What Security Risks Should MSPs Expect in 2018

As IT operations are becoming more complex and require both advanced infrastructure and security expertise to increase the overall security posture of the organization, the managed service provider (MSP) industry is gaining more traction and popularity.

Estimated to grow from USD $152.45 billion in 2017 to USD $257.84 billion by 2022, at a CAGR of 11.1%, the MSP industry offers greater scalability and agility to organizations that have budget constraints and opt for a cloud-based IT deployment model.

“The cloud-based technology is the fastest-growing deployment type in the managed services market and is expected to grow at the highest CAGR during the forecast period from 2017 to 2022,” according to ResearchandMarkets. “IT budget constraints for installation and implementation of required hardware and software, limited IT support to manage and support managed services, and need for greater scalability are major factors that are likely to drive the adoption of cloud managed services in the coming years. The cloud-based deployment model offers higher agility than the on-premises deployment model.”

However, MSPs are expected to also become more targeted by threat actors than in the past. Supply chain attacks are becoming a common practice, as large organizations have stronger perimeter defenses that increase the cost of attack, turning MSPs into “low-hanging fruit”
that could provide access into infrastructures belonging to more than one victim. In other words, MSPs hold the keys to the kingdom.

Since MSPs are expected to provide around-the-clock security monitoring, evaluation, and response to security alters, they also need to triage and only escalate resources when dealing with advanced threats.

1. Wormable military-grade cyber weapons

Leveraging leaked, zero-day vulnerabilities in either operating systems or commonly deployed applications, threat actors could make the WannaCry incident a common occurrence. As similarly-behaving threats spread across infrastructures around internet-connected endpoints – both physical and virtual – MSPs need to quickly react with adequate countermeasures to defend organizations.
While MSPs may not be directly targeted, their role in protecting organizations will become far more important as they’ll need to reduce reaction time to new critical threats to a bare minimum, on an ongoing basis. Consequently, network security and threat mitigation will become commonplace services for MSPs.

2. Next-Level Ransomware

The rise of polymorphism-as-a-service (PaaS) will trigger a new wave of ransomware samples that will make it even more difficult for security solutions to detect. Coupled with new encryption techniques, such as leveraging GPU power to expedite file encryption, ransomware will continue to plague organizations everywhere. Backup management and incident response that provides full data redundancy need to be at the core of MSP offerings when dealing with these new ransomware variants.

While traditional ransomware will cause serious incidents, threat actors might also hold companies at gunpoint by threatening to disrupt services with massive distributed-denial-of-service (DDoS) attacks performed by huge armies of IoT botnets.

3. OSX Malware

The popular belief that Apple’s operating system is immune to malware was recently put to the test by incidents such as the ransomware disseminating Transmission app and advanced remote access Trojans (RATs) that have been spying on victims for years. With Apple devices making their way into corporate infrastructures onto C-level’s desks, managing and securing them is no longer optional, but mandatory.

Security experts have started finding more advanced threats gunning for organizations that have specific MacOS components, meaning that during 2018 threat actors will continue down this alley. Regardless of company size, vertical, or infrastructure, MSPs need to factor in MacOS malware proliferation and prepare adequate security measures.

4. Virtualization-Aware Threats

Advanced malware has been endowed with virtualization-aware capabilities, making it not just difficult to identify and spot by traditional endpoint security solutions, but also highly effective when performing lateral movement in virtual infrastructures. MSPs need to identify and plan to deploy key security technologies that are not just designed from the ground up to defend virtual infrastructures, but also hypervisor-agnostic, offer complete visibility across infrastructures, and detect zero-day vulnerabilities.

Focusing on proactive security technologies for protecting virtual workloads against sophisticated attacks will help MSPs offer unique value to their services.

5. Supply Chain Attacks

MSPs could also become the target of attack for threat actors, which is why deploying strong perimeter defense on their end should also be a top priority. Having access and managing security aspects to remote infrastructures turns MSPs into likely candidates for advanced attacks. Either by directly targeting their infrastructure or by “poisoning” commonly-deployed tools, MSPs should treat the security of their own infrastructure with the utmost scrutiny.

