Category Archives: What the Hack!

Report: Organizations not doing enough to prevent data breaches


Verizon’s annual Data Breach Investigations Report shows which threats — new and old — to watch. 


Just the other day, Verizon released its annual Data Breach Investigations Report, which analyzed more than 2,100 confirmed data breaches and approximately 80,000 reported security incidents. This year’s study offered an in-depth look at the cybersecurity landscape, including a first-time overview of mobile security, Internet of Things (IoT) technologies and the financial impact of intrusions.

150415_DBIR_Graphic_640x400

Upon delving deeper, the report revealed that though cyber attacks are getting a lot more sophisticated, decades-old tactics like phishing and hacking haven’t lost much ground either. According to Verizon, the majority of the cyber attacks (70%) used a combination of these techniques and involved a secondary victim, adding complexity to a breach.

Another troubling area singled out in the analysis is that many existing vulnerabilities remain open, primarily because security patches that have long been available were never implemented. In fact, many of those flaws go back almost eight years.

As in prior reports, this year’s findings again pointed out what Verizon researchers call the “detection deficit,” which refers to the time that elapses between a breach occurring until it’s discovered. Sadly, in 60% of breaches, attackers are able to compromise an organization within minutes. On the bright side, the study does note that a number of cyber attacks could be prevented through a more vigilant approach to security.

“We continue to see sizable gaps in how organizations defend themselves,” explained Mike Denning, VP of Global Security for Verizon Enterprise Solutions. “While there is no guarantee against being breached, organizations can greatly manage their risk by becoming more vigilant in covering their bases. This continues to be a main theme, based on more than 10 years of data from our ‘Data Breach Investigations Report’ series.”

As expected, a hot topic that was added to this year’s report centered around security issues related to the burgeoning IoT. Verizon examined several security incidents in which connected devices were used as entry points to compromise other systems, with some IoT devices were co-opted into botnets that were infected with malicious software for denial-of-service attacks. The findings on connected devices “reaffirms the need for organizations to make security a high priority when rolling out next-generation intelligent devices.”

B290-VES.com_GraphicsDBIR2015-150417-06-01

Verizon security researchers also discovered that nearly all (96%) of the 80,000 security incidents analyzed this year can be traced to one of nine basic attack patterns that vary across industries. As identified in the 2014 report, the nine threat patterns include miscellaneous errors, malware aimed at gaining control of systems, insider/privilege misuse, physical theft or loss, web app attacks, cyber espionage, as well as point-of-sale intrusions and payment card skimmers.

This year’s report found that 83% of security incidents by industry involve the top three threat patterns — up from 76% in 2014. Needless to say, the longer it takes for organizations to discover breaches, the more time attackers have to penetrate defenses and cause damage, the report points out. More than a quarter of all breaches take an organization weeks, and sometimes months, to unearth and contain.

Want to continue reading? You can download Verizon’s entire report here. As if you needed any additional proof, it has becoming increasingly clear that embedded system insecurity affects everyone and every company. What’s worse, the effects of insecurity can be very personal like theft of sensitive financial and medical data. For a company the impact can be quite profound. Products can be cloned, software copied, systems tampered with and spied on, and many other things that can lead to revenue loss, increased liability, and diminished brand equity. Explore the SMARTER choice of embedded hardware-based security into your next design here.

Report: 29 million patient records compromised in healthcare breaches


In 2013, two-thirds of healthcare data breaches involved electronic data, almost 60% theft and nearly 10% hacking.


Amid our latest bout with malicious hackers and network intrusions, even more data has emerged that will certainly put any doubts, if any remained, around the insignificance of proper security to rest — particularly in healthcare. According to a new study published in the Journal of the American Medical Association, researchers have revealed that approximately 29 million health records in the U.S. alone were affected by breaches between 2010 and 2013 — 67% of which were stored electronically.

Breaches

In order to conduct their investigation, the researchers sifted through a government database containing information about data breaches involving unencrypted health information reported by clinicians and health plans. What they found was that a majority of incidents (58%) were exposed through theft, while the rest came as a combination of hacks and carelessness, such as loss or improper disposal of data and unauthorized access of information. And, most of the time, these breaches were connected to laptops and mobile devices.

In 2013, the frequency of breaches that occurred through hacking, unauthorized access or unprivileged disclosure increased to 27%, up from 12% just three years prior. The researchers warn that this number will only continue to rise.

“Given the rapid expansion in electronic health record deployment since 2012, as well as the expected increase in cloud-based services… the frequency and scope of electronic healthcare data breaches are likely to increase,” the researchers note. “These security breaches could involve everything from health sensors and gene sequencing technology, to predictive analytics and personal health records.”

