Login
Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.
Image: Shutterstock.com
Versa Director systems are primarily used by Internet service providers (ISPs), as well as managed service providers (MSPs) that cater to the IT needs of many small to mid-sized businesses simultaneously. In a security advisory published Aug. 26, Versa urged customers to deploy a patch for the vulnerability (CVE-2024-39717), which the company said is fixed in Versa Director 22.1.4 or later.
Versa said the weakness allows attackers to upload a file of their choosing to vulnerable systems. The advisory placed much of the blame on Versa customers who “failed to implement system hardening and firewall guidelines…leaving a management port exposed on the internet that provided the threat actors with initial access.”
Versa’s advisory doesn’t say how it learned of the zero-day flaw, but its vulnerability listing at mitre.org acknowledges “there are reports of others based on backbone telemetry observations of a 3rd party provider, however these are unconfirmed to date.”
Those third-party reports came in late June 2024 from Michael Horka, senior lead information security engineer at Black Lotus Labs, the security research arm of Lumen Technologies, which operates one of the global Internet’s largest backbones.
In an interview with KrebsOnSecurity, Horka said Black Lotus Labs identified a web-based backdoor on Versa Director systems belonging to four U.S. victims and one non-U.S. victim in the ISP and MSP sectors, with the earliest known exploit activity occurring at a U.S. ISP on June 12, 2024.
“This makes Versa Director a lucrative target for advanced persistent threat (APT) actors who would want to view or control network infrastructure at scale, or pivot into additional (or downstream) networks of interest,” Horka wrote in a blog post published today.
Black Lotus Labs said it assessed with “medium” confidence that Volt Typhoon was responsible for the compromises, noting the intrusions bear the hallmarks of the Chinese state-sponsored espionage group — including zero-day attacks targeting IT infrastructure providers, and Java-based backdoors that run in memory only.
In May 2023, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Cybersecurity Infrastructure Security Agency (CISA) issued a joint warning (PDF) about Volt Typhoon, also known as “Bronze Silhouette” and “Insidious Taurus,” which described how the group uses small office/home office (SOHO) network devices to hide their activity.
In early December 2023, Black Lotus Labs published its findings on “KV-botnet,” thousands of compromised SOHO routers that were chained together to form a covert data transfer network supporting various Chinese state-sponsored hacking groups, including Volt Typhoon.
In January 2024, the U.S. Department of Justice disclosed the FBI had executed a court-authorized takedown of the KV-botnet shortly before Black Lotus Labs released its December report.
In February 2024, CISA again joined the FBI and NSA in warning Volt Typhoon had compromised the IT environments of multiple critical infrastructure organizations — primarily in communications, energy, transportation systems, and water and wastewater sectors — in the continental and non-continental United States and its territories, including Guam.
“Volt Typhoon’s choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the U.S. authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT [operational technology] assets to disrupt functions,” that alert warned.
In a speech at Vanderbilt University in April, FBI Director Christopher Wray said China is developing the “ability to physically wreak havoc on our critical infrastructure at a time of its choosing,” and that China’s plan is to “land blows against civilian infrastructure to try to induce panic.”
Ryan English, an information security engineer at Lumen, said it’s disappointing his employer didn’t at least garner an honorable mention in Versa’s security advisory. But he said he’s glad there are now a lot fewer Versa systems exposed to this attack.
“Lumen has for the last nine weeks been very intimate with their leadership with the goal in mind of helping them mitigate this,” English said. “We’ve given them everything we could along the way, so it kind of sucks being referenced just as a third party.”
Article tags
We all love free stuff. (Costco samples, anyone?) However, when it comes to your family’s security, do free online protection tools offer the coverage you truly need?
Not always. In fact, they might invade the privacy you’re trying to protect.
Here’s why.
Free tools don’t offer the level of advanced protection that life on today’s internet needs. For starters, you’ll want malware and antivirus protection that’s as sophisticated as the threats they shut down. Ours includes AI technology and has for years now, which helps it shut down even the latest strains of malware as they hit the internet for the first time. We’re seeing plenty of that, as hackers have also turned to AI tools to code their malicious software.
Malware and antivirus protection protects your devices. Yet a comprehensive approach protects something else. You and your family.
Comprehensive online protection looks after your family’s privacy and identity. That keeps you safe from prying eyes and things like fraud and identity theft. Today’s comprehensive protection offers more features than ever, and far more than you’ll find in a free, and so incomplete, offering.
Consider this short list of what comprehensive online protection like ours offers you and your family:
Scam Protection
Is that email, text, or message packing a scam link? Our scam protection lets you know before you click that link. It uses AI to sniff out bad links. And if you click or tap on one, no worries. It blocks links to malicious sites.
Web Protection
Like scam protection, our web protection sniffs out sketchy links while you browse. So say you stumble across a great-looking offer in a bed of search results. If it’s a link to a scam site, you’ll spot it. Also like scam protection, it blocks the site if you accidentally hit the link.
Transaction Monitoring
This helps you nip fraud in the bud. Based on the settings you provide, transaction monitoring keeps an eye out for unusual activity on your credit and debit cards. That same monitoring can extend to retirement, investment, and loan accounts as well. It can further notify you if someone tries to change the contact info on your bank accounts or take out a short-term loan in your name.
Credit Monitoring
This is an important thing to do in today’s password- and digital-driven world. Credit monitoring uncovers any inconsistencies or outright instances of fraud in your credit reports. Then it helps put you on the path to setting them straight. It further keeps an eye on your reports overall by providing you with notifications if anything changes in your history or score.