Source: https://securityboulevard.com/2018/04/what-security-risks-should-msps-expect-in-2018/

Website security firm Sucuri hit by large scale volumetric DDoS attacks

Another day, another series of DDoS attacks – This time Sucuri and its customers have been hit by a series of attacks worldwide.

The California based website security provider Sucuri has suffered a series of massive DDoS attacks (distributed denial-of-service) causing service outage in West Europe, South America and parts of Eastern United States.

The attacks began on April 12th, 2018 at approximately 11 pm (PST) when Sucuri network came under non-stop DDoS attacks. The company then worked with Tier 1 providers to mitigate the attacks.

In an email to HackRead, Sucuri spokesperson said that “The attack was big enough that caused some of our ports to be pretty close to capacity, causing very high latency and packet loss. In some other regions, it caused temporary latency and packet loss.”

The company’s Status page also kept the customers updated revealing that Sucuri “worked with its upstream providers, our NOC and partners to help mitigate the attack and re-route the affected regions. Unfortunately, due to the size of the attack, it took a lot longer than expected to get it fully handled.”

image 1

The exact size of DDoS attacks is still unknown, the same goes for its culprits and their motives, however, lately, there has been a surge in large-scale DDoS attacks. Last month, malicious hackers used Memcached vulnerability to carry out world’s largest ever DDoS attacks of 1.7 Tbps on an American firm and 1.35 Tbps attack on Github.

The vulnerability was also used to hit Amazon, Google, NRA, Play Station, and several other high-profile targets.

As for Sucuri, the good news is that the attacks have been successfully mitigated and at the time of publishing this article Sucuri services and customer websites were back online.

Source: https://www.hackread.com/website-security-firm-sucuri-hit-by-ddos-attacks/

Hospitals Exposed by Connected Devices

At any one time the world’s connected hospitals could be running as many as 80,000 exposed devices, putting hospital operations, data privacy and patient health at risk, according to Trend Micro.

The security giant’s latest report, Securing Connected Hospitals, claimed medical devices, databases, digital imaging systems, admin consoles, protocols, industrial controllers and systems software have significantly increased the average provider’s attack surface.

This puts them at risk of DDoS, ransomware attack and data theft. The report used the DREAD threat assessment model to find that DDoS is actually the biggest risk, followed by ransomware.

The latter has impacted hospitals worldwide, particularly NHS Trusts, which were severely affected by the WannaCry attack of 2017.

Senior threat researchers and report authors Numaan Huq and Mayra Rosario Fuentes claimed that hospital cybersecurity may be lacking because of several reasons.

These include: a lack of dedicated IT security staff, limited budget, diagnostic equipment which is outdated, and can’t be taken offline to patch and large numbers of mobile workers who need seamless access to systems.

The report also claimed that hospital supply chains are increasingly opening them up to cyber-risk, with 30% of breaches publicly reported to the US Department of Health and Human Services (HHS) in 2016 due to breaches of business associates and third-party vendors.

“Supply chain threats are potential risks associated with suppliers of goods and services to healthcare organizations where a perpetrator can exfiltrate confidential or sensitive information, introduce an unwanted function or design, disrupt daily operations, manipulate data, install malicious software, introduce counterfeit devices, and affect business continuity,” explained Huq and Fuentes.

“Third-party vendors have credentials that include log-ins, passwords, and badge access which can be compromised. These vendors can also store physical records, medical devices, and office equipment. Hospitals need to be supplied by a robust supply chain to ensure uninterrupted service to patients, and thus protecting the hospital supply chain against cyber-attacks becomes a critical necessity.”

Source: https://www.infosecurity-magazine.com/news/hospitals-exposed-by-connected/

A new Mirai-style botnet is targeting the financial sector

The researchers say it’s the largest attack since the Mirai-powered cyberattack in October 2016 that took down large swathes of the Western internet.