Want to delve deeper into the topic? You can find the entire report here. Meanwhile, as attack platforms increase in size and threats become more sophisticated in nature, how can you ensure that your network and its connected devices are indeed protected? Fortunately, you can take comfort in knowing that there are solutions already available to keep those digital systems not only smart, but robustly secured all at the same time.

How Big Bang Theory and IoT relate to Tech on Tour


Hands-on ‘IoT Secure Hello World’ training introduces Atmel Wi-Fi and CrytoAuthentication technologies.


How The Big Bang Theory Relates to the Internet of Things

How many of you out there are fans of the CBS hit sitcom series Big Bang Theory? If you recall an episode from the show’s first season, entitled “The Cooper-Hofstadter Polarization,” the team of Sheldon Cooper, Leonard Hofstadter, Howard Wolowitz and Raj Koothrappali successfully triggered a lamp over the Internet using an X-10 system.

In order to accomplish this feat, the gang sent signals across the web and around the world from their apartment to connect not only their lights, but other electronics like their stereo and remote control cars as well.

“Gentlemen, I am now about to send a signal from this laptop through our local ISP racing down fiber optic cable at the of light to San Francisco bouncing off a satellite in geosynchronous orbit to Lisbon, Portugal, where the data packets will be handed off to submerged transatlantic cables terminating in Halifax, Nova Scotia and transferred across the continent via microwave relays back to our ISP and the external receiver attached to this…lamp,”  Wolowitz excitedly prefaced.

800px-X10_1

The funny thing is, the technology that the group of sitcom scientists was simulating could have just as easily been done using a Wi-Fi network controller like the WINC1500. However, at the time of airing back in March of 2008, open access for Internet users looking to control “things” around the house was seemingly something only engineers and super geeks thought possible.

We can imagine this is probably how it would’ve gone down…

Bringing Next-Generation Technology to You

In order to make the scene above possible, an Atmel | SMART SAM D21 was hooked up to the WINC1500 and connected to a solid-state relay, thereby enabling the team to control the lamp.

If this captivated your attention, then you’re in for a treat. That’s because Atmel is taking its “IoT Secure Hello World” Tech on Tour seminar on the road — starting with Europe!

As an application space, IoT sensor nodes are enabled by a number of fundamental technologies, namely a low-power MCU, some form of wireless communication and strong security. With this in mind, the Atmel IoT Secure Hello World series will offer attendees hands-on training, introducing them to some of the core technologies making the Internet of Things possible, including Wi-Fi and CryptoAuthentication.

These training sessions will showcase Atmel’s Wi-Fi capability and CryptoAuthentication hardware key storage in the context of the simplest possible use-case in order to focus attention on the practical aspects of combining the associated supporting devices and software. This includes learning how to send temperature information to any mobile device via a wireless network and how to enable the remote control of LEDs on a SAM D21 Xplained Pro board over a Wi-Fi network using a WINC1500. In addition, attendees will explore authentication of IoT nodes, as well as how to implement a secure communications link.

Take the very fundamental use-case of switching on an LED, for instance, which will represent our ‘Hello World!’ For this IoT application, the LED will be controlled using a smartphone app via the Internet, while a sensor node will be enabled to read an analog temperature sensor. The first part of the training will introduce Atmel Wi-Fi technology, which connects our embedded development kit of choice, an Atmel | SMART SAMD21 Xplained Pro, via the Atmel SmartConnect WINC1500 Wi-Fi module to a local access point. The result will be the ability to easily and securely send temperature information to any mobile device on the network, while also having remote control of the LED.

From the moment a ‘thing’ is connected, it becomes susceptible to a slew of potential security risks from hackers. That’s why the second part of the training will delve deeper into how CryptoAuthentication can be used to authenticate the temperature sensor node and host application before it can read the temperature information to avoid fake nodes. A secure communications link will be implemented using a session key to and from the remote node.

When all is said and done, building for the IoT demands innovative and secure solutions while architecting a balance between performance, scalability, compatibility, security, flexibility and energy efficiency — all of which Atmel covers extremely well.


Atmel | Tech on Tour Agenda At-a-Glance

The Atmel team will be coming through a number of major cities, from Manchester and Milan to Munich and Moscow. Ready to join us? Be sure to register for one of the Atmel | Tech on Tour European, Asia, or North America locations today! Upon registering, you will even receive a WINC1500 Xplained Pro Starter Kit to take home.

