It has been about a month since the WannaCry outbreak, so you would think the impact of it would be virtually gone. Just because the mainstream news doesn’t cover it or other ransomware attacks, doesn’t mean organizations and businesses are fighting every day against cybersecurity attacks.
One such example: a Honda production plant in Japan. Some older computers – or endpoints – weren’t taken into account and got infected. Out of sight, out of mind. All it takes is one exposed endpoints to compromise a network. In Honda’s case, it took two days to restore the plant production.
One of the biggest reasons why malware, especially worms such as WannaCry, are able to spread so quickly is via exposed ports on the public Internet. Many Windows machines, for example, expose themselves via highly vulnerable ports such as SMB port 445 file-shares. Technically speaking, this port really shouldn’t be open by default, but somehow is.
I was in the hospital this past week, but thank goodness I got discharged this past Friday. It was scary to say the least. However, if anything, the blogging must go on.
In light of all the security news nowadays, these are the easy ways end-users get hacked in the first place: https://www.darkreading.com/attacks-breaches/how-end-user-devices-get-hacked-8-easy-ways/d/d-id/1329107 – some methods not so surprising.
It used to be that being that IT guy meant setting up computers and email servers. In today’s world, that simply isn’t the case anymore. Due to the rise of cybersecurity threads and the increasing demand for “security professionals,” that means those who were tasked with setting up hardware and your office printer are now transferring their skillsets (warning: paywall) to protecting your network from malware and other threats.
At least, at last, companies are taking cyber security more seriously than ever before.
It has been a busy, eventful week so far, so I wanted to just briefly touch on a fairly new technology within the Apache umbrella: Metron. It’s described as “real-time big data security.” Full of buzzwords there, but it’s part of that cyber security space I’m in that is all about collecting data and metrics to immediately respond to network threats. In other words, a technology to keep watch on.
Of course, the big security and tech news last weekend was the WannaCry ransomware cyber attack that hit multiple countries and infected thousands of PCs. For those uninitiated with the idea of ransomware, it is a form of malware that encrypts personal files on your PC and then demands payment – or ransom – in order for your files to be decrypted and recoverable. Often times ransomware, such as WannaCry, will warn users that if payment is not done after a certain amount of time, all the affected files will be deleted. Often users will pay because they don’t have a backup of those files available, unfortunately.
WannaCry became such a big media frenzy that I didn’t really want to touch on it too much. It was worth mentioning only because if you’re in security, you can’t really ignore it.
I did want to touch on more about the insecurities of SMS “two-factor” authentication. Two words: it’s bad. My bank uses SMS authentication; many of my social media accounts use SMS authentication; many of the services I use only offer SMS authentication. It’s a false security blanket as the protocol used for sending and receiving text messages can be easily intercepted by determined cyber crooks. Ultimately, it really isn’t “two-factor” at all since phone numbers can be spoofed to match a user’s existing phone number. Whereas Google Authenticator and other similar services are far more secure because they generate unique, time-based codes that aren’t going to get incepted like SMS text messages. It’s just for some reason SMS became the default because it’s “easy.” Again, it’s always a balance between convenience and security for users and often convenience tips the balance far too much on its side.
So, I just ‘Wannacry’ at the “two-factor” authentication most users have at their disposal. Then again, how do you tell grandma to use Google Authenticator? Nowadays, it’s not just teaching grandma how to use her phone, but how to keep the data on her phone from getting stolen and being exploited.
Maybe we just need to have a chain of “five-factor” authentication methods like this to be truly secure.
Nowadays, many of us own a so-called IoT (Internet of Things) device in our homes. For example, if you own an Amazon Echo connected to a smart plug (which my household has), you have at least two separate IoT devices working together. It seems that the popularity of IoT will keep expanding for years to come as the demand of such smart devices increases and become much cheaper to own (although I have to say a smart fridge is a still a stupid idea).
Unfortunately, IoT devices often come shipped with a significant flaw: security – or the lack thereof. Since these devices require some kind of Internet connectivity, the hardware and firmware for such devices tend to be rudimentary at best, just enough to get it connected to an access point without regard to basic security practices. The underlying software, or operating system, is often in an unpatched state and likely to never get further security updates as a standard Windows, macOS, or Linux PC would. These vulnerabilities were the basis for the Mirai botnet spread across various networks across the world. As IoT becomes the norm in many – or most – households in the developed world, then it becomes immensely imperative that the security built into these devices are up-to-date and can be easily kept up-to-date – easier said than done, of course.
Poor implementation of a shipped IoT product is described by one as an ugly baby. Perhaps. I would say the ugly is about to get uglier should vendors fail to do what’s responsible in an age where security is paramount.