A botnet made up of hijacked internet-connected televisions and web cameras has a new target, security researchers have found.

Three financial sector institutions have become the latest victims of distributed denial-of-service (DDoS) attacks in recent months. New research by Recorded Future’s Insikt Group published Thursday points to what’s likely to be the IoTroop botnet, used to pummel financial firms with internet traffic to overload servers and disrupt services.

The researchers say it’s the largest attack since the Mirai-powered cyberattack in October 2016 that took down large swathes of the Western internet.

Botnets appear all the time and can rapidly grow and ensnare thousands of devices. Many lay dormant for months, quietly gathering pace but ready to cause disruption at a moment’s notice. Although several botnets have appeared in the past year, none have resulted in any sizable attacks.

But that changed in January, when three DDoS attacks were launched within a few hours of each other.
The first was a DNS amplification attack that peaked at a traffic volume of 30Gbps per second. That may pale in comparison to a recent 1.7 Tbps attack — some fifty times larger– but can still cause considerable damage for companies not investing in DDoS mitigation protections.

It’s thought that the botnets are built off Mirai’s code, which was open-sourced and publicly released just weeks before the October 2016 attacks. Mirai was fairly simple compared to other botnets, which aggressively infected devices by using a list of pre-determined default usernames and passwords.

But the code’s release opened the door for other botnets to spring to life.

It’s believed that the more aggressive and advanced Reaper malware is thought to be behind the IoTroop botnet targeting financial institutions, said Priscilla Moriuchi, who co-authored the report with Sanil Chohan.

“This botnet is different than Mirai in composition and exploitation vector, likely compromising new bots based on vulnerabilities and not via unchanged administrator credentials,” said Moriuchi, in an email.

Unlike Mirai, Reaper has become a large botnet that can run complex attack scripts to exploits flaws in the code of vulnerable devices, making it difficult to detect infections. The botnet exploits over a dozen known vulnerabilities in nine internet-connected products — including some of the flaws that were originally used in Mirai.

Netlab said that the botnet had about 28,000 infected devices connected to one of the botnet’s controllers as of its discovery in October — and was ballooning in size.

This new botnet targeting financial sector companies has over 13,000 devices — each with a unique IP address, the report said.

Most of the compromised devices are routers made by MikroTik, a Latvia-based networking company. It’s thought that the attackers are leveraging the manufacturer’s router bandwidth testing feature. The majority of infected devices were found in Russia, Brazil, and Ukraine — a point that the researchers said is “likely to just be a reflection of the popularity” of the infected devices.

Moriuchi said that at least one of the companies affected by the attack had its customer services temporarily disrupted, but the extent of the financial or network damage wasn’t known.

The researchers would not name the companies targeted by the botnet in their report, but said they were global Fortune 500 firms. It’s also not known who is behind the attacks, they said.

But the botnet is likely not done. Although botnet attack activity has been largely quiet since January, the researchers said the botnet will grow in size and may be able to launch larger DDoS attacks against the financial sector in the future.

“It will become increasingly important to monitor the potential controllers and identify new IoT devices being added to the botnet in preparation for further attacks,” the researchers said.

Source: https://www.zdnet.com/article/new-mirai-style-botnet-targets-the-financial-sector/

Insurance may not be enough to stop hackers

NEARLY two dozen ransomeware attacks were made against Jersey businesses in the first three months of this year, according to research by just one local IT company.

Logicalis also logged more than seven Office 365 break ins, 21 examples of attackers exploiting vulnerabilities caused by user errors, three DDoS attacks from hackers using company bandwidths, 20 compromised systems because of poor configuration, and 50 examples of hackers using credentials from the dark web to log in.

All told, the Logicalis Security Operations Centre detected 124 cyber-attacks in the Island in three months, which Logicalis say must be a fraction of the real level of attacks.

The message, according to Ricky Magalhaes, Managed Security Services Director at Logicalis, is that companies will loose out if they rely on insurance to cover the costs of those attacks. He fears that up to 80% of businesses would not be covered by their cyber insurance policies in the event of a cyber-attack because they are not following correct security protocols.