8:30 – 9:00     Check-In and Preparation

  • Assistance with installing software will be provided

9:00 – 10:15     Introduction to Atmel Wi-Fi Solution

  • WINC1500/WILC1000 Hardware and Performance Overview
  • Software and IoT Solution Overview
  • Wi-Fi Network Controller IoT Sensor Application

10:15 – 10:30    Hands-on Introduction

10:30 – 10:45    BREAK

10:45 – 12:30    Hands-on: WINC1500 Wi-Fi Network Controller IoT Sensor Application

  • Sending temperature information to any phone or tablet on the network
  • Enabling remote control of LED0 on the SAM D21 Xplained Pro board

12:30 – 1:30    LUNCH

1:30 – 2:15      Introduction to Atmel CryptoAuthentication IoT Security and Technology

2:15 – 3:00      Hands-on Introduction: Authenticating IoT Nodes

  • Authenticate the temp sensor node and host application before being able to read the temperature information to avoid fake nodes
  • How to implement a secure communications link using a session key to and from the remote node to any phone or tablet on the network

3:00 – 3:15    BREAK

3:45 – 4:30    Hands-on: Authenticating IoT Nodes (continued…)

4:30 – 5:00    Wrap-up, Questions and Answers


Prerequisites

Software Requirements

  • Download Atmel Studio 6.2 software.
  • Wireshark Packet Sniffer will be provided.

Hardware Requirements

  • Attendees are required to bring a laptop. Atmel will NOT supply computers at the training.
  • Please make sure to have administrator rights on your laptop.
  • Laptop must have at least one Internet port and one free USB host connector.

Evaluation Kit Requirements

  • Atmel | SMART SAMD21 – XPRO host MCU board
  • Atmel WINC1500 module mounted ATWINC 1500 Xplained Pro Extension (Product Code: ATWINC1500-XSTK)
  • Atmel Digital I/O WING extension board for sensor and SD-card input target USB

Breach Brief: Hackers reportedly breached White House computer system


Russian hackers may have penetrated the White House’s computer system and gained access to information, CNN reveals.


Hackers affiliated with Russia may have breached sensitive parts of the White House computer system after intruding at the U.S. State Department in recent months, CNN has reported.

White-House-1

What information was affected? The hackers reportedly gained access to sensitive information such as real-time non-public details of the President’s schedule.

How did it happen? Investigators believe the White House intrusion b all started with a phishing email that was launched using a State Department account that the hackers had taken over.

What they’re saying: “While the White House has said the breach only affected an unclassified system, that description belies the seriousness of the intrusion. The hackers had access to sensitive information such as real-time non-public details of the president’s schedule. While such information is not classified, it is still highly sensitive and prized by foreign intelligence agencies,” CNN notes.

Ben Rhodes, Assistant to the President and Deputy National Security Advisor for Strategic Communications, declined to confirm the breach.

This latest high-profile incident comes amid growing concerns that even the most trusted sites and systems can be used by hackers aimed at infiltrating sensitive industries. With the number of cyber attacks on the rise and no apparent end in sight, how can you ensure that your network is protected?

Breach Brief: British Airways falls victim to frequent-flyer hack


A recent cyber attack has compromised thousands of frequent-flyer accounts.


British Airways has become the latest high-profile brand to fall victim to a large-scale hack. The company confirmed on Sunday that a security breach affected tens of thousands of its users’ frequent-flyer accounts.

DSC_5503-G-EUPZ_(10715364215)

How did it happen? According to reports, British Airways doesn’t know who hacked the system but believes that the attack could have been carried out by an automated computer program that might have been looking for vulnerabilities in the company’s online security systems.

Who did it affect? The airline acknowledged the issue and highlighted that the problem has impacted only a small number of customers out of its millions of customers worldwide. However, British Airways has temporarily frozen affected accounts; subsequently, some travelers may not be able to use their earned miles at this time.

What they’re saying: “British Airways has become aware of some unauthorized activity in relation to a small number of frequent-flyer executive club accounts. This appears to have been the result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to some accounts. We would like to reassure customers that at this stage we are not aware of any access to any subsequent information pages within accounts, including travel histories or payment-card details.”

This latest high-profile incident comes amid growing concerns that even the most trusted sites and systems can be used by hackers aimed at infiltrating sensitive industries. Thus, it is becoming increasingly clear that embedded insecurity affects everyone and every company. With the number of breaches on the rise and no apparent end in sight, how can you ensure that your network is protected?

Wi-Fi router flaw leaves hundreds of hotel guests vulnerable to hackers


Researchers have discovered 277 devices in 29 countries to be accessible over the Internet.


