Presidio Blog

Where cyber intruders look first to find a way in

Written by Presidio | 26 Apr, 2018

 Internet-connected devices that live on a network’s edge are favourite targets of hackers.

It was simpler times way back in 2012, an era when many cybersecurity professionals may wish to return. Who then could imagine the destructive Shamoon computer virus, which shut down the network of oil giant Saudi Aramco, caused millions of dollars in damage and made headlines for its unprecedented effectiveness, would so quickly be considered basic by malware standards?

The Shamoon attack occurred by way of someone clicking on a malicious email link or plugging in a USB drive to infect PCs with the disk-wiping and data-exfiltrating program.

Fast forward to 2018 and malware has taken on a darker form — security researchers are sounding the alarm for attacks that are extremely difficult to detect. Retail point-of-sale (PoS) machines must contend with a regular onslaught of complicated malware that adapts its attack to individual systems to persist on them while evading detection.

And in a mind-twisting turn, some sophisticated malware doesn’t actually use malware to steal data and erase or lock hard drives for ransom. Instead, so-called fileless malware injects malicious code into the computer’s own running processes to accomplish its goals, rendering it invisible to most of the standard detection tools.

The trend is clear: Malware infections are growing more complex and dangerous. Meanwhile, even old malware scripts long used by criminals can be incredibly effective today.

This complex threat environment is the new normal, and business leaders must expect to deal with this digital reality everyday. Unfortunately, that’s not the only security concern they must confront.

As made evident in the ongoing PoS attacks, security managers must also keep their eyes on the explosive growth in new targets for cyber criminals — all of the machines and sensors connected together to make up the Internet of Things (IoT).

“Cyber criminals are pushing new attack techniques into advanced technology spaces, notably the IoT and chip processors,” wrote the authors of the 2018 SonicWall Cyber Threat Report. “These potential vectors for cyber attack are grossly overlooked and unsecured.”

Smarter malware, more targets

Shivaun Albright, HP’s Chief Technologist for Print Security, says she has watched companies’ potential attack surfaces evolve and expand massively in recent years. It’s no longer just PCs and servers that hackers are testing to gain access to business networks. Network-connected printers, mobile phones and IoT devices, such as thermostats and cameras, also become entry points for hackers.

Without proper security, any internet-connected device is an invitation to intruders hoping to exfiltrate sensitive data or crash business operations. And the real-world risk is substantial: An HP study found that up to 70 percent of the most common IoT machines currently on the market are susceptible to attack in a number of ways. On average, these devices had 25 vulnerabilities lurking in their software. With internet-connected machines flooding society — one forecast predicts that 30 billion devices will be online by 2020 — this is a serious issue that makers of IoT devices need to address without delay.

 

Late to the security party

Experts say manufacturers need to step up by building security into the core of all internet-connected devices, from servers to smartphones.

HP Print Security Advisor Jason O’Keeffe, an expert on hacking tools, has noticed that several computer and printer manufacturing vendors have started building security intelligence into their machines over the last few years. He says manufacturers in the exploding IoT space need to do the same.

“Anybody making IT purchases in any industry — those tasked with buying PCs, monitors, even LCD projectors — needs to ask the question, even if it sounds stupid, ‘What security are you building into these devices? Does your software development life cycle include security?'” O’Keeffe says. “Because if you’re not asking that question, I guarantee you that someone like me or a malicious actor will figure out a way to take that device and compromise it.”

Albright says the most important way tech manufacturers can decrease the vulnerabilities of their devices is to ship their products with secure settings. They should also add intelligence into the devices to detect anomalous behaviour indicative of an attack. This gives users and administrators the tools they need to take the appropriate action.

“All a hacker has to do,” Albright says, “is find one weak spot that is missing the appropriate security measures to gain access. This is why end-to-end security across all connected devices is so important.”

Check out HP’s latest eGuide, ”Hackers and defenders harness design and machine learning”, to see the most important steps your organisation can take to be more.