cyber security

INTERNET OF THINGS - ARE YOU VULNERABLE?

OVERVIEW

One of the latest trends to hit the cyber security landscape is that of the Internet-of-Things (IoT) device. We take a look at what IoT really means, why it matters to us, and what can be done to protect against the new threat that it presents. 

Data waves.jpeg

WHAT IS IOT, WHY DO I CARE?

In short, IoT refers to the many different types of ‘Smart’ devices that surround us in our daily lives. Figuratively, ‘smart’ means they are likely to be innovative and somehow make our lives easier than they were with the incumbent ‘dumb’ devices. Literally, ‘smart’ means the device has a computer in it.  Typical IoT devices that we are likely to see in our daily lives are:

  • Home Automation Systems - such as Wireless Thermostats and Intelligent Light bulbs

  • Wearable Devices - Wearable Devices such as watches and health monitors

  • Internet Connected Electronics - Smart TV's, speakers, and virtual assistants like Amazon’s Alexa.

What these devices all have in common is that they all need to use software written by humans, and since to err is human, this means that that they will have vulnerabilities that can be exploited. Further, to make the situation even more problematic, these devices are connected to the internet, don’t have the capacity to run anti-virus software, and function, rather than security, is the priority in their development. This means that these devices usually offer a better opportunity for malicious actors to exploit the device and get a foothold into your private world.  Additionally, IoT devices are often not centrally managed and/or monitored and this often means that software security updates are rarely applied - that is of course if they are made available at all by the vendors.

Facilities Management.jpeg

“Connected devices will have vulnerabilities that can be exploited”

DO I HAVE ANY IOT DEVICES IN MY BUSINESS?

There are billions of IoT devices that are assisting businesses in doing their day to day activities. Many businesses are embracing the new opportunities that these devices bring, for example road haulage companies can use IoT to track driver’s locations and reduce insurance premiums. Other companies are utilising IoT devices in the domain of Building Management Systems, which includes control of heating/ventilation, and site security (video cameras and door access systems for example). There is also a plethora of devices that you may not think are Smart devices that exist within the enterprise. For example, Video Projectors and TV’s often have a network connection that could provide a malicious actor with the perfect backdoor and pivot point to move around your network environment.

Line of data.jpeg

“There are a plethora of devices you may not realise are ‘smart’ in the enterprise”

AN IOT ATTACK SCENARIO

It is useful to outline a typical attack vector to demonstrate the vulnerabilities that exist within many businesses as a result of their IoT devices. For some background, most modern meeting rooms either have a high-end projector or a TV to enable the traditional PowerPoint presentations to be shown in all their glory. As such, companies have been moving to using high-end consumer devices so their 60 inch displays and vibrant colours will wow customers and colleagues alike. However, many of these high-end devices are ‘Smart’ TV’s whose software was developed to allow home users to stream video from the internet or catch-up on the latest box sets. This means that they are running a full operating system that has been developed with consumer features in mind, and enterprise security is a secondary concern.  

In this scenario, let’s imagine that a smart TV has been installed in a board room for a year now and it has been disconnected from the internet. Within the last few weeks the TV has been showing on the display that the on-board software is out of date and it urgently needs an update to improve security. Helpfully a member of staff has realised that this message was getting on the nerves of the presenters and thought the easiest way to solve the issue is to plug the TV in to the spare network connection that is sitting right beside the TV. This in itself is not an issue as of course patching to the latest software is a great security feature, or is it? 

Loose cable.jpeg

“Plugging the smart TV into the network allowed it to install important security updates”

Behind the scenes the Smart TV now happily goes off to the internet and downloads a new software update that enables a new feature of the device, voice recognition to enable hands free control of the TV. Voice recognition works by sending a stream of audio from microphone on the TV to the internet (typically a server that is geographically different from where the TV is located) where the number crunching for the recognition is actually done and the results are streamed back to the TV to decide on what operation to perform (change Channel/Volume Up Down etc). Interestingly, the loss of control of data may be considered a breach (under GDPR for example) depending on the data, its classification and the regulations a company may need to comply with.