Another week, another piece of research highlighting the vulnerabilities of Wi-Fi devices. This time, security firm Cylance has discovered routers — which can be been found in eight of the world’s top 10 hotel chains — to be vulnerable to hacking. The experts claim cyber attackers could easily use the flaw to monitor and record data sent over the hotel’s Wi-Fi network.

area-wifi-hotel-a-pisa-3-stelle

Cylance discovered that multiple ANTLabs InnGate models contained a misconfigured, unauthenticated rsync service that listened on TCP port 873 and gave unprivileged users full read and write access to the file system. The Rsync daemon is a tool often used to backup systems since it can be set up to automatically copy files or new parts of files from one location to another.

“When an attacker gains full read and write access to a Linux file system, it’s trivial to then turn that into remote code execution,” Cylance researcher Brian Wallace wrote in a blog post. “The attacker could upload a backdoored version of nearly any executable on the system and then gain execution control, or simply add an additional user with root level access and a password known to the attacker. Once full file system access is obtained, the endpoint is at the mercy of the attacker.”

For example, hackers could potentially use the security weakness to infiltrate keycard systems to secure and unlock doors, monitor and record data sent over the network, access the hotel’s reservation system, and even distribute malware to guests, among countless other malicious acts.

At the moment, Cylance has confirmed the flaw can be found in 277 devices spanning across 29 countries that are accessible over the Internet. Aside from more than 100 of them being at located in the United States, the researchers have unearthed susceptibility in 16 systems in the UK, 35 in Singapore and 11 in the United Arab Emirates.

darkportal-map.png

“The affected nodes also include quite affluent hotels. Listing those vulnerable devices at this time would be irresponsible and could result in a compromise of those networks,” the team’s blog explains. “Take it from us that this issue affects hotels brands all up and down the spectrum of cost, from places we’ve never heard of to places that cost more per night than most apartments cost to rent for a month.”

ANTlabs has since released a patch to fix the vulnerability. If recent events were to demonstrate anything, it is that hotel networks are a common target to hackers. In fact, just last November, Kaspersky Lab documented the activity of a cyberespionage group dubbed DarkHotel that preyed on business travelers by compromising the networks of luxury hotels in the APAC region. It’s more apparent than ever that, not only are security flaws on the rise, they affect us all. Subsequently, how can you ensure that your network and its devices are protected? Those wishing to read more can head over to a detailed write-up from Wiredas well as check out Cylance’s official blog post here.

Flaw exposes over 700,000 routers to remote hacking


More than 700,000 ADSL routers provided to subscribers by ISPs around the world are vulnerable to remote hacking due to a flaw called “directory traversal.”


More than 700,000 ADSL routers provided to customers by ISPs around the world contain serious flaws that allow remote hackers to take control of them. Security researcher Kyle Lovett first detected the vulnerability a few months ago while analyzing some ADSL routers in his spare time. Upon delving a bit deeper, he discovered hundreds of thousands of susceptible devices from different manufacturers that had been distributed by ISPs to subscribers in nearly a dozen countries.

dsl-2750e_main-100574521-large

Most of the routers were found to have a “directory traversal” flaw in a firmware component called webproc.cgi that allows hackers to extract sensitive configuration data. It should be noted that the flaw isn’t entirely new; in fact, it was initially reported by multiple researchers dating back to 2011 in various router models that have been distributed in countries such as Colombia, India, Argentina, Thailand, Moldova, Iran, Peru, Chile, Egypt, China and Italy. Some of these routers are also sold off the shelf in the United States.

The researcher unearthed a commonality among all of these routers: the vast majority were using firmware from China-based Shenzhen Gongjin Electronics, which also does business under the trademark T&W. This company manufactures networking equipment for router vendors such as D-Link, Asus, Alcatel-Lucent, Belkin, ZyXEL and Netgear.

The directory traversal vulnerability can be used by unauthenticated attackers to extract a sensitive file called config.xml, which is on most of the affected routers and contains their configuration settings.The file also contains the password hashes for the administrator and other accounts on the device, the username and password for the user’s ISP connection (PPPoE), the client and server credentials for the TR-069 remote management protocol used by some ISPs, as well as the password for the configured wireless network, if the device has Wi-Fi capabilities.

zte-h108n-100574522-large

According to Lovett, the hashing algorithm used by the routers is weak so the password hashes can easily be cracked. Attackers could then log in as administrator and change a router’s DNS settings. By controlling the DNS servers the routers use, attackers can direct users to rogue servers when they try to access legitimate websites. Large-scale DNS hijacking attacks against routers — which is known as router pharming — have become common over the past two years.