Social Privacy Manager
Our social privacy manager puts you in control of who sees what on social media. With it, you can secure your profiles the way you want. It helps you adjust more than 100 privacy settings across your social media accounts in just a few clicks. It offers recommendations as you go and makes sure your personal info is only visible to the people you want. You can even limit some of the ways that social media sites are allowed to use your data for greater peace of mind.
Personal Data Cleanup
This provides you with another powerful tool for protecting your privacy. Personal Data Cleanup removes your personal info from some of the sketchiest data broker sites out there. And they’ll sell those lines and lines of info about you to anyone. Hackers and spammers included. Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info. From there, it provides guidance for removing your data from those sites. Further, when part of our McAfee+ Advanced and Ultimate, it sends requests to remove your data automatically.
Password Manager
Scammers love weak or reused passwords. Even more so when they’re weak and reused. It offers them an easy avenue to force their way into people’s accounts. Our password manager creates and securely stores strong, unique passwords for you. That saves you the hassle of creating strong, unique passwords for your dozens and dozens of accounts. And helps protect you from fraud.
Identity Theft Coverage & Restoration
This provides you with extra assurance while you shop. Say the unfortunate happens to you and find yourself a victim of identity theft. Our coverage and restoration plan provides up to $2 million in lawyer fees and reimbursement for lawyer fees and stolen funds. Further, a licensed expert can help you repair your identity and credit. In all, this saves you money and your time if theft happens to you.
Say your online protection leaves gaps in your family’s safety, or that it uses less-effective methods and technologies. That exposes you to threats — threats can cost you time and money alike if one of those threats gets through.
One example, consider the online crimes reported to the U.S. Federal Trade Commission. In 2023, they fielded 5.4 million fraud reports. Of them, 2.6 million reported a loss for a total of $10 billion. The median loss was $500 across all reports. Of course, that’s only the median dollar amount. That number can climb much higher in individual cases.
Source: U.S. Federal Trade Commission
Without question, protection is prevention, which can spare you some significant financial losses. Not to mention the time and stress of restoring your credit and identity — and getting your money back.
A “free” solution has to make its money somehow.
Free security solutions sometimes carry in-app advertising. More importantly, they might try to gather your user data to target ads or share it with others to make a profit. Also by advertising for premium products, the vendor indirectly admits that a free solution doesn’t provide enough security.
Further, these tools also offer little to no customer support, leaving users to handle any technical difficulties on their own. What’s more, most free security solutions are meant for use on only one device, whereas the average person owns several connected devices. And that’s certainly the case for many families.
Lastly, free solutions often limit a person’s online activity too. Many impose limits on which browser or email program the user can leverage, which can be inconvenient as many already have a preferred browser or email platform.
Free security products might provide the basics, but a comprehensive solution can protect you from a host of other risks — ones that could get in the way of enjoying your time online.
With comprehensive online protection in place, your family’s devices get protection from the latest threats in the ever-evolving security landscape. It keeps your devices safe. And it keeps you safe. With that, we hope you’ll give us a close look when you decide to upgrade to comprehensive protection.
The post Why Should I Pay for Online Protection? appeared first on McAfee Blog.
Article tags
Fitness trackers worn on the wrist, glucose monitors that test blood sugar without a prick, and connected toothbrushes that let you know when you’ve missed a spot—welcome to internet-connected healthcare. It’s a new realm of care with breakthroughs big and small. Some you’ll find in your home, some you’ll find inside your doctor’s office, yet all of them are connected. Which means they all need to be protected. After all, they’re not tracking any old data. They’re tracking our health data, one of the most precious things we own.
Internet-connected healthcare, also known as connected medicine, is a broad topic. On the consumer side, it covers everything from smart watches that track health data to wireless blood pressure monitors that you can use at home. On the practitioner side, it accounts for technologies ranging from electronic patient records, network-enabled diagnostic devices, remote patient monitoring in the form of wearable devices, apps for therapy, and even small cameras that can be swallowed in the form of a pill to get a view of a patient’s digestive system.
Additionally, it also includes telemedicine visits, where you can get a medical issue diagnosed and treated remotely via your smartphone or computer by way of a video conference or a healthcare provider’s portal—which you can read about more in one of my blogs. In all, big digital changes are taking place in healthcare—a transformation that’s rapidly taking shape to the tune of a global market expected to top USD 534.3 billion by 2025.
Advances in digital healthcare have come more slowly compared to other aspects of our lives, such as consumer devices like phones and tablets. Security is a top reason why. Not only must a healthcare device go through a rigorous design and approval process to ensure it’s safe, sound, and effective, but it’s also held to similar rigorous degrees of regulation when it comes to medical data privacy. For example, in the U.S., we have the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which sets privacy and security standards for certain health information.
Taken together, this requires additional development time for any connected medical device or solution, in addition to the time it takes to develop one with the proper efficacy. Healthcare device manufacturers cannot simply move as quickly as, say, a smartphone manufacturer can. And rightfully so.
However, for this blog, we’ll focus on the home and personal side of the equation, with devices like fitness trackers, glucose monitors, smartwatches, and wearable devices in general—connected healthcare devices that more and more of us are purchasing on our own. To be clear, while these devices may not always be categorized as healthcare devices in the strictest (and regulatory) sense, they are gathering your health data, which you should absolutely protect. Here are some straightforward steps you can take:
1) First up, protect your phone
Many medical IoT devices use a smartphone as an interface, and as a means of gathering, storing, and sharing health data. So whether you’re an Android owner or iOS owner, get security software installed on your phone so you can protect all the things it accesses and controls. Additionally, installing it will protect you and your phone in general as well.
2) Set strong, unique passwords for your medical IoT devices
Some IoT devices have found themselves open to attack because they come with a default username and password—which are often published on the internet. When you purchase any IoT device, set a fresh password using a strong method of password creation. And keep those passwords safe. Instead of keeping them in a notebook or on sticky notes, consider using a password manager.