‘Many companies think cyber insurance is an alternative to good cyber security practices; however, if you

don’t have correct controls in place, your insurance will not cover you,’ Mr Magalhaes said.

‘Up to 80% of companies with cyber insurance are not following basic cyber security procedures, which means if they suffer a loss, it will be hard for them to claim because they have been negligent.’

Even if the user follows correct procedures and an insurance company pays out, the real costs of a cyber-attack could be well beyond the financial compensation they receive. For example, US drug maker Merck, lost $750m in the NotPetya attacks last year, but received only $275m in insurance.

‘Proper security monitoring, simple procedures such as

using two-factor authentication, and regular training and testing of staff to help prevent security breaches in the first place, are vital, whether you are insured or not,’ Mr Magalhaes said.

‘A lot of cyber-attacks happen because of behaviour of staff, rather than because of the technology, which makes it very hard to assess risks. One thing is certain, though, the risks of cyber-crime are higher than ever.”

Source: https://jerseyeveningpost.com/news/business/2018/04/03/insurance-may-not-be-enough-to-stop-hackers/

Tracking Bitcoin Wallets as IOCs for Ransomware

By understanding how cybercriminals use bitcoin, threat analysts can connect the dots between cyber extortion, wallet addresses, shared infrastructure, TTPs, and attribution.

Cryptocurrency, particularly bitcoin, has captured the attention of Wall Street and Silicon Valley over the past few months. It seems like everybody wants to talk about bitcoin as if it is something brand new.

The truth is that cryptocurrencies have been the norm on the Dark Web for quite some time. Bitcoin has been payment method of choice for ransomware and cyber extortion because it allows bad actors to operate under a cloak of anonymity. But that could be changing. Threat intelligence analysts are beginning to incorporate bitcoin wallet addresses into their investigations, and we’ll soon be able to recognize attack patterns and track attribution. One thing we’ve noticed is the ability to track, to some degree, the correlations and connections between cyberattacks by following bitcoin transactions.

In order to understand why tracking bitcoin wallet addresses as indicators of compromise (IOCs) is so valuable, we need to understand why cybercriminals use bitcoin in the first place. There are three primary reasons.

Anonymity: Bitcoin provides anonymity when payments are received and when they are cashed out. That’s because bitcoin accounts and money transfers are difficult to trace and depend largely on the cybercriminal being sloppy with operations security.

Global Currency: Hackers typically prey on out-of-country targets and need a fast, untraceable method to transfer funds across nations without worrying about account freezes. Bitcoin is used as a global currency because you don’t need to worry about the exchange rates between your home country’s currency and US dollars.

Ease of Payments: In the past, hackers used to rely on gift cards for payment. This was troublesome on many levels — for instance, gift cards can’t be used globally, and criminals needed to come up with a mailing addresses that can’t be traced. Bitcoin and the higher profile of cryptocurrency have contributed to the rise in ransomware, as well as hackers’ ability to use extortion to elicit payments. One example occurred after the Ashley Madison website breach, when hackers threatened some users with a bitcoin ransom or have their identities revealed as adulterers. Another tactic involved using malicious emails to threaten a distributed denial-of-service attack on an organization’s network unless a bitcoin payment was made.

By tracking bitcoin wallet addresses as an IOC, we’ve been able to connect the dots between ransomware, wallet addresses, and shared infrastructure, TTPs (tactics, techniques, and procedures), and attribution.

Here is an example of how bitcoin is used in a ransomware campaign: A new piece of ransomware gives you a bitcoin address for payment. You can then make correlations that connect across sectors, like retail, energy, or technology groups based on the blockchain and/or reuse of the same address. With WannaCry, there were hard-coded bitcoin addresses that made it easy to correlate what you are dealing with and which sectors were being affected. The more bitcoin addresses are shared, the more you can identify addresses to which bitcoins are forwarded.

