicly disclosed which models of switches are vulnerable, perhaps to protect them from being targeted by other bad players. We do know that they are made by Cisco, Netgear, and D-Link and that they are older models no longer available for sale. Security firm Lumen Technologies has been tracking Volt Typhoon and identified Netgear ProSAFE firewalls, Cisco RV320s, DrayTek Vigor routers, and Axis IP cameras as the targets.

Source…

EE, Sky, Virgin Media, TalkTalk and Vodafone customers ‘at hacking risk’ from outdated routers

May 7, 2021/in Computer Security

MILLIONS of internet users could be at risk of hacking attacks due to using outdated routers from their broadband providers that have security flaws, a new investigation has revealed.

Households across the UK are using their home broadband more than ever, to work, educate their children or keep in touch with loved ones.

According to Ofcom full-fibre broadband is now available to over 437,000 (17%) of premises in Scotland – an increase of over 238,000 premises and the highest year-on-year increase seen so far in Scotland.

The rise is largely due to the continued investment in the rollout of fibre networks in Scotland from providers included last year, such as Openreach, Virgin Media and CityFibre.

Around 1.1 million homes in Scotland (42%) can get 1GB broadband, which includes full fibre services and Virgin Media’s fastest cable package. Scotland has the second highest availability of any UK nation.

READ MORE: Thousands of wireless cameras in Scotland ‘hacker-vulnerable’

According to new research many are unaware that old equipment provided by internet service providers (ISPs), including EE, Sky, TalkTalk, Virgin Media and Vodafone, could be putting them at risk of hackers spying on what they are browsing online or even directing them to malicious websites used by scammers.

The consumer organisation Which? has issued the warning after it investigated 13 old router models and found more than two-thirds, nine of them, had flaws that are likely to fail to meet requirements proposed in upcoming government laws to tackle the security of connected devices.

The legislation is not yet in force and so the ISPs are not currently breaking any laws or regulations.

Lab tests identified a range of security risks with the routers which could potentially affect around 7.5 million people.

Around six million people within this group of users could be using a router that has not been updated since 2018 or earlier, Which? said.

This means the devices have not been receiving security updates which are crucial for defending them against cyber criminals.

Problems with the old router models include having weak default passwords, which in certain…

Source…

Outdated routers putting internet users at risk, claims Which?

May 6, 2021/in Internet Security

Share

Millions of internet users could be at risk of hacking attacks because they are using outdated routers from their broadband providers that have security flaws, a Which? investigation has found.

Households across the country are using their home broadband more than ever, to work, educate their children or keep in touch with loved ones.

But many are unaware that old equipment provided by internet service providers (ISPs), including EE, Sky, TalkTalk, Virgin Media and Vodafone, could be putting them at risk of hackers spying on what they are browsing online or even directing them to malicious websites used by scammers.

Which? investigated 13 old router models and found more than two-thirds, nine of them, had flaws that would likely see them fail to meet requirements proposed in upcoming government laws to tackle the security of connected devices. The legislation is not yet in force and so the ISPs aren’t currently breaking any laws or regulations.

The consumer watchdog’s lab testing identified a range of issues with the routers. These security risks could potentially affect around 7.5 million people, based on the number of respondents who said they were using these router models in Which?’s nationally representative survey.

Around six million people within this group of users could be using a router that has not been updated since 2018 or earlier. This means the devices have not been receiving security updates which are crucial for defending them against cyber criminals.

The problems uncovered by Which?’s lab tests on the old router models that failed were:

Weak default passwords, which in certain circumstances could allow a cybercriminal to hack the router and access it from anywhere;
a lack of firmware updates, which are vital for both security and performance;
a local network vulnerability issue with the EE Brightbox 2. This could give a hacker full control of the device, and for example allow them to add malware or spyware, although they would have to be on the network already to attack.

The survey also suggested that 2.4 million users haven’t had a router upgrade in the last five years.

Which? is concerned that many customers are being left using old kit,…

Source…

Outdated computer system exploited in Florida water treatment plant hack

February 11, 2021/in Computer Security

Investigators are still trying to determine who’s behind the hack.

February 10, 2021, 11:20 PM

4 min read

An outdated version of Windows and a weak cybersecurity network allowed hackers to access a Florida wastewater treatment plant’s computer system and momentarily tamper with the water supply, federal investigators revealed in a memo obtained by ABC News.

The FBI’s Cyber Division on Tuesday notified law enforcement agencies and businesses to warn them about the computer vulnerabilities, which led to the Bruce T. Haddock Water Treatment Plant in Oldsmar being hacked on Feb. 5.

The plant’s computer systems were using Windows 7, which hasn’t received support or updates from Microsoft in over a year, according to the FBI.

“The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security and an outdated Windows 7 operating system to compromise software used to remotely manage water treatment,” investigators wrote in the report. “The actor also likely used the desktop sharing software TeamViewer to gain unauthorized access to the system.”

The hacker was able to use remote access software to raise the levels of sodium hydroxide in the water from about 100 parts per million to 11,100 parts per million for a few minutes, according to investigators. Sodium hydroxide is used in liquid drain cleaners and used, in small doses, to remove metals from water.

A plant manager who noticed the hack as it unfolded was able to return the system to normal before there any major damage occurred, investigators said. The public was never in danger because it would have taken 24 to 36 hours for tainted water to hit the system if no one intervened.

The FBI and other law enforcement agencies are still trying to determine who was behind the…

Source…

Tag Archive for: Outdated