Tag Archive for: Switches

Outdated switches targeted by China-linked hacking campaign

/in


The FBI thwarted a hacking group backed by the Chinese government that was targeting hundreds of routers and had been working to compromise U.S. cyber infrastructure, according to FBI Director Christopher Wray.

Wray made the announcement at a House Select Committee hearing. The group, codenamed “Volt Typhoon,” hacked into hundreds of routers primarily used in home offices and SMBs to allow the Chinese government to access their data.

Wray told the committee that the routers were outdated, which made them “easy targets.” The routers together formed an assembly of malware-infected devices, known as a botnet, which the threat group could use for launching an attack against U.S. critical infrastructure, the FBI said in a statement on Jan. 31

The routers were just the starting point. The hackers were using them as a launchpad to target U.S. water treatment plants, the power grid, oil and natural gas pipelines, and transportation systems, according to the FBI.

On Feb. 7, the Cybersecurity And Infrastructure Security Agency (CISA) along with the FBI issued guidance for owners of these routers to secure them. This includes applying patches for internet-facing systems, prioritizing patching critical vulnerabilities in appliances known to be frequently exploited by Volt Typhoon, as well as implementing phishing-resistant multifactor authorization (MFA) and ensuring logging is turned on for application, access, and security logs and store logs in a central system.

CISA and the FBI have not publicly disclosed which models of switches are vulnerable, perhaps to protect them from being targeted by other bad players. We do know that they are made by Cisco, Netgear, and D-Link and that they are older models no longer available for sale. Security firm Lumen Technologies has been tracking Volt Typhoon and identified Netgear ProSAFE firewalls, Cisco RV320s, DrayTek Vigor routers, and Axis IP cameras as the targets.

Source…

Planes dropping out of the sky. Your mobile rendered useless, just like your car. As a Netflix film portrays a nightmare that security experts insist is a very real prospect… How will YOU survive on the day an enemy state switches off the internet?

/in




An oil tanker ploughs into a tourist beach. Planes fall from the sky. Driverless cars run amok. The internet fails and the mobile network dies. Feral instincts take over as people fight for food, water and medicine amid the ruins of civilisation.

That is the nightmare vision depicted in Leave The World Behind, Netflix‘s recent hit film starring Julia Roberts and Ethan Hawke as a couple battling societal breakdown when the technology that underpins civilisation collapses.

It’s fictional, but it touches on deep-seated, real-life fears.

The film is produced by Michelle and Barack Obama‘s company, Higher Ground. The ex-president was closely involved in shaping the plot, which dramatises many of the cyber-security issues on which he was briefed during his eight years in the White House.

For our 21st-century lives are almost entirely dependent on complex technologies that many do not understand — and that can so easily be exploited by our enemies.

Maintaining a car, for example, was previously a job for any competent motorist and their local mechanic. Now our vehicles are computers on wheels, their inner workings a mystery.

A scene from Leave The World Behind. The film is produced by Michelle and Barack Obama’s company, Higher Ground
A nightmare vision of the future is depicted in Leave The World Behind, Netflix’s recent hit film starring Julia Roberts and Ethan Hawke as a couple battling societal breakdown when the technology that underpins civilisation collapses

We used to navigate with paper maps and landmarks. But with his car’s satnav out of action, Ethan Hawke’s character Clay Sandford is unable even to find his way to the nearby town.

Our telephone system used to run on sturdy copper wires, with handsets you could fix with a screwdriver. Now it is a branch of cyberspace.

So, too, is finance. Remember when a credit card’s embossed number left an imprint on a paper slip? Not any more. Our payment system depends wholly on electronic encryption.

What use is cash in the modern world? In the film, with the internet gone, it becomes a prized asset.

If the technologies we rely on break down, many of us will be as helpless as Hawke’s Clay Sandford. ‘I am a useless man,’…

Source…

Evil Corp Switches to Ransomware-as-a-Service to Evade US Sanctions

/in


Evil Corp—or at least a hacking group affiliated with it—is mixing things up.

Mandiant reports(Opens in a new window) that a threat actor it’s been tracking as UNC2165 appears to be related to the cybercrime group, which was sanctioned(Opens in a new window) by the US Treasury Department in 2019 for using “the Dridex malware to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft.”

Those sanctions prevent organizations from paying a ransom to restore access to their systems. Financially motivated threat actors like Evil Corp aren’t targeting organizations for the fun of it, or looking to further a nation-state’s agenda, so they have to maximize their chances of getting paid. That means they need to make it harder for their victims to identify them.

A timeline of ransomware strains used by groups affiliated with Evil Corp

Which is why Mandiant says that hacking groups affiliated with Evil Corp have used a variety of ransomware strains over the last two years. The groups initially used WastedLocker(Opens in a new window), but after that ransomware’s connection to Evil Corp was revealed, they switched to a ransomware family known as Hades(Opens in a new window). Now they’ve started using a ransomware-as-a-service (RaaS) called Lockbit.

Mandiant says that using a RaaS offering makes sense for groups affiliated with Evil Corp:

Recommended by Our Editors

Both the prominence of LOCKBIT in recent years and its successful use by several different threat clusters likely made the ransomware an attractive choice. Using this RaaS would allow UNC2165 to blend in with other affiliates, requiring visibility into earlier stages of the attack lifecycle to properly attribute the activity, compared to prior operations that may have been attributable based on the use of an exclusive ransomware. Additionally, the frequent code updates and rebranding of HADES required development resources and it is plausible that UNC2165 saw the use of LOCKBIT as a more cost-effective choice.

The company says it expects similar groups “to take steps such as these to obscure their identities in order to ensure that it is not a limiting factor to receiving payments from victims.”…

Source…

ATEN: Safeguarding healthcare servers and data security with KVM Switches

/in



Read Article

As healthcare institutions become increasingly digital, their valuable data and operations are at greater risk, but hardware-level solutions can provide enhanced protection.

The healthcare industry is quickly adopting new technologies as it transitions to a digital future, and as such its attack surface is growing and making it more vulnerable to cyber security threat actors. It’s not only mission-critical medical equipment and clear data visualization that requires features such as fast access and high-quality video; it’s the entire healthcare IT infrastructure that needs safeguarding. The number of attacks on healthcare institutions grew by 55% in the US in 2020 and affected more than 26 million patient records as a result. The majority of these breaches, or 67.3%, came as a result of hacking and other IT incidents. Thankfully there are hardware solutions that can stop threat actors in their tracks. Here we will explore the key benefits of secure KVM (Keyboard-Video-Mouse) switches to ensure safe connectivity and optimize management of a group of computers or servers and prevent cyberattacks.

How to safeguard healthcare data at the hardware level

The first step is to limit physical access to the server room. The second step is to limit access and implement monitoring at the hardware level. At the same time, it is important to give IT managers the flexibility to access servers from anywhere.

This is where a KVM switch can help. The key benefits of using a KVM switch are:

1. Secure access: KVM switches are dedicated switching devices designed to avoid unauthorized access, guarantee data isolation, and are optimized for accessing computers at various security and authority levels.

2. Multiple computers / server control: Users get quick, easy access to multiple PCs or servers from a single workstation, be it an LCD console in a rack, a browser on a remote computer, a dedicated console or centralized management software.

3. Remote access: KVM over IP switches allow access within a local or worldwide network. Registered users have different access levels and simultaneous access can be allowed to operate the various servers independently.

4. Activity…

Source…