IoT, Home Networks, and the        Fine Art of Swatting…

Many years ago, while attending a conference, I heard a story about a Las Vegas Hotel that had their refrigerator hacked and the temperature turned up. It melted several hundred gallons of ice cream and the hacker had the refrigerator order a tractor trailer full of ice cream. Many people laughed and I thought “I foresee bad things coming…”

Fast forward to present day and I am mentoring a young intern. I asked him to investigate a cybersecurity article and as we discuss, the topic of IoT security in healthcare comes up. We discuss the possibilities for compromise in various scenarios and he says, “perhaps we shouldn’t be putting things on the internet.” I laughed and thought “too late.”

While we discuss many things for medical devices to smart cars, there is one frontier where people have yet to really believe that IoT security is an issue. The home. We are surrounded by “smart devices” and we take them for granted. The problem is, so do others.

Before we continue this journey, let me explain what exactly IoT is. IoT stands for the Internet of Things. Sounds simple, but what exactly is that? It is everything. Today we deal with refrigerators that order our groceries. We deal with SmartTVs and houses that we can control our lights, our heating and cooling, and even our best friend (like my buddy), Alexa. IoT encompasses our lightbulbs, works with our smartphones, and even is in automobiles, everything today seems “smart”, but sometimes we forget that it is still a potential issue.

We spend a great deal of our lives working in institutions like finance, healthcare, government, and even in the private sector surround by cybersecurity mechanisms like firewalls, Intrusion prevention, endpoint protection, and various other technologies. We are pestered every 90 days (hopefully) to change our passwords, make them complex, and drive us insane. This is all well and good, but now as people work from home, we have a new area of concern, the home. Here we use the same old router, never change the default passwords, use unsecure networks, and do crazy things. The only thing we need worry about is convenience. Who would hack us?

Great question. Let us ask the FBI. According to a great article posted on GBHackers on Security today, the FBI warns about a new type of attack that is far more dangerous than previous nefarious and treacherous acts. We can forget about the fact that hackers can hack your devices and introduce Ransomware and make your entire life defunct and we can even forget the playful acts of changing your channel or turning up your heat. Now we get to add this fun prospect… Swatting.

Sow what exactly is Swatting? Swatting is the art of making hoax calls to police and reporting that there is someone in a house, usually with weapons, and your life is in danger. Hackers in the past used technology to mask the number or spoof another number to cause Emergency Dispatch to send SWAT units and kick in the doors of innocent people. Sounds funny? Its not. This funny “joke” has caused serious healthcare issues and for some, the joke ends in tragedy, with loss of life.

Swatting is by no means a joke. What if there is a real emergency and people weren’t there to assist? What if someone gets killed? This is a serious issue, but the newest technique, hacking smart home devices that utilize voice and video, such as TVs, Smartphones, Cameras, etc. begs the issue perhaps its time to start securing our devices.

So that means we should buy firewalls, IPS, and all those security items for the house? Why yes, but I do not see that happening anytime soon. Many of the ISPs we use now offer some sort of security product, but it is worthless if we do not act ourselves to assist this and make it harder to hack. So what should we do? Here are a few suggestions.

                 Change default passwords. When you go to the store and buy the router, it has a default network and admin password. These are easily cracked and easy to find on most devices. Change the password and use a strong password. A strong password should be complex, not be a word, usually about fourteen characters and have a number and a symbol. If needed keep the password somewhere you can find it, but not where others can.

                Change the network ID. Many of these devices have a network ID, called a SSID, that includes the name of the manufacturer. This may seem trivial, but hackers can easily determine the manufacturer and find exploits that can make their job easy. Make them work for it.

                Update your router. Anyone in the field can tell you that every update fixes issues but also creates issues. Utilizing the most up to date code usually only requires a click of a button, and most today can do automatic updates. Make sure you consult the manufacturer if you have questions, that way you ensure you keep your device up to date, secure, and sometimes the updates make the device work more efficiently.

                Segment your network. Most devices have a home network and a guest network. There is a reason. Have guests use the guest network and make sure the password is entirely different than your home network. It is also a good idea to change your wireless network passwords regularly. This may seem inconvenient, but it beats the alternative.

                Do not use unsecure networks. Most of love using Public Wi-Fi and try to save on our data plans. When you do this, you run the risk of someone gaining access to your device. Once you return to your home network you just gave access to everything in your home. Couple that with the fact that most of us have al of our passwords, photos, personal information, and personal email on that device and the hacker has everything they need to make your life miserable.

                Use Strong encryption for your wireless key. When you look at the setup there are settings for WPA and WPA2. In some models there is also WEP. WEP is the least secure method and the minimum should be WPA. If possible utilize WPA2-Personal. The better the encryption, the harder to crack. Marry this with a complex password and it helps make your network more secure.

                Change your passwords. In today’s world computers are more powerful than ever. While we hate passwords, they are still a very large part of our environment. If needed utilize a password vault like Keepass or Lastpass. Couple this with Multifactor Authentication or biometrics such as Hello or FaceID and this helps protect you against unauthorized access to your passwords. This is ESPECIALLY important for email. If a hacker can get your email password it gives them an opportunity to use things such as the “Forgot Password” feature. Change your email password often and use some second form of authentication.

                Keep your IoT devices up to date. Everybody hates this but keep in mind if you do not keep your device up to date, hackers can utilize tricks to break into buggy code.

 Remember, the only thing that limits a hacker is their imagination. If you take a few simple precautions it may save your life., or at the very most, a visit from your local neighbor SWAT Team.

If you would like to view the article, please check out the article by S. Gurubaran on the GBHackers on Security site located at:

https://gbhackers.com/fbi-warns-of-swatting-attacks/

Ransomware - The stuff nightmares are made of. How to survive these malicious attacks

          photo courtesy of whyquantumphysicists.wordpress.com

     Recently, Jackson County Georgia is the latest victim to fall prey to Ransomware. They were kind enough to pay over $400,000 to recover all of their information that in their own words would have left them "crippled for months". You can read all about it here. That said, the first question everyone says is who is to blame?” The reality is that in this day and age it is extremely difficult to determine that. The problem is that there are so many ways to get ransomware, and no matter what precaution a person takes, there is always a chance they will get you. With the onset of cloud storage like Dropbox, Google Drive, and One Drive the potential for damage isn’t just for businesses, but also for consumers as well.

How it works     

     Ransomware comes in a variety of flavors. The latest, Ryuk, which is currently unencryptable, is just one more variant of the same disease. The problem is that this, like other diseases, tends to mutate to stay alive. This causes even the best of AntiVirus to be able to miss it. A person may become infected with ransomware  via email, file download from an infected website, or intentionally installing unknown software on a computer. There are those of us out there that remember when popular PC Magazines used to give away CDs with trial software and it had the big disclaimer “Not responsible for any viruses that these files may contain.” Ever wonder why?     

     The problem with Ransomware is that it is a true nuisance. What the virus does is completely up to the person or persons that have created it. Once the software gets on your computer, it places a well hidden file that creates a backdoor to “call home” to the attacker. Sometimes it is detected, sometimes it is not. The outcome can be anything from switching files around and changing names, to deleting files, or in worst case scenarios, stealing of data or encryption of data. The attackers then “hold the data for ransom” and expect payment in bitcoins (if they’re smart) which is virtually impossible to trace. This may net them sensitive data, health information, proprietary data, or any combination thereof.  

                       photo courtesy of gizmodo.com

Where does that leave us? Well it may be no big deal for you to go through the hassle of totally rebuilding your computer and losing all the data you have, but for most this is not an exciting possibility. It only impacts you right? Not quite. In most cases, the virus releases what is called a “worm”. This is appropriately named, because it slithers through the network without need for human interaction and wreaks havoc on others. The kids are going to love what you’ve done with that xbox... From a business standpoint, it can crawl through network shares and to other resources connect to the network and do quite a bit of damage. Good news. Some variants even seek out you email contact list and you get to send the gift that keeps on giving. Moms going to love that.

    So now that we have discussed this, what do we do about it? Here are a few things that may help you out.

    First, things first. Backup those files. If you can, use a system that allows you to keep some sort of versioning so you have multiple back ups. If is best to use a removable drive or thumb drive to keep these files in a safe place detached from the system.

    Second, the one that aggravates people the most. Allow updates. These updates not only help keep the system up to date, but they also patch “bugs” in the operating system so people can’t get in. Remember, by the time the patch comes out this bug is well known, and I assure you people are using it to take over machines.

    Third, when it comes to email, if you don’t know them don’t open attachments or click links. Attachments come in different shapes and sizes, and it isn’t always the zip file or the executable that is malicious. Today people embed files in word documents, spreadsheets, and even pdfs. You open it and away it goes. Even if you know the person, if you didn’t expect the email or file, call them and verify they actually sent it. They may be infected and not even know it.

    Don’t use pirated software or media. Many people try to cheat the system and save some money. They use key cracks, software that is on torrents, watch pirated movies, or download unauthorized music. These sites are breeding grounds for people to do malicious things and you are a willing participant. Not only is it illegal, but it may cost you more than if you simply purchased the media legitimately in the first place.

    Don’t user browser plugins. This one hurts. People love their coupon savers and other fun add ins, but these are nothing more than code that is added to the browser. Where there is code, there is malicious code.

    On that note, don’t visit risky sites. If it seems like you may be doing something questionable, someone else probably is as well. Listen to your browser. If it tells you this site is unsafe, it probably is. Clicking and going ahead is a recipe for disaster and defeats the purpose of what the security warning was trying to accomplish in the first place, protecting you.

    If you use Microsoft office regularly, disable macros by default. This way if you do open something, the script will have a harder time infecting you.

    Lastly, use a reputable antivirus suite and keep it up to date. If you are a business and the suite includes host intrusion prevention, set it so that applications cannot execute powershell without your permission. If you are a consumer, spend a few dollars. The free ones are of little use if they do not have behavioral checks. If it is free, that usually means you are the guinea pig that lets them know what needs added. Do you research and pick what is best for you.

    In the end, you best defense is common sense. We all get those periods where we are busy and tend to try to push through things we know we shouldn’t and we gamble. A great deal of times we win, but when we lose, we lose big. Ultimately, a few extra seconds can save you heartache in the long run.

And so it begins...

Hi! My name is Michael Mauk, and I have spent over 30 years in Cybersecurity. I have worked on everything from computers that were networked with Layer 2 switches, through Client Server networks attached to multilayer switches, through colocation, and now to the cloud. Through the years I have watched our ability to secure and defend mature and now as we move towards the cloud, well, now we get to start all over again.

Now don’t get me wrong, the basics are still the same, however, it is our mindset that has to mature. I decided as I moved into my cloud security architecture journey that I would take the time to share some of the information I have learned, and continue to learn, with you. I have learned a great deal, and it brought me to a realization. There is still much I do not know, and I thought, this may be a great opportunity to share with all of you some of the things I pick up, some of the advancements I make, some of the mistakes I make, and some of the resources I gather to attempt to become better at my craft.

I still enjoy penetration testing, and I still enjoy vulnerability research, as well as malware analysis, however, we are entering a brave new world. So each week, I will try to take some of the questions I get asked, and share them, as well as my responses with you.

Now, I want to add a disclaimer. I consider myself in no way an expert. What I am hoping is that as others read this they will chime in, share their experiences and also help to create a forum of intellects that work towards a common goal and that is protecting our data from the bad guys. With the onset of the cloud there have been many innovative ways to take advantage of our learning curve and find ways to annoy us. Sometimes we aren’t even aware of what people are doing with our data. I assure you there is nothing worse than someone showing up in your office with a nice shiny badge, informing you that 35 million of your records was discovered on a server in the dark web up for sale to the highest bidder. What is even worse is when you get that fateful call from IT that states that they found a nice text file on their share saying “Your records have all been encrypted and for ten bitcoin we’ll unlock it for you.” While we all say “well, that’s what backups are for,” realistically it isn’t always that simple.

That said I will talk about some of the hot topics, share some of the top stories, talk about some of the thoughts I have, and give “shout outs” to some of the people that have worked hard to try to make this a better place, and help lead us through the cybersecurity battles faced on premise and in the cloud. I will also try to post links to some of the resources I have found that truly help not just with the cloud, but also with Information Security as a whole. My hope is that all of you will do the same.

If you wish to submit questions or comments to me personally, you may do so at [email protected]. I will try to answer any questions I receive timely. Please keep in mid that these are from my resources and I will try to cite where I got the information from if it is something technical. I simply ask that we keep it professional. I do not comment on anything regarding sports, gender, sexuality, race, religion, or politics, so please do not ask. I ask you treat this professionally and keep in mind that we all need to contribute but in no way do we need to be disrespectful or use profanity. If you do, I will report you and move to block you. Please do not utilize this site for cheating. I do not encourage test dumps nor will I contribute to the utilization of such. Lastly, this is not a site for solicitations. I will remove all solicitations and if persistent, you will be reported and blocked.

Now that we got all of the legal stuff and expectations out of the road, look to hear more from me shortly! Have an awesome day and an awesome journey.

 Mike