3) Use two-factor authentication
You’ve probably come across two-factor authentication while banking, shopping, or logging into any other number of accounts. Using a combination of your username, password, and a security code sent to another device you own (typically a mobile phone) makes it tougher for hackers to crack your device. If your IoT device supports two-factor authentication, use it for extra security.
4) Update your devices regularly
This is vital. Make sure you have the latest updates so that you get the latest functionality from your device. Equally important is that updates often contain security upgrades. If you can set your device to receive automatic updates, do so.
5) Secure your internet router
Your medical IoT device will invariably use your home Wi-Fi network to connect to the internet, just like your other devices. All the data that travels on there is personal and private, and that goes double for any health data that passes along it. Make sure you use a strong and unique password. Also, change the name of your router so it doesn’t give away your address or identity. One more step is to check that your router is using an encryption method, like WPA2, which will keep your signal secure. You may also want to consider investing in an advanced internet router that has built-in protection, which can secure and monitor any device that connects to your network.
6) Use a VPN and a comprehensive security solution
Similar to the above, another way you can further protect the health data you send over the internet is to use a virtual private network, or VPN. A VPN uses an encrypted connection to send and receive data, which shields it from prying eyes. A hacker attempting to eavesdrop on your session will effectively see a mishmash of garbage data, which helps keep your health data secure.
7) When purchasing, do your research
Read up on reviews and comments about the devices you’re interested in, along with news articles about their manufacturers. See what their track record is on security, such as if they’ve exposed data or otherwise left their users open to attack.
Bottom line, when we speak of connected healthcare, we’re ultimately speaking about one of the most personal things you own: your health data. That’s what’s being collected. And that’s what’s being transmitted by your home network. Take these extra measures to protect your devices, data, and yourself as you enjoy the benefits of the connected care you bring into your life and home.
The post How to Protect Your Internet-Connected Healthcare Devices appeared first on McAfee Blog.
ST Smart Things Sentinel is an advanced security tool engineered specifically to scrutinize and detect threats within the intricate protocols utilized by IoT (Internet of Things) devices. In the ever-expanding landscape of connected devices, ST Smart Things Sentinel emerges as a vigilant guardian, specializing in protocol-level threat detection. This tool empowers users to proactively identify and neutralize potential security risks, ensuring the integrity and security of IoT ecosystems.
~ Hilali Abdel
USAGE
python st_tool.py [-h] [-s] [--add ADD] [--scan SCAN] [--id ID] [--search SEARCH] [--bug BUG] [--firmware FIRMWARE] [--type TYPE] [--detect] [--tty] [--uart UART] [--fz FZ]
[Add new Device]
python3 smartthings.py -a 192.168.1.1
python3 smarthings.py -s --type TPLINK
python3 smartthings.py -s --firmware TP-Link Archer C7v2
Search for CVE and Poc [ firmware and device type]
Scan device for open upnp ports
python3 smartthings.py -s --scan upnp --id
get data from mqtt 'subscribe'
python3 smartthings.py -s --scan mqtt --id
As of the writing of this article, the height of the pandemic seems like a distant but still vivid dream. Sanitizing packages, sparse grocery shelves, and video conferencing happy hours are things of the past for the majority of the population. Thank goodness.
A “new normal” society is adapting to today’s working culture. The work landscape changed significantly since 2020, and it might never return to what it once was. In 2022, workers spent an average 3.5 days in the office per week, which is 30% below the prepandemic in-office average.1
The work-from-home movement is likely here to stay, to the joy of employees seeking a better work-life balance and flexibility; however, some responsibility does fall upon people like you to secure home offices to protect sensitive company information.
To make sure you’re not the weak cyber link in your company’s security, make sure to follow these three tips for a secure home office.
When you’re not physically in front of your work computer, best practices dictate that you lock the screen or put your device to sleep. No matter how much you trust your family, roommates, or the trustworthy-looking person seated next to you at a café, your company device houses all kinds of corporate secrets. A stray glance from the wrong person could put that information’s secrecy in jeopardy. Plus, imagine your cat walking across your keyboard or a toddler mashing your mouse, deleting hours’ worth of work. Disastrous.
Then, when you’re done with work for the day, stow your device in a secure location, preferably a drawer with a lock. Even if your work computer is 10 times faster and sleeker than your personal laptop, keep each device in its designated sphere in your life: work devices only for work, personal devices only for personal activities.
Wi-Fi networks that are not password protected invite anyone off the street to surf on your network and eavesdrop on your online activities. A stranger sneaking on to your home Wi-Fi could be dangerous to your workplace. There would be very little stopping a stranger from spying on your connected work devices and spreading confidential information onto the dark web or leaking company secrets to the media.
There are a few steps you can take to secure your home office’s internet connection. First, make sure to change the default name and password of your router. Follow password best practices to create a strong first defense. For your router name, choose an obscure inside joke or a random pairing of nouns and adjectives. It’s best to omit your address and your real name as the name of your router, because that could alert a cybercriminal that that network belongs to you. Better yet, you can hide your router completely from strangers and only make it searchable to people who know the exact name of your network.
For an additional layer of protection, connect to a virtual private network (VPN). Your company may offer a corporate VPN. If not, signing up for your own VPN is easy. A VPN encrypts the traffic coming in and going out of your devices making it nearly impossible for a cybercriminal to burst into your online session and see what’s on your screen.
The scenarios outlined in your company’s security training may seem far-fetched, but the concepts of those boring corporate videos actually happen! For example, the huge Colonial Pipeline breach in 2021 originated from one employee who didn’t secure the company’s VPN with multifactor authentication (MFA).2 Cutting small corners like disabling MFA – which is such a basic and easy-to-use security measure – can have dire consequences.