In effect what you now have is a spy in the board room. Every conversation that you have in that room is now streamed to another company in potentially another country for detailed analysis, this seems to be a great way to lose important intellectual property or business confidential information. But the risk does not diminish over time as unfortunately there is also the potential now for malicious software to identify this device and exploit any vulnerabilities that are present and then pivot in to the connected network opening up a whole other set of risks.

This scenario outlines just a single case of how the advent of smart devices can open up a new attack vector within your business and additionally how hard it is to prevent this sort of threat being realised.  Before you think, “that will never happen to us,” we’ve seen this happen on more than one occasion.

HOW TO PROTECT YOUR BUSINESS AGAINST THE IOT ATTACK VECTOR

Whilst we cannot cover all of the different IoT attack vectors (there are likely to be thousands) there are some steps that your business can take to reduce the risks associated with the rise of IoT devices.

Here are our top five things to think about when you are looking at protecting yourself from the IoT based threats:

  1.   Know what devices you have in your business – at the end of the day you cannot protect what you do not understand. This means that you should be keeping an Asset Register/Inventory and network diagram of all devices in your company so you can look for vulnerable devices and weaknesses that present themselves.

  2. Training and Policy Definition – work with your team to recognise where the risks of smart devices lie. Specifically telling users to check with IT before connecting new devices to networks or using company credentials to create accounts on IoT portals. Users should be trained and policies should be in place to stop unauthorised connecting of devices to the network.

  3. Invest in understanding your network and protecting it – a simple penetration test on the inside of your network can tell you a lot about what IoT devices you have, but this is fairly limited, really you want to be monitoring the network continuously to look for threatening behaviours of new devices and unusual device behaviour so you can assess the risk quickly and mitigate where necessary.

  4. Isolation of devices – design security in from the outset. Talk to your own departments and also subcontractors about whether they need to use smart devices and if so how they manage the security of the devices. Consider implementing network segmentation and multi-layered network protection, ideally by investing in a separate network that is dedicated to these types of device where they can be easily monitored and contained if required.

  5. Create policies that can be adhered to - don’t just ban IoT devices! The prevalence of IoT will mean that you will encounter them at some point and if you have not thought about risk mitigation then you will have an unpleasant surprise. Create some simple guidelines that users can follow to assist them in adding and managing IoT devices on the network.

While not an exhaustive list, these simple points can significantly assist you in identifying and protecting yourself against new and emerging threats.

Networks.jpeg

IoT Devices need to be embraced, that way they can be managed. Managing the implementation of IoT devices securely from the outset can save a lot of headaches down the line.

THE FUTURE OF IOT AND SECURITY OF CONNECTED DEVICES

Predicting the future is difficult,however some common near-term trends in IoT are:

  • Automation – devices interacting with each other to provide autonomous services. For example, your car will tell your home heating to turn up more when the driver is close to home and they have the cars heating on high. These features are likely to be enabled out of the box, so it will be important to know what communications devices will carry out automatically before bringing them into a network.

  • Smaller and smarter – devices are likely to get smaller and more disposable and existing devices will become more powerful. Networks of devices will ‘mesh’ to provide more advanced computing power.  This will likely mean devices will become harder to track, and harder to discover on a network.

  • More vulnerabilities and exploits – as the complexity and prevalence of IoTdevices increase so will the ability to exploit the devices. As devices become more prevalent, this in-turn will incentivise hackers to create more targeted malware to take advantage of this new generation of exploitable computers.

Perception Update - Version 2.5.2

Multiple improvements have been made to Perception in version 2.5.2, from increasing system performance to more advanced detection techniques.

Perception update blog header.png

The largest improvement is largely invisible, but makes the system configurable to allow processing limits to be applied to traffic received from the network, this increases stability of the system as a whole as it protects against bursts of network traffic.  There have been more under the hood changes as we have also upgraded the underlying operating system to the latest version.