Lovett admits that 700,000 is a conservative estimate. There are likely many more devices that possess the same flaws, yet are not configured for remote management. Instead, those can be attacked from within local networks through malware or cross-site request forgery (CSRF).

Want to learn more? You can read the entire article from PC World here. It is becoming increasingly clear that embedded system insecurity affects everyone and every company, so how can you ensure that your device is indeed protected?

Breach Brief: Mandarin Oriental hotels hit with massive data breach


Credit card hackers are at it again, this time stealing information from Mandarin Oriental hotel guests.


Luxury hotel chain Mandarin Oriental has confirmed that a number of its hotels were subject to a major security breach, and hackers have made off with guests’ credit card information.

singapore-lobby-1

What happened? A number of fraudulent charges began appearing on credit card accounts, and cybersecurity blog Krebs on Security reported that banking industry sources said the hotel was the common factor for many. The cybersecurity news website revealed that point-of-sale terminals were infected with malware capable of stealing card details from restaurants and other businesses located within the hospitality establishments, not so much the front desk.

Who was affected? A majority of Mandarin Oriental’s 24 locations worldwide, ranging from Shanghai to Barcelona, may have been subject to the cyberattack, but the report claims most, if not all, of the chain’s U.S. establishments — including New York, Washington, D.C., Boston and Las Vegas — were likely impacted.

When did it occur? The company didn’t say which locations were affected exactly, or when cybercriminals made off with the data. However, sources told the blog that the attack may have started sometime around December 2014.

What they’re saying: “Mandarin Oriental can confirm that the credit card systems in an isolated number of our hotels in the US and Europe have been accessed without authorization and in violation of both civil and criminal law. The Group has identified and removed the malware and is coordinating with credit card agencies, law enforcement authorities and forensic specialists to ensure that all necessary steps are taken to fully protect our guests and our systems across our portfolio.Unfortunately incidents of this nature are increasingly becoming an industry-wide concern,” the company told Krebs.

Given the chain’s upscale clientele, it wouldn’t be too surprising for the credit card numbers fetch a couple of big bucks if they end up on the black market. With the number of breaches on the rise and no apparent end in sight, how can you ensure that your network and its devices are protected?

Air traffic control system vulnerable to hackers, report finds


The United States’ system for guiding planes and other forms of aircraft is at an increased and unnecessary risk of being hacked.


A new Government Accountability Office report reveals that cybersecurity is “threatening the agency’s ability to ensure the safe and uninterrupted operation of the national airspace system.” The 42-page document entitled “Information Security: FAA Needs to Address Weaknesses in Air Traffic Control Systems” credits the FAA with taking steps to deter malicious hackers but concluded that significant security control weaknesses still remain.

Verkeerstoren_Brussels_Airport-1

One area of supcetibility, in particular, is the ability to prevent and detect unauthorized access to the vast network of computer and communication systems. These include controls for protecting system boundaries, identifying and authenticating users, authorizing users to access systems, encrypting sensitive data, and monitoring activity on the FAA’s systems, the report states.

The FAA relies on more than 100 of these air traffic systems to direct planes, with air traffic controllers responsible for an average of 2,850 flights at any given moment. As the Washington Post points out, 14,000 controllers work in three different types of facilities: 500 airport control towers that oversee landings and takeoffs; 160 facilities that direct planes to and from cruising altitudes; and 22 centers that supervise aircraft at cruising altitude.

According to the GAO’s latest findings, there are also a number of inadequate safeguards to prevent entry into the air traffic network from other, less-secure computer systems not directly involved in traffic operations. The report goes on to note that threats to the ATC system are on the rise, especially from terrorists, criminals and other foreign governments.

11943716-Air-traffic-controller-point-to-plane-on-radar-sonar-Air-Traffic-Control-Tower-Stock-Photo

Among the other notable vulnerabilities listed in the report include security weaknesses identified by the FAA weren’t always addressed in timely fashion, control assessments weren’t always comprehensive enough to find weaknesses, and shortcomings in monitoring for hacking incidents or unauthorized entries mean the FAA may not be able to contain, eradicate or recover from incidents.

“These shortcomings put (national airspace) systems at increased and unnecessary risk of unauthorized access, use, or modification that could disrupt air traffic control operations,” the report concludes.

Interested in reading more? Access the entire report here. With the number of cyber attacks on the rise and no apparent end in sight, how can you ensure that your network is indeed protected?

Hackers make off with at least $300 million in bank heists


According to researchers, hackers have hit more than 100 financial institutions in 30 countries.