Pay attention to your security training and make sure to follow all company cybersecurity rules and use security tools as your IT team intends. For example, if your company requires that everyone use a password manager, a corporate VPN, and multi-factor authentication, do so! And use them correctly every workday!
These tips are essential to a secure home office, but they’re also applicable to when you’re off the clock. Password- or passcode-protecting your personal laptop, smartphone, and tablet keeps prying eyes out of your devices, which actually hold more personally identifiable information (PII) than you may think. Password managers, a secure router, VPNs, and safe browsing habits will go a long way toward maintaining your online privacy.
To fill in the cracks to better protect your home devices and your PII, partner with McAfee+. McAfee+ includes a VPN, safe browsing tool, identity monitoring and remediation services, a password manager, and more for a more secure digital life.
In one global survey, 68% of people prefer hybrid work models, and nearly three-quarters of companies allow employees to work from home some of the time.3,4 The flexibility afforded by hybrid work and 100% work-from-home policies is amazing. Cutting out the time and cost of commuting five days a week is another bonus. Let’s make at-home work a lasting and secure way of professional life!
1McKinsey Global Institute, “How hybrid work has changed the way people work, live, and shop”
2The Hacker News, “Hackers Breached Colonial Pipeline Using Compromised VPN Password”
3World Economic Forum, “Hybrid working: Why there’s a widening gap between leaders and employees”
4International Foundation of Employee Benefit Plans, “Employee Benefits Survey: 2022 Results”
The post The Future of Work: How Technology & the WFH Landscape Are Making an Impact appeared first on McAfee Blog.
People who use devices like smart cameras and Wi-Fi-enabled baby monitors should strongly consider taking the following steps to protect their devices:
1. Update your devices. Manufacturers often advise consumers to update their software to the latest version and enable further security features. Updating your devices regularly increases the chances that you’ll receive security improvements soon after they become available.
2. Do not connect to your smart cameras, baby monitors, and other devices through public Wi-Fi. Accessing these devices via a smartphone app from an unprotected network can compromise the security of your devices. Use a VPN or a secure cellular data connection instead.
3. Use strong, unique passwords. Every device of yours should have one, along with a unique username to go along with it. In some cases, connected devices ship with default usernames and passwords, making them that much easier to hack.
With those immediate steps in place, this security advisory offers you a chance to take a fresh look at your network and device security overall. With these straightforward steps in place, you’ll be more protected against such events in the future—not to mention more secure in general.
Our banks, many of the online shopping sites we use, and numerous other accounts use two-factor authentication to help validate that we’re who we say we are when logging in. In short, a username and password combo is an example of one-factor authentication. The second factor in the mix is something you, and only you, own or control, like your mobile phone. Thus, when you log in and get a prompt to enter a security code that’s sent to your mobile phone, you’re taking advantage of two-factor authentication. If your IoT device supports two-factor authentication as part of the login procedure, put it to use and get that extra layer of security.
Your router acts as the internet’s gateway into your home. From there, it works as a hub that connects all your devices—computers, tablets, and phones, along with your IoT devices as well. That means it’s vital to keep your router secure. A quick word about routers: you typically access them via a browser window and a specific address that’s usually printed somewhere on your router. Whether you’re renting your router through your internet provider or have purchased one, the internet provider’s “how to” guide or router documentation can step you through this process.
The first thing to do is change the default password of your router if you haven’t done so already. Again, use a strong method of password creation. Also, change the name of your router. When you choose a new one, go with name that doesn’t give away your address or identity. Something unique and even fun like “Pizza Lovers” or “The Internet Warehouse” are options that mask your identity and are memorable for you too. While you’re making that change, you can also check that your router is using an encryption method, like WPA2, which helps secure communications to and from your router. If you’re unsure what to do, reach out to your internet provider or router manufacturer.
Just as you can offer your human guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices, like computers and smartphones, along with the data and info that you have stored on them. You may also want to consider investing in an advanced internet router that has built-in protection and can secure and monitor any device that connects to your network.
We mentioned this above, yet it’s so important that it calls for a second mention: make sure you have the latest software updates for your IoT devices. That will make sure you’re getting the latest functionality from your device, and updates often contain security upgrades. If there’s a setting that lets you receive automatic updates, enable it so that you always have the latest.
You’ve probably seen that you can control a lot of your connected things with your smartphone. We’re using them to set the temperature, turn our lights on and off, and even see who’s at the front door. With that, it seems like we can add the label “universal remote control” to our smartphones—so protecting our phones has become yet more important. Whether you’re an Android or iOS device user, get security software installed on your phone so you can protect all the things it accesses and controls—in addition to you and the phone as well.
Using a strong suite of security software like McAfee+ Advanced, can help defend your entire family from the latest threats and malware, make it safer to browse, and look out for your privacy too.
The post How to Protect Your Smart Cameras and Wi-Fi Baby Monitors appeared first on McAfee Blog.
Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort, which rents hacked residential and small business devices to cybercriminals looking to hide their true location online.
Image: Lumen’s Black Lotus Labs.
In a report released July 12, researchers at Lumen’s Black Lotus Labs called the AVrecon botnet “one of the largest botnets targeting small-office/home-office (SOHO) routers seen in recent history,” and a crime machine that has largely evaded public attention since first being spotted in mid-2021.
“The malware has been used to create residential proxy services to shroud malicious activity such as password spraying, web-traffic proxying and ad fraud,” the Lumen researchers wrote.