More user facing changes include updates to some ForensicAI alerts to include scoring and suppression, further increasing confidence of a detection all while reducing any false alerts. This is part of ongoing work to bring all ForensicAI capability up to the same standard. 

 

A full list of updates are below:

  • Patch release to address issue with Nginx package install.
  • Added configuration options to allow processing limits to be applied to traffic received from the network.
  • Improved log file management.
  • Patch release to address installation issues observed during upgrade from previous operating system.
  • System fully upgraded to run on latest version of operating system.
  • Updates to lateral and egress HLCs to include scores and suppression.
  • Addition to ransomware extension list.

 

This update will be pushed to all managed customers at the pre-agreed upgrade time.  Self-monitored customers can update their own systems using the software upgrade processes.  If you have any further questions about this upgrade please contact us at info@perceptioncybersecurity.com

There’s a good chance you or someone you know has mined cryptocurrency, and you may not have even been aware of it.

There are thousands of Cryptocurrencies around today, following in the footsteps of the hugely successful Bitcoin, but they have really risen to prominence over the last 5 years.  Cryptocurrencies are, with few exceptions, decentralised digital currencies that don’t rely on a central administrator, where transactions take place directly between users.  Their prospect of being a worldwide currency with freedom of exchange and no control from governments or banks has made them massively popular as they are theoretically immune from the instability of fractional reserve banking.

Bitcoin, the largest and most popular cryptocurrency has rapidly grown in value over the last few years, making mining more and more popular

Bitcoin, the largest and most popular cryptocurrency has rapidly grown in value over the last few years, making mining more and more popular

Cryptocurrencies generally all function in the same way, a finite number of coins are ‘mined’ using computers solving difficult equations that get incrementally more difficult as the number of remaining coins reduce.  As a result, most mature cryptocurrencies like Bitcoin, Ethereum, Ripple, and Litecoin, take an enormous amount of computing power to mine new coins.  For a typical person attempting to make money by creating new coins using a home PC, the cost of power is far greater than the value of coins created.  However, utilising tools such as free sustainable energy powering advanced graphic cards or custom built ASICs can make this a profitable activity.

Which brings us onto the first example of mining cryptocurrencies you may have carried out.

Mining cryptocurrencies with proper authorisation.

There are a number of businesses that mine cryptocurrencies on an industrial scale, using custom built hardware and cheap or free energy.  They could try to find the most economical way of mining coins for profit in established cryptocurrencies, or they may be speculating and looking at the new and latest cryptocurrencies being released and estimating which ones will grow, and mine those while they are computationally cheap.

It’s not just dedicated businesses that do this, anyone can mine any cryptocurrency.  A single user may look to become part of a mining pool, where hundreds or thousands of different users share the computational effort of mining, and then share the spoils when a new coin is mined.  They could even single-handedly try to find a way to mine coins using power cheap enough that it’s profitable without the help of a mining pool.  Which brings us onto the next method of mining cryptocurrency that you may have encountered (but hopefully not)

Mining cryptocurrencies without proper authorisation.

Another way of reducing the personal cost of mining is to use power that you do not pay for.  This makes it free for the user in the most unethical sense of the word.

When Bitcoin first grew quickly in late 2013, it caught the eye of a large number of speculative miners.  In November 2013 one Bitcoin was worth $200, within a month it had surged to over $1000.  This was the start of a large amount of mining, as people scrabbled to find cheap ways to mine Bitcoin fast (incidentally this rush reduced the price, it didn’t return to $1000 until another large spike in early 2017).

It was at this time that people started using hardware or power they didn’t own to mine Bitcoin.  This is at best unethical and at worst illegal.  Last year Vladimir Ilyayev, a computer-systems manager for the New York City Department of Education, was fined for using his work computer to mine Bitcoins in 2014.  Users with access to large cloud computing platforms have also been using spare computational resources to do the same.  Even here at Perception we see cryptocurrency mining on corporate networks that should have nothing to do with cryptocurrencies or even finance.

