Sneaky hackers use Intel management tools to bypass Windows firewall

Enlarge / Physical serial ports (the blue ones) are fortunately a relic of a lost era and are nowadays quite rare to find on PCs. But their virtual counterparts are alive and well, and they can be used for some exciting things. (credit: Ericf)

When you're a bad guy breaking into a network, the first problem you need to solve is, of course, getting into the remote system and running your malware on it. But once you're there, the next challenge is usually to make sure that your activity is as hard to detect as possible. Microsoft has detailed a neat technique used by a group in Southeast Asia that abuses legitimate management tools to evade firewalls and other endpoint-based network monitoring.

The group, which Microsoft has named PLATINUM, has developed a system for sending files—such as new payloads to run and new versions of their malware—to compromised machines. PLATINUM's technique leverages Intel's Active Management Technology (AMT) to do an end-run around the built-in Windows firewall. The AMT firmware runs at a low level, below the operating system, and it has access to not just the processor, but also the network interface.

The AMT needs this low-level access for some of the legitimate things it's used for. It can, for example, power cycle systems, and it can serve as an IP-based KVM (keyboard/video/mouse) solution, enabling a remote user to send mouse and keyboard input to a machine and see what's on its display. This, in turn, can be used for tasks such as remotely installing operating systems on bare machines. To do this, AMT not only needs to access the network interface, it also needs to simulate hardware, such as the mouse and keyboard, to provide input to the operating system.

Read 6 remaining paragraphs | Comments

FTC Recommends Steps to Protect Against Mobile Phone Theft

Original release date: June 08, 2017

The Federal Trade Commission (FTC) has released an alert about the theft of mobile phones and the best way to prepare for and recover from this kind of theft. Precautionary steps include regularly backing up the data on the phone, using strong passwords, and using two-factor authentication on any accounts on the phone.

US-CERT encourages users and administrators to refer to the FTC Alert and the US-CERT Tip on Cybersecurity for Electronic Devices for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

4 Tips to Secure Your IoT Deployment

After years of delays and false starts, 2017 is supposed to be the year where the Internet of Things (IoT) truly starts to become a ubiquitous part of our lives. But while progress has been made, deploying IoT devices has been slowed by various concerns, of which the biggest are the very real security concerns around any IoT network.

Any IoT breach can carry serious consequences. A survey released today found that “Almost half of all companies in the US using an IoT network have been the victims of recent security breaches,” which can cost smaller companies around 13 percent of their annual revenue. Each of the tens of billions devices which make up IoT networks are a security threat, and the network is only as strong as its least protected device.

None of this takes away from the IoT’s benefits. But if companies want to use the IoT without being worried about threats like ransomware or privacy breaches, there are some critical steps in order to ensure your network and organization’s security.

1. Prioritize your devices

A February estimate of IoT forecasts that there will be 8.4 billion connected things worldwide in 2017 and that this number will increase to 20 billion by 2020. But just because a device can be connected to the Internet does not mean it should. And each one of those devices represents a security threat, as shown by cyberattacks where hackers took down major websites like the New York Times by hacking baby monitors and webcams.

I did not make that last sentence up. Each one of these devices represents a risk. And newer, more innovative devices using the IoT are more problematic because toaster and refrigerator manufacturers do not possess the same technological knowledge needed to protect their devices which larger tech companies have.

If you are creating a network with an IoT signal booster, whether for your home or your business, each and every device added is a potential security risk. Consequently, take the time to ask yourself if you really need that new device which boasts Internet connectivity to be connected to the Internet. If you cannot think of a good reason, then do not connect it. As so many more companies create new devices as part of the IoT, users have to realize that some devices are not worth the risk.

2. Hold cyber security drills

You have probably heard stories about how some businesses pay hackers to try and break into their business so they know what their weaknesses are. Such an approach may be a bit extreme, but a business should consider holding cyber security drills in order to identify weak IoT devices and how secure your system is.

Drills are not just about knowing your cyber security weaknesses. They are about ensuring that everyone knows what to do in the event of a breach. Businesses should have a plan for a data breach or hacking just as a business in Japan should have a plan for what to do in the case of an earthquake. If a hacker breaks into your business through your IoT devices and uncovers data, testing beforehand should make it clear what sort of response your business should give and what sort of data is the most likely to be at risk.

3. Communication within the business

As noted above, a major threat with IoT security is that there are a lot of IoT-related devices out there where security is a secondary concern for the device makers and tacked on at the end. This cannot happen if you are deploying an IoT network yourself. Leadership must be in constant communication with their IT departments so that everyone is on the same page.

This may seem obvious, but IT departments everywhere have always complained about how leadership does not understand the security risks they are going under, and IoT will just make this worse. I have personally heard in certain companies the idiotic paradigm of leaders who say the IT department is pointless when things are going fine, and then complain how they are not doing their job when things are going badly.

The IoT necessitates further cooperation between IT and the highest levels of leadership to know what security measures should be implemented for your business. Get on it.

4. Change passwords

A basic example of the lack of communication between leadership and IT concerns passwords. Most IT professionals know that it is important to have strong passwords which are changed regularly, but leadership can chafe at trying to remember those more complicated passwords. But a strong password really matters for IoT devices. Many of them come with a default password, but businesses never bother to change them as they are unaware of the security risks.

Passwords and encryptions remain some of the most basic yet critical aspects to protecting your devices. Talk with IT about ensuring that all of your devices carry strong protection and make sure it is regularly changed.


This article was written by Gary Eastwood from CIO and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to [email protected].

The post 4 Tips to Secure Your IoT Deployment appeared first on McAfee Blogs.

Al-Jazeera claims to be victim of cyber attack as Qatar crisis continues

Enlarge / Qatari Foreign Minister Sheikh Mohammed bin Abdulrahman bin Jassim Al-Thani delivers a speech during a press conference. (credit: Mohamed Farag/Anadolu Agency/Getty Images)

Two weeks after an alleged cyber attack on Qatar's state news agency resulted in the publishing of a fake news story, the Qatari-funded broadcasting company Al-Jazeera claims that the company's "websites and digital platforms" are being targeted in "systematic and continual hacking attempts." The attack comes as officials from the Federal Bureau of Investigation continue to assist the Qatari government in Doha in investigations into an April breach of systems at the Qatar National Bank, as well as the previous media breach.

The fake news story was apparently aimed at further escalating tensions in Qatar's ongoing diplomatic crisis. On Wednesday, CNN reported that unnamed US officials had linked Russian hackers to planting it. That story falsely reported comments by Qatar Emir Sheikh Tamim bin Hamad Al Thani at a military graduation ceremony, saying that President Trump might not last long in office, criticizing escalation of animosity toward Iran, and praising Hezbollah and Hamas as resistance organizations.

However, multiple sources Ars has spoken with have disputed the Russia connection claim. No clear evidence has surfaced yet of who was involved, but Qatar's relationship with the US and its funding of the Al-Jazeera news service have been sources of concern for other governments in the region.

Read 3 remaining paragraphs | Comments