Malware-based anonymity networks are a major source of unwanted and malicious web traffic directed at online retailers, Internet service providers (ISPs), social networks, email providers and financial institutions. And a great many of these “proxy” networks are marketed primarily to cybercriminals seeking to anonymize their traffic by routing it through an infected PC, router or mobile device.
Proxy services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they make it difficult to trace malicious traffic to its original source. Proxy services also let users appear to be getting online from nearly anywhere in the world, which is useful if you’re a cybercriminal who is trying to impersonate someone from a specific place.
Spur.us, a startup that tracks proxy services, told KrebsOnSecurity that the Internet addresses Lumen tagged as the AVrecon botnet’s “Command and Control” (C2) servers all tie back to a long-running proxy service called SocksEscort.
SocksEscort[.]com, is what’s known as a “SOCKS Proxy” service. The SOCKS (or SOCKS5) protocol allows Internet users to channel their Web traffic through a proxy server, which then passes the information on to the intended destination. From a website’s perspective, the traffic of the proxy network customer appears to originate from a rented/malware-infected PC tied to a residential ISP customer, not from the proxy service customer.
The SocksEscort home page says its services are perfect for people involved in automated online activity that often results in IP addresses getting blocked or banned, such as Craigslist and dating scams, search engine results manipulation, and online surveys.
Spur tracks SocksEscort as a malware-based proxy offering, which means the machines doing the proxying of traffic for SocksEscort customers have been infected with malicious software that turns them into a traffic relay. Usually, these users have no idea their systems are compromised.
Spur says the SocksEscort proxy service requires customers to install a Windows based application in order to access a pool of more than 10,000 hacked devices worldwide.
“We created a fingerprint to identify the call-back infrastructure for SocksEscort proxies,” Spur co-founder Riley Kilmer said. “Looking at network telemetry, we were able to confirm that we saw victims talking back to it on various ports.”
According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.
“When Lumen released their report and IOCs [indicators of compromise], we queried our system for which proxy service call-back infrastructure overlapped with their IOCs,” Kilmer continued. “The second stage C2s they identified were the same as the IPs we labeled for SocksEscort.”
Lumen’s research team said the purpose of AVrecon appears to be stealing bandwidth – without impacting end-users – in order to create a residential proxy service to help launder malicious activity and avoid attracting the same level of attention from Tor-hidden services or commercially available VPN services.
“This class of cybercrime activity threat may evade detection because it is less likely than a crypto-miner to be noticed by the owner, and it is unlikely to warrant the volume of abuse complaints that internet-wide brute-forcing and DDoS-based botnets typically draw,” Lumen’s Black Lotus researchers wrote.
Preserving bandwidth for both customers and victims was a primary concern for SocksEscort in July 2022, when 911S5 — at the time the world’s largest known malware proxy network — got hacked and imploded just days after being exposed in a story here. Kilmer said after 911’s demise, SocksEscort closed its registration for several months to prevent an influx of new users from swamping the service.
Danny Adamitis, principal information security researcher at Lumen and co-author of the report on AVrecon, confirmed Kilmer’s findings, saying the C2 data matched up with what Spur was seeing for SocksEscort dating back to September 2022.
Adamitis said that on July 13 — the day after Lumen published research on AVrecon and started blocking any traffic to the malware’s control servers — the people responsible for maintaining the botnet reacted quickly to transition infected systems over to a new command and control infrastructure.
“They were clearly reacting and trying to maintain control over components of the botnet,” Adamitis said. “Probably, they wanted to keep that revenue stream going.”
Frustratingly, Lumen was not able to determine how the SOHO devices were being infected with AVrecon. Some possible avenues of infection include exploiting weak or default administrative credentials on routers, and outdated, insecure firmware that has known, exploitable security vulnerabilities.
KrebsOnSecurity briefly visited SocksEscort last year and promised a follow-up on the history and possible identity of its proprietors. A review of the earliest posts about this service on Russian cybercrime forums suggests the 12-year-old malware proxy network is tied to a Moldovan company that also offers VPN software on the Apple Store and elsewhere.
SocksEscort began in 2009 as “super-socks[.]com,” a Russian-language service that sold access to thousands of compromised PCs that could be used to proxy traffic. Someone who picked the nicknames “SSC” and “super-socks” and email address “michvatt@gmail.com” registered on multiple cybercrime forums and began promoting the proxy service.
According to DomainTools.com, the apparently related email address “michdomain@gmail.com” was used to register SocksEscort[.]com, super-socks[.]com, and a few other proxy-related domains, including ip-score[.]com, segate[.]org seproxysoft[.]com, and vipssc[.]us. Cached versions of both super-socks[.]com and vipssc[.]us show these sites sold the same proxy service, and both displayed the letters “SSC” prominently at the top of their homepages.
Image: Archive.org. Page translation from Russian via Google Translate.
According to cyber intelligence firm Intel 471, the very first “SSC” identity registered on the cybercrime forums happened in 2009 at the Russian language hacker community Antichat, where SSC asked fellow forum members for help in testing the security of a website they claimed was theirs: myiptest[.]com, which promised to tell visitors whether their proxy address was included on any security or anti-spam block lists.
Myiptest[.]com is no longer responding, but a cached copy of it from Archive.org shows that for about four years it included in its HTML source a Google Analytics code of US-2665744, which was also present on more than a dozen other websites.
Most of the sites that once bore that Google tracking code are no longer online, but nearly all of them centered around services that were similar to myiptest[.]com, such as abuseipdb[.]com, bestiptest[.]com, checkdnslbl[.]com, dnsbltools[.]com and dnsblmonitor[.]com.
Each of these services were designed to help visitors quickly determine whether the Internet address they were visiting the site from was listed by any security firms as spammy, malicious or phishous. In other words, these services were designed so that proxy service users could easily tell if their rented Internet address was still safe to use for online fraud.