In this example, cryptocurrency mining is a policy violation on networks, but since early last year the growth of malicious use of mining has been massive.

There are a large number of cryptocurrencies available today, and people have used machines they don't own to mine them

There are a large number of cryptocurrencies available today, and people have used machines they don't own to mine them

Mining cryptocurrencies using malware.

Typically, malicious hackers make their living by holding organisations or individuals to ransom, stealing and selling data, or just buying easily liquidated goods using stolen information.

With the rise of cryptocurrencies however, one fact has opened up a new way for malicious hackers to make money: computational power can be directly exchanged for something of monetary value.  As a result, if hackers can create malware to leverage computing power, they can make money.

Although it had happened in minor cases earlier, this started in earnest in early 2017.  The most common examples use a tool called Coin Hive, a script which was originally designed for people to run on their own machines in order to become part of a mining pool as described above.  What malicious users do is hack into websites, install this script, and then any visitor to that site will be inadvertently mining cryptocurrencies.

Multiple websites have fallen victim to this, in October 2017 the BBC reported that websites of schools, charities, and file sharing sites were running the script.  Even the Information Commissioners Office (ICO) had their website affected by it in February, somewhat ironically being that they are the bastion of data control in the UK.

As cryptocurrencies gain in value, the use of this type of attack will grow since the rewards become greater, another massive spike in cryptocurrency value in December 2017 (Bitcoin rose to over $20,000 per coin at one point), only increased the number of cryptocurrency mining attacks that have been observed. 

But there could be a good reason to use these scripts on websites legitimately.

Mining cryptocurrencies on other users machines with their permission.

The internet is a colossal pool of information and content, but in the majority of cases, those who generate the content need to be compensate for their efforts.  Since the birth of websites the way to do this has been via advertising.  However, advertisements on the web have their drawbacks, not only can they be distracting for the user, but they are also the most common method of web-based cyber-attacks.  In many cases, ads being served on websites can be used to execute malicious code on the viewer’s machine without their knowledge.  The consequence of these drawbacks has been the rise in use of ad-blocking software in browsers.  Due to the security concerns, many IT teams mandate the use of up to date ad-blockers on their organisation’s devices.

So where does the money come from when all the ads are being blocked?  Cryptocurrency mining could, oddly, be the answer.  Websites can ask users that have ad-blockers to run cryptocurrency mining scripts on their machines while they browse as a way to bring in income to the website.  This has been in use for a while by cryptocurrency focussed sites using tools specifically designed for this purpose such as JSEcoin.  In February this year however, the US news website Salon.com implemented a feature where they asked users to either deactivate their adblockers or mine cryptocurrency to access their content.  A site with approximately one million viewers a month can make approximately £75-100 per month using these tools, putting them behind traditional advertising by a factor of between 2 and 10 in terms of profitability, but these tools use lesser known cryptocurrencies such as Monero, and the value could change very rapidly.

US news website Salon.com briefly gave visitors the option to allow Salon to use their machines to mine cryptocurrencies in lieu of seeing advertisements on the site

US news website Salon.com briefly gave visitors the option to allow Salon to use their machines to mine cryptocurrencies in lieu of seeing advertisements on the site

It’s not just websites that are looking towards mining cryptocurrency with the users permission.  This month, popular 3rd-party Mac Calendar app ‘Calendar 2’ gave users the option to unlock premium features (worth around £15) by allowing the app to mine cryptocurrency.  Unfortunately, the execution didn’t go entirely to plan and the app mined cryptocurrency even when the users opted out.  The developers, Qbix, have since removed this version of the app, but it does give us a look into a possible future where users are selling their unused processing power for software.

 

So in conclusion, someone on your network may be intentionally mining cryptocurrencies, inadvertently mining cryptocurrencies, or permitting a third party to use their machine to mine cryptocurrencies.  This isn’t likely to stop anytime soon, so it may be worth finding a way to detect when it’s happening.