The ability to track transactions through the blockchain allows you to connect different ransomware campaigns. Cybercriminals don’t typically share bitcoin wallets as they might share the same exploit kit, but by tracking blockchain transactions, analysts have another investigation point from which they can pivot and dig for more.

Bitcoin Addresses Reported by Multiple Sectors

Addresses are often unique to each target or a small set of targets, but you can track where the money goes by looking at the blockchain (the transactions) to see which addresses deliver funds to the same final addresses before being cashed out.

Addresses are often unique to each target or a small set of targets, but you can track where the money goes by looking at the blockchain (the transactions) to see which addresses deliver funds to the same final addresses before being cashed out.

Why is it important to be able to track bitcoin wallets as IOCs? With the ability to track payments, you can determine if bitcoins are going to specific wallet addresses, and then narrow that down to determine if they are the same two or three addresses over time. This will give you some idea of where and when cybercriminals are cashing out.

The value of the metadata as an indicator for malicious activity is because, although there are many variants of ransomware, the number of variants does not necessarily represent separate campaigns or cybercriminal groups. If you can follow the transactions through the blockchain, you can see how or if these variants are connected, and identify specific campaigns.

There is a well-known saying that if you want to know where trouble is coming from, follow the money. It’s hard to follow bitcoins, but all of those bitcoin wallets can help you see how ransomware is connected.

This research was provided by the TruSTAR Data Science Unit.

Source: https://www.darkreading.com/threat-intelligence/tracking-bitcoin-wallets-as-iocs-for-ransomware-/a/d-id/1331016?

Dutch Central Bank warns for phishing emails after DDoS attacks on banks

The Dutch Central Bank (DNB) has issued warnings to consumers about phishing e-mails, following a series of DDoS attacks on banks. ABN Amro, ING and Rabobank were the victims of long-term DDoS attacks on several occasions last weekend and earlier this week; these led to the disruption of online services. The Tax and Customs Administration and Dutch national ID system DigiD were also affected.

DNB said there is a chance that the number of phishing emails will now increase, following these DDoS attacks. “It is not unusual for DDoS attacks on banks to be followed by an increase in phishing mail to account holders. Criminals often attempt to use the agitation around digital attacks to make people feel vulnerable, and to then extract sensitive bank account details.

The recent DDoS attacks on the banks were advanced, according to the DNB. Banks have in place strong defensive measures to ensure that services are available through websites and internet banking. The banks have been in constant consultation with each other during the few last days and have worked together with the authorities, including the DNB and the National Cyber ​​Security Center. For such situations, multiple consultation structures have been set up, aimed at normalising payment transactions as quickly as possible.

Source:https://www.telecompaper.com/news/dutch-central-bank-warns-for-phishing-emails-after-ddos-attacks-on-banks–1230205

New year, new defence: Cybersecurity help and predictions for 2018

Organisations will adopt AI and other emerging technologies to help fight this year’s growing cyber threats.

With 2017 seeing an enormous number of data breaches, businesses should be looking at their cybersecurity processes and planning how to effectively monitor their network security in the year to come. With massive developments in monitoring and AI providing unmissable cybersecurity opportunities, here are five predictions of what we expect to see in 2018.

1. Organisations will increasingly adopt AI-based systems to help with Cybersecurity

In 2018, we’ll see companies using AI-based tools to benchmark their networks to ensure that companies know exactly what systems should ‘normally’ look like, allowing abnormalities to be identified faster before cyber incidents become full-blown attacks.

Despite hackers constantly evolving their attack methods to target new vulnerability points and bypass existing defence systems, AI-based tools can use real-time analytical models to search for anomalies. While analysts still need to decide whether these anomalies require urgent action or not, AI can help make them more productive.

We can also expect to see AI being used more to evaluate and prioritise security alerts. This will automate the more routine procedures that analysts have to undertake, and may even reduce threat related ‘false positives’ alerts in networks. Many companies are relying on rule-sets provided by third-party providers to deal with false positives, and they often don’t have the ability to tune and change the rules. This means that they either suffer the false positives and ignore them, or turn off that rule if the false positives are too prevalent – neither of which is an effective strategy.