Another domain with the Google Analytics code US-2665744 was sscompany[.]net. An archived copy of the site says SSC stands for “Server Support Company,” which advertised outsourced solutions for technical support and server administration.
Leaked copies of the hacked Antichat forum indicate the SSC identity registered on the forum using the IP address 71.229.207.214. That same IP was used to register the nickname “Deem3n®,” a prolific poster on Antichat between 2005 and 2009 who served as a moderator on the forum.
There was a Deem3n® user on the webmaster forum Searchengines.guru whose signature in their posts says they run a popular community catering to programmers in Moldova called sysadmin[.]md, and that they were a systems administrator for sscompany[.]net.
That same Google Analytics code is also now present on the homepages of wiremo[.]co and a VPN provider called HideIPVPN[.]com.
Wiremo sells software and services to help website owners better manage their customer reviews. Wiremo’s Contact Us page lists a “Server Management LLC” in Wilmington, DE as the parent company. Server Management LLC is currently listed in Apple’s App Store as the owner of a “free” VPN app called HideIPVPN.
“The best way to secure the transmissions of your mobile device is VPN,” reads HideIPVPN’s description on the Apple Store. “Now, we provide you with an even easier way to connect to our VPN servers. We will hide your IP address, encrypt all your traffic, secure all your sensitive information (passwords, mail credit card details, etc.) form [sic] hackers on public networks.”
When asked about the company’s apparent connection to SocksEscort, Wiremo responded, “We do not control this domain and no one from our team is connected to this domain.” Wiremo did not respond when presented with the findings in this report.
It’s only a smart lightbulb. Why would anyone want to hack that?
Great question. Because it gets to the heart of security matters for your IoT smart home devices.
Internet of Things (IoT) devices have certainly made themselves at home in recent years. Once a novelty, they’ve become far more commonplace. The numbers bear that out. Recent research indicates that the average U.S. household has 20.2 connected devices. Europe has 17.4 on average, while Japan trails at 10.3.
Of course, those figures largely account for computers, tablets, phones, and internet-connected smart TVs. Yet the study uncovered a sizable jump in the presence of other smart devices.
Comparing 2022 to 2021, smart homes worldwide had:
Consider that connected devices in the home rose just 10% globally during the same timeframe. It’s clear that IoT smart home device ownership is on the upswing. Yet has security kept up with all that growth?
That security question brings us back to the lightbulb.
An adage in security is this: if a device gets connected, it gets protected. And that protection has to be strong because a network is only as secure as its weakest link. Unfortunately, many IoT devices are indeed the weakest security links on home networks.
Some recent research sheds light on what’s at stake. Cybersecurity teams at the Florida Institute of Technology found that companion apps for several big brand smart devices had security flaws. Of the 20 apps linked to connected doorbells, locks, security systems, televisions, and cameras they studied, 16 had “critical cryptographic flaws” that might allow attackers to intercept and modify their traffic. These flaws might lead to the theft of login credentials and spying, the compromise of the connected device, or the compromise of other devices and data on the network.
Over the years, our research teams at McAfee Labs have uncovered similar security vulnerabilities in other IoT devices like smart coffee makers and smart wall plugs.
Vulnerabilities such as these have the potential to compromise other devices on the network.
Let’s imagine a smart lightbulb with poor security measures. As part of your home network, a motivated hacker might target it, compromise it, and gain access to the other devices on your network. In that way, a lightbulb might lead to your laptop—and all the files and data on it.
So yes, someone might be quite interested in hacking your lightbulb.
One Friday morning in 2016, great swathes of the American internet ground to a halt.
Major websites and services became unresponsive as internet directory services got flooded with millions and millions of malicious requests. As such, millions and millions of people were affected, along with public agencies and private businesses alike. Behind it, a botnet. An internet drone army of compromised IOT devices like digital video recorders and webcams.
Known as the Mirai botnet, its initial purpose was to target Minecraft game servers. Essentially to “grief” innocent players. Yet it later found its way into other hands. From there, it became among the first high-profile botnet attacks on the internet.
Botnet attacks can be small and targeted, such as when bad actors want to target a certain business (or game servers). And they can get as large as Mirai did. Regardless of size, these attacks rely on compromised devices. Consumer IoT devices often get targeted for such purposes for the same reasons listed above. They can lack strong security features out of the box, making them easy to enlist in a botnet.
In all, the threat of botnets makes another strong case for securing your devices.
To put a fine point on it, security in your smart home is an absolute must. And you can make your smart home far more secure with a few steps.
Many smart home devices use a smartphone as a sort of remote control, and to gather, store, and share data. So whether you’re an Android owner or an iOS owner, protect your smartphone so you can protect the things it accesses and controls—and the data stored on it too.
One issue with many IoT devices is that they often come with a default username and password. This could mean that your device and thousands of others just like it share the same credentials. That makes it easy for a hacker to access to them because those default usernames and passwords are often published online.
When you purchase any IoT device, set a fresh password using a strong method of password creation. Likewise, create an entirely new username for additional protection as well.
Banks and other online services commonly offer multi-factor authentication to help protect your accounts. In addition to using a username and password for login, it sends a security code to another device you own (often a mobile phone). It throws a big barrier in the way of hackers who try to force their way into your device with a password/username combination. If your IoT devices support multi-factor authentication, consider using it with them too.
Another device that needs good password protection is your internet router. Make sure you use a strong and unique password as well to help prevent hackers from breaking into your home network. Also consider changing the name of your home network so that it doesn’t personally identify you.
Fun alternatives to using your name or address include everything from movie lines like “May the Wi-Fi be with you” to old sitcom references like “Central Perk.” Also check that your router is using an encryption method, like WPA2 or the newer WPA3, which will keep your signal secure.
Older routers might have outdated security measures, which might make them more prone to attacks. If you’re renting yours from your internet provider, contact them for an upgrade. If you’re using your own, visit a reputable news or review site such as Consumer Reports for a list of the best routers that combine speed, capacity, and security.
In addition to fixing the odd bug or adding the occasional new feature, updates often fix security gaps. Out-of-date apps and devices might have flaws that hackers can exploit, so update regularly. If you can set your smart home apps and devices to receive automatic updates, select that option so that you’ll always have the latest.
Just as you can offer your guests secure access that’s separate from your own devices, you can create an additional network on your router that keeps your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices on your primary network that hosts your computers and smartphones.
You can take another strong security step before you even bring that new smart device home. Research.
Unfortunately, there are few consumer standards for smart devices. That’s unlike other household appliances. They must comply with government regulations, industry standards, and consumer-friendly standards like Energy Star ratings. So, some of the research burden falls on the buyer when it comes to purchasing the most secure devices.
Here are a few steps that can help:
A positive or high customer rating for a smart device is a good place to start, yet purchasing a safer device takes more than that. Impartial third-party reviewers like Consumer Reports will offer thorough reviews of smart devices and their security, as part of a paid subscription.
Likewise, look for other resources that account for device and data security in their writeups, such as the “Privacy Not Included” website. Run by a nonprofit organization, it reviews a wealth of apps and smart devices based on the strength of their security and privacy measures.
Whether you’re looking at a device made by a well-known company or one you haven’t heard of before, a web search can show you if they’ve had any reported privacy or security issues in the past. And just because you might be looking at a popular brand name doesn’t mean that you’ll make yourself more private or secure by choosing them. Companies of all sizes and years of operation have encountered problems with their smart home devices.
What you should look for, though, is how quickly the company addresses any issues and if they consistently have problems with them. Again, you can turn to third-party reviewers or reputable news sources for information that can help shape your decision.
Some smart devices will provide you with options around what data they collect and then what they do with it after it’s collected. Hop online and see if you can download some instructions for manuals for the devices you’re considering. They might explain the settings and permissions that you can enable or disable.
As mentioned above, multi-factor authentication provides an additional layer of protection. It makes things much more difficult for a hacker or bad actor to compromise your device, even if they know your password and username. Purchase devices that offer this as an option. It’s a terrific line of defense.
Some manufacturers are more security- and privacy-minded than others. Look for them. You might see a camera that has a physical shutter that caps the lens and blocks recording when it’s not in use. You might also find doorbell cameras that store video locally, instead of uploading it to the cloud where others can potentially access it. Also look for manufacturers that call out their use of encryption, which can further protect your data in transit.
Even the smallest of IoT smart home devices can lead to big issues if they’re not secured.
It only takes one poorly secured device to compromise everything else on an otherwise secure network. And with manufacturers in a rush to capitalize on the popularity of smart home devices, sometimes security takes a back seat. They might not thoroughly design their products for security up front, and they might not regularly update them for security in the long term.
Meanwhile, other manufacturers do a fine job. It takes a bit of research on the buyer’s part to find out which manufacturers handle security best.
Aside from research, a few straightforward steps can keep your smart devices and your network safe. Just as with any other connected device, strong passwords, multi-factor authentication, and regular updates remain key security steps.
For a secure smart home, just remember the adage: if a device gets connected, it gets protected.
The post Make Your Smart Home a Secure Home Too: Securing Your IoT Smart Home Devices appeared first on McAfee Blog.
nas-1200
At Black Hat USA 2020, Trend Micro presented two important talks on vulnerabilities in Industrial IoT (IIoT). The first discussed weaknesses in proprietary languages used by industrial robots, and the second talked about vulnerabilities in protocol gateways. Any organization using robots, and any organization running a multi-vendor OT environment, should be aware of these attack surfaces. Here is a summary of the key points from each talk.
Rogue Automation
Presented at Black Hat, Wednesday, August 5. https://www.blackhat.com/us-20/briefings/schedule/index.html#otrazor-static-code-analysis-for-vulnerability-discovery-in-industrial-automation-scripts-19523 and the corresponding research paper is available at https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/unveiling-the-hidden-risks-of-industrial-automation-programming
Industrial robots contain powerful, fully capable computers. Unlike most contemporary computers, though, industrial robots lack basic information security capabilities. First, at the architectural level, they lack any mechanism to isolate certain instructions or memory. That is, any program can alter any piece of storage, or run any instruction. In traditional mainframes, no application could access, change, or run any code in another application or in the operating system. Even smartphone operating systems have privilege separation. An application cannot access a smartphone’s camera, for instance, without being specifically permitted to do so. Industrial robots allow any code to read, access, modify, or run any device connected to the system, including the clock. That eliminates data integrity in industrial robots and invalidates any audit of malfunctions; debugging becomes exceptionally difficult.
Industrial robots do not use conventional programming languages, like C or Python. Instead, each manufacturer provides its own proprietary programming language. That means a specialist using one industrial robot cannot use another vendor’s machine without training. There are no common information security tools for code validation, since vendors do not develop products for fragmented markets. These languages describe programs telling the robot how to move. They also support reading and writing data, analyzing and modifying files, opening and closing input/output devices, getting and sending information over a network, and accessing and changing status indicators on connected sensors. Once a program starts to run on an industrial robot, it can do anything any fully functional computer can do, without any security controls at all. Contemporary industrial robots do not have any countermeasures against this threat.