Frost & Sullivan Recognises Perception as Most Innovative New Cyber Security Software

Frost & Sullivan has recognised Perception Cyber Security with its 2017 New Product Innovation Award, describing it as a "game-changing cyber security solution."

Perception was originally developed by Chemring Technology Solutions for the UK Ministry of Defence. Complementing existing computer network security systems, such as firewalls, intrusion detection systems, and antivirus software, Perception is a behavioural analysis system with no rigid rules-based architecture.

The award was presented at a banquet in London's Royal Garden Hotel

The award was presented at a banquet in London's Royal Garden Hotel

Dhiraj Badgujar, Analyst at Frost & Sullivan, said: "The increasing complexity of network security is becoming difficult for businesses to manage, leading to mistakes or gaps for attackers to exploit. With its deep learning capability and the ability to adapt based on changing network behaviours, Perception will enable enterprises to identify future advanced threats before they emerge."

The major differentiating factors of Perception are its ability to identify malicious activity without requiring prior knowledge of the threat, as well as alerting the user to potential vulnerabilities so they can be resolved before an attacker exploits them. This makes it more difficult for malware to evade detection and easier for analysts to proactively detect network vulnerabilities and user error.

As well as detecting threats and vulnerabilities as they happen, Perception uses artificial intelligence (AI) to intelligently interlink network events across months, weeks, and minutes, enabling large-volume data pattern analysis. This significantly improves "low and slow" threat detection capabilities, in addition to providing a low false alarm rate. Perception also detects the slow, unauthorised external extraction of information from the network, even when sophisticated obfuscation techniques are used.

Daniel Driver, Head of Perception Cyber Security, said: "Based on declassified work for national security agencies, Perception takes the fight against cybercrime to a new level. An award from the respected international analyst firm Frost & Sullivan's gives us an unbiased, third-party stamp of approval. The Perception development team truly deserved to be recognised in this way as it proves to us that we have created something truly unique in identifying advanced cyber threats."

For the New Product Innovation Award, Frost & Sullivan analysts followed a 10-step evaluation process to assess Perception's fit against best practice criteria, focusing on two key factors - New Product Attributes and Customer Impact.

About Frost & Sullivan 

Frost & Sullivan, the Growth Partnership Company, works in collaboration with clients to leverage visionary innovation that addresses the global challenges and related growth opportunities that will make or break today's market participants. For more than 50 years, we have been developing growth strategies for the global 1000, emerging businesses, the public sector, and the investment community.

Guardia Civil Invests in Perception Cyber Security

The Spanish Guardia Civil has chosen Chemring Technology Solutions’ Perception Cyber Security to protect its critical network assets from cyber-attacks, as well identify malicious insiders or other vulnerabilities within the network. The new contract follows a successful product evaluation by Perception and its Spanish partner Eleycon21. 

Guardia Civil Perception.jpg

Perception was originally developed for the UK Ministry of Defence and is the world’s first bio-inspired network security system. Once deployed, Perception will complement the Guardia Civil’s existing computer network security systems by identifying the potential threats they cannot.

Eleycon21 distribute and support the Perception product throughout Spain. Gabriel Crespo, Managing Director of Eleycon21, said: “Perception offers a ground-breaking approach to identifying advanced cyber threats and it will deliver the Guardia Civil a distinct advantage. We are therefore delighted to be partnering Perception Cyber Security in the delivery and support of its technology in Spain.”

As Perception is a network behaviour analysis system, it has no rigid “rules-based” architecture and adapts to the network’s changing profile to automatically identify malicious activity, making it more difficult for malware to evade detection. It will also detect the slow, unauthorised external extraction of information from the network, even when sophisticated obfuscation techniques are used.

Daniel Driver, Head of Perception Cyber Security, said: “Eleycon21 has an in-depth knowledge of the dangers posed by today’s more sophisticated network security threats, and they are committed to ensuring that Spain’s leading organisations have the robust cyber protection required to combat them. Their work alongside Guardia Civil in deploying Perception is a demonstration of their commitment to this endeavour and we are delighted to support them.”