AI-based systems can help by filtering out the noise of false positives, making it easier for analysts to identify, and focus on, the real threats.

2. Companies will handle breach communication much better than they did in 2017

PayPal is a great example of this. The company should be commended for implementing good hygiene practices that resulted in identifying and announcing the breach at TIO on 4th December, and for showing leadership in claiming responsibility for dealing with the outcome. We’re set to see a big difference between those companies that try and sweep breaches under the carpet, and those that are set up with the right processes to investigate breaches and respond appropriately. Those who attempt to hide breaches – we’re looking at you Uber – will be treated with contempt by customers and the media, as indicated by surveys that indicate as many as 85% of respondents wouldn’t do business with firms that had suffered a data breach.

Of course, on 25th May, 2018, the General Data Protection Regulation (GDPR) will come into effect, which means companies will have to notify the Information Commissioner’s Office (ICO) of a breach within 72 hours, or a fine of up to 4% of global revenue.

Sensible organisations will look to implement stronger protection using application whitelisting, encryption and other techniques and improve their detection capability. They should also look to collect and store more definitive evidence about what takes place on their networks – in the form of more verbose log data, NetFlow history and full packet capture. Without this, organisations will find it impossible to investigate a breach quickly enough to satisfy regulatory obligations.

3. Retailers will be far more risk averse during holidays

Companies have begun to accept that optimised monitoring needs to take place all year-round, and Christmas will be no exception. However, companies will become more risk adverse, and whether it’s a bank or a retailer, as the holiday period approaches, often there’s a “blackout” period during which network and security teams are not allowed to make updates and changes to their networks other than urgent patches.

Threat actors may step their activity during the holiday period because there is a higher chance of evading identification and more to gain. This year, Shopify revealed that at the peak of Black Friday, online shoppers were making 2,800 orders per minute, worth approximately US$1million. Had Shopify experienced an outage of just five minutes during this busy period, it would have cost them US$5million in revenue. Protecting against outages – such as might result from a Distributed Denial Of Service (DDOS) attack – is critical at these times. Additionally, this volume of online activity makes it easy for hackers to hide their movements while everyone’s focus is on making sure systems stay up and handle the load.

4. New housekeeping and the end of BYOD

Basic house-keeping will play a big role in cybersecurity in 2018. We’ll see a lot more staff training, and more focus on patching and standardisation so that companies avoid attacks like the widespread ransomware outbreaks we saw this year.

We’re also likely to see more companies moving away from BYOD. The reality is that BYOD has simply proven too hard to regulate and the risk it poses too difficult to protect against. In sensitive networks, with a lot at stake, this risk is not acceptable any longer.

5. Increasing use of strong encryption, and attacks over encrypted connections.

We already know that encryption of network traffic is being used more frequently by attackers as way to hide evidence of their activity. Analysts and their detection tools can’t see into the payload of encrypted traffic.

Unless, of course, they have the encryption keys. If operators force all SSL connections to pass through a proxy, they can decrypt the traffic and see inside the payload. This allows the proxy to provide a clear-text version of the traffic to security tools for analysis, or to full packet capture appliances like the EndaceProbe Network Recorder.

 We should expect to see the adoption of SSL proxy appliances increasing in 2018 – great news for companies like Ixia, Gigamon, Bluecoat, Juniper and others that make these appliances.

Conclusion

So, will 2018 be just as unpredictable when it comes to cybersecurity, data breaches and network infiltration? Chances are, most likely it will. However, with the right plans, practices and network monitoring in place, companies can at least prepare themselves for the worst, and prevent any possible breaches from being anywhere near as extensive as those that took place in 2017.

Source: https://www.itproportal.com/features/new-year-new-defence-cybersecurity-help-and-predictions-for-2018/

UK businesses fear DDoS attacks hijacking their devices

Businesses are afraid wireless devices could be hacked and used as DDoS weapons, report finds.