Most industrial robot owners do not write their own programs. The supply chain for industrial robot programs involves many third-party actors. See Figure 1 below for a simplified diagram. In each community, users of a particular vendor’s languages share code informally, and rely on user’s groups for hints and tips to solve common tasks. These forums rarely discuss security measures. Many organizations hire third-party contractors to implement particular processes, but there are no security certifications relevant to these proprietary languages. Most programmers learned their trade in an air-gapped world, and still rely on a perimeter which separates the safe users and code inside from the untrusted users and code outside. The languages offer no code scanners to identify potential weaknesses, such as not validating inputs, modifying system services, altering device state, or replacing system functions. The machines do not have a software asset management capability, so knowing where the components of a running program originated from is uncertain.
Figure 1: The Supply Chain for Industrial Robot Programming
All is not lost – not quite. In the short term, Trend Micro Research has developed a static code analysis tool called OTRazor, which examines robotic code for unsafe code patterns. This was demonstrated during our session at Black Hat.
Over time, vendors will have to introduce basic security checks, such as authentication, authorization, data integrity, and data confidentiality. The vendors will also have to introduce architectural restrictions – for instance, an application should be able to read the clock but not change it.. Applications should not be able to modify system files, programs, or data, nor should they be able to modify other applications. These changes will take years to arrive in the market, however. Until then, CISOs should audit industrial robot programs for vulnerabilities, and segment networks including industrial robots, and apply baseline security programs, as they do now, for both internally developed and procured software.
Protocol Gateway Vulnerabilities
Presented at Black Hat, Wednesday, August 5, https://www.blackhat.com/us-20/briefings/schedule/index.html#industrial-protocol-gateways-under-analysis-20632, with the corresponding research paper available here: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/lost-in-translation-when-industrial-protocol-translation-goes-wrong.
Industry 4.0 leverages the power of automation alongside the rich layer of software process control tools, particularly Enterprise Resource Planning (ERP), and its bigger cousin, Supply Chain Management (SCM). By bringing together dynamic industrial process control with hyper-efficient “just-in-time” resource scheduling, manufacturers can achieve minimum cost, minimum delay, and optimal production. But these integration projects require that IIoT devices speak with other technology, including IIoT from other manufacturers and legacy equipment. Since each equipment or device may have their own communication protocol, Industry 4.0 relies heavily on protocol converters.
Protocol converters are simple, highly efficient, low-cost devices that translate one protocol into another. Protocol converters are ubiquitous, but they lack any basic security capabilities – authentication, authorization, data integrity or data confidentiality – and they sit right in the middle of the OT network. Attackers can subvert protocol converters to hijack the communication or change configuration. An attacker can disable a safety thresholds, generate a denial of service attack, and misdirect an attached piece of equipment.
In the course of this research, we found nine vulnerabilities and are working with vendors to remediate the issues. Through our TXOne subsidiary, we are developing rules and intelligence specifically for IIoT message traffic, which are then embedded in our current network security offerings, providing administrators with better visibility and the ability to enforce security policies in their OT networks.
Protocol converters present a broad attack surface, as they have limited native information security capabilities. They don’t validate senders or receivers, nor do they scan or verify message contents. Due to their crucial position in the middle of the OT network, they are an exceptionally appealing target for malicious actors. Organizations using protocol converters – especially those on the way to Industry 4.0 – must address these weak but critical components of their evolving infrastructure.
What do you think? Let me know in the comments below or @WilliamMalikTM
The post Black Hat Trip Report – Trend Micro appeared first on .
“Alexa, turn on the TV.”
”Get it yourself.”
This nightmare scenario could play out millions of times unless people take steps to protect their IoT devices. The situation is even worse in industrial settings. Smart manufacturing, that is, Industry 4.0, relies on tight integration between IT systems and OT systems. Enterprise resource planning (ERP) software has evolved into supply chain management (SCM) systems, reaching across organizational and national boundaries to gather all forms of inputs, parting out subcomponent development and production, and delivering finished products, payments, and capabilities across a global canvas.
Each of these synergies fulfills a rational business goal: optimize scarce resources across diverse sources; minimize manufacturing, shipping, and warehousing expense across regions; preserve continuity of operations by diversifying suppliers; maximize sales among multiple delivery channels. The supply chain includes not only raw materials for manufacturing, but also third party suppliers of components, outsourced staff for non-core business functions, open source software to optimize development costs, and subcontractors to fulfill specialized design, assembly, testing, and distribution tasks. Each element of the supply chain is an attack surface.
Software development has long been a team effort. Not since the 1970s have companies sought out the exceptional talented solo developer whose code was exquisite, flawless, ineffable, undocumented, and impossible to maintain. Now designs must be clear across the team, and testing requires close collaboration between architects, designers, developers, and production. Teams identify business requirements, then compose a solution from components sourced from publically shared libraries. These libraries may contain further dependencies on yet other third-party code of unknown provenance. Simplified testing relies on the quality of the shared libraries, but shared library routines may have latent (or intentionally hidden) defects that do not come to life until in a vulnerable production environment. Who tests GitHub? The scope of these vulnerabilities is daunting. Trend Micro just published a report, “Attacks on Smart Manufacturing Systems: A Forward-looking Security Analysis,” that surveys the Industry 4.0 attack surface.
Within the manufacturing operation, the blending of IT and OT exposes additional attack surfaces. Industrial robots provide a clear example. Industrial robots are tireless, precision machines programmed to perform exacting tasks rapidly and flawlessly. What did industry do before robots? Factories either relied on hand-built products or on non-programmable machines that had to be retooled for any change in product specifications. Hand-built technology required highly skilled machinists, who are expensive and require time to deliver. See Figure 1 for an example.
Figure 1: The cost of precision
Non-programmable robots require factory down time for retooling, a process that can take weeks. Before programmable industrial robots, automobile factