Researchers are tracking a new variant of the Mirai malware after it launched a 54-hour long DDoS attack against a U.S. college.
Netgear on Friday released firmware updates for two of its router products lines, patching a hardcoded cryptographic key and an authentication bypass flaw that were reported six months ago.
Security is an evolutionary business rather than a revolutionary one.
“Computer security has been around for 25 or 30 years and the threats keep evolving,” Avast CEO Vince Steckler in a video interview with ValueTech.
The solutions keep evolving too. “If you go back 20 years ago, the big issue was script kiddies and big public splashes of viruses that frankly didn’t cause any harm. These days, things are much more complicated. You don’t have big flaws, big loopholes for bad guys to take advantage of. What this turned into is a cat and mouse game.”
Keeping up with the bad guys
To combat today’s cybercrooks, Avast Virus Lab analysts must study what the bad guys have done previously.
“You start trying to predict what the bad guys might be trying to take advantage of in the future and closing off those holes. At the same time, those guys are finding other little ways in and you have to catch up with them,” said Steckler.
Antivirus companies have done an excellent job at protecting the consumer and small business “endpoint” – such a good job that it’s actually very difficult to break into the endpoint itself. This forces cybercrooks to look for other entry points.
Avast experts agree that the likely path cybercrooks take is through the home router.
Home routers give cybercrooks an easy target
Consumer routers tend to be acquired based on price and they have a lot of flaws. Steckler estimates that, “We can break into probably about 70% of home routers in the world.”
The reason home routers are so vulnerable, he says, is that, “They are very poorly protected and the username-password on them is something that’s easy to crack. It’s not that difficult for someone to break in remotely over the Internet via the username and password or in a drive-by, in which case it’s even easier.” Most routers also have unpatched software leaving them with a number of vulnerabilities.
Recently the hacktivist group, Anonymous, launched a DDoS attack using compromised home routers so Steckler thinks that the frequency of those types of attacks will increase.
How to secure the Internet of Things,the Smart Home, and Industry 4.0
“The Internet of Things and 4.0 get a lot of press because they have nice catchy buzz words,” said Steckler. People have connected refrigerators, connected thermostats, door locks, security cameras, and baby cameras, but, “Right now a lot of internet-connected refrigerators don’t do anything. They are just a browsing tablet.”
“But when people start looking at what kind of protection is needed, you have to be thinking about what’s the risk. If my internet-connected refrigerator gets hacked, what happens? If my thermostat gets hacked, what happens?,” asked Steckler.
“The common thing with all of this is that none of these devices in the so-called Internet of Things really have any direct connection to the Internet. They are all connected, once again, through the home router,” said Steckler.
Since the home router is a vulnerable entry point that means that the risk for attack exists. “If you can harden your home router, that really goes a long way towards protecting the Internet of Things.”
The risk of BYOD
“The Enterprise is a much different story, when you get into the BYOD (Bring Your Own Device). We all have mobile devices, and for many reasons it’s much more convenient to use one mobile device for both your personal and your business,” said Steckler. “Some businesses encourage it by providing a device, but the fact of the matter is most everyone is going to be using one mobile device for both.”
That co-existence of personal and business-related data on one device that the employee is responsible for causes a risk to the consumer and the business. To the business it means that their data can be lost if access to the internal systems is compromised. If the employee loses the device, the typical company response will be to remotely wipe everything on it including all their personal stuff – then they suffer a big data loss.
“A solution is really to virtualize the entire corporate usage of it and run all the corporate usage on the corporate servers,” said Steckler. “That’s why we’ve brought out a new solution this year that does exactly that.”
Avast Virtual Mobile Platform (VMP) addresses these security risks, helping IT organizations liberate their businesses from leaks of confidential data and minimize mobile device costs.
Watch the entire interview including Mr. Steckler’s opinion about when Artificial Intelligence will become a threat to humanity and why Avast built a Silicon Valley-style building for its headquarters.
Private keys used to sign D-Link software were included in open-source firmware published by the company.
Networked devices behind a firewall are at risk to attack because of poor authentication in the UPnP protocol in most home routers.
DSL routers from a number of manufacturers contain hard-coded credentials that could allow a hacker to access the devices via telnet services and remotely control them.
Your router is one of the weakest links in your security, and researchers have proven once more that your home router puts you at risk.
Sixty security flaws have been identified in 22 router models that are distributed around the world, mostly by ISPs to their customers. These flaws could allow hackers to break into the device, change the password, and install and execute malicious scripts that change DNS servers to those the attacker wants. They do this so they can send your traffic through servers they control and direct you unwittingly to malicious sites or load malicious code on your machine when you visit a legitimate site.
Other flaws include allowing the hackers to read and write information on USB storage devices attached to the affected routers and reboot the devices.
The research report describes how the attackers can get in – through a backdoor with a universal password that is used by the ISP’s technical support staff to help troubleshoot for their customers over the phone. This second default administrator access is hidden from the router owner.
Which routers did the researchers test?
The researchers tested the following models: Amper Xavi 7968, 7968+ and ASL-26555; Astoria ARV7510; Belkin F5D7632-4; cLinksys WRT54GL; Comtrend WAP-5813n, CT-5365, AR-5387un and 536+; D-Link DSL-2750B and DIR-600; Huawei HG553 and HG556a; ; Netgear CG3100D; Observa Telecom AW4062, RTA01N, Home Station BHS-RTA and VH4032N; Sagem LiveBox Pro 2 SP and Fast 1201 and Zyxel P 660HW-B1A.
Since the researchers are based in Madrid, their interest was mainly in Spanish ISPs and the routers they distribute, but routers like Linksys, D-Link and Belkin are distributed in the U.S. and other countries.
What can you do to protect yourself?
Avast has a feature built into our antivirus products called Home Network Security (HNS), which scans for misconfigured Wi-Fi networks, exposes weak or default Wi-Fi passwords, vulnerable routers, compromised Internet connections, and enabled, but not protected, IPv6. It also lists all devices on the network so you can make sure only your known devices are connected. Avast is the only security company to offer a tool to help you secure this neglected area.
How to scan your home router with Home Network Security scanner
Open the Avast user interface, click Scan from the menu on the left, then choose Scan for network threats. Avast will take a look at your router and report back any issues. In most cases, if there is an issue to be addressed, then it will direct you to your router manufacturer’s website.
A class-action suit has been filed against Comcast for using customer routers as public Wi-Fi hotspots. Can attackers exploit router bugs to jump from public to private networks?
The “Bash Bug” or “Shellshock” vulnerability means a wide range of devices, servers and computers, including Mac OS X, will need to be patched to prevent abuse by malicious persons. Here’s advice about what to do and links to more in-depth resources.
The post What to do about Shellshock bash bug on Mac OS X, web servers, routers, and more appeared first on We Live Security.