Businesses are afraid their wireless devices can be hacked and used at weapons in DDoS attacks.

A new report from the Neustar International Security Council (NISC) found that many businesses are becoming increasingly concerned with the current international security landscape, with system compromises seen as the biggest threat, following by ransomware and financial data theft.

But unlike with other similar reports, this time businesses aren’t just sitting idly on this information – they’re actually taking action.

What they usually do is keep a close eye on outgoing traffic, installing buffer servers that help them keep malware out, replace vulnerable access points, and make sure all members of staff are on the same page when it comes to safety guidelines and rules.

Almost half of businesses polled (43 per cent) hire specialist companies to help them with DDoS mitigation.

“As the cybersecurity landscape continues to evolve, and with businesses unsure about where the next attack will come from and what form it will take, there are clear challenges focusing their prevention and protection efforts,” said Rodney Joffe, head of NISC and Neustar senior vice president and fellow.

“But DDoS has long been seen as a severe threat to companies, reaping tremendous impacts and steadily increasing in incidence. The sheer volume of traffic caused by DDoS attacks make them hard, but not impossible, to mitigate and for businesses to have the best chance of success in fighting against them, they need to make them a priority”.

Source: https://www.itproportal.com/news/uk-businesses-fear-ddos-attacks-hijacking-their-devices/

If you have satellite TV, hackers have access to your network

Imagine if every single gadget in your life was “smart.” Your self-driving car could let your house know you’re on the way home so it can adjust the thermostat and kick on the lights.

Your fridge could detect that you’re out of milk and order more online before you even wake up. A drone delivers the milk just in time for your morning bowl of cereal. These are all super helpful features, but they do come with some digital risks.

Now, something as simple as satellite television can be targeted by hackers.

Who’s at risk?

If you are one of the millions of people with AT&T’s DirecTV service, you could be at risk of attack by hackers. That’s due to a vulnerability recently discovered by security researcher Ricky Lawshae.

He said the flaw was found in DirecTV’s Genie digital video recorder (DVR) system. More specifically, Linksys WVBRo-25 model. The vulnerability is located in the wireless video bridge that lets DirecTV devices communicate with the DVR.

Lawshae said that he discovered the flaw when trying to browse to the web server on the Linksys WVBRo-25. He was expecting to find a login page, but instead found a wall of text. It contained output of diagnostic scripts dealing with information about the bridge, including the WPS pin, connected clients, processes that were running, and more.

That means anyone who accesses the device can obtain sensitive information about it. Not only that but the device is able to accept commands as the “root” user.

Lawshae said, “It literally took 30 seconds of looking at this device to find and verify an unauthenticated remote root command injection vulnerability. It was at this point that I became pretty frustrated. The vendors involved here should have had some form of secure development to prevent bugs like this from shipping.”

If a hacker has root access, they can steal data or even turn the device into a botnet. Cybercriminals are not always trying to steal personal and banking information. Sometimes they are trying to create havoc.

Cybercriminals can use an army of internet of things (IoT) gadgets to disrupt services or shut down websites. This is called a distributed denial of services (DDoS) attack.

DDoS attacks occur when servers are overwhelmed with more traffic than they can handle. These types of attacks are performed by a botnet.

A botnet is a group of gadgets that hackers have taken over without the owner’s knowledge. The hackers seize control of unwitting gadgets with a virus or malware and then use the network of infected computers to perform large-scale hacks or scams.

How to resolve this issue

A spokesperson for Linksys told “Forbes” earlier this week that it had “provided the firmware fix to DirecTV and they are working to expedite software updates to the affected equipment.”

The good news is, once the software is pushed out, the flaw should be fixed. The bad news is, we don’t know how long it will take for DirecTV to send the updates.

As a DirecTV customer, you don’t need to do anything to receive the updates. As long as your satellite receiver is connected to the internet updates that are automatically installed behind the scenes.

Source: https://www.komando.com/happening-now/434022/if-you-have-satellite-tv-hackers-have-access-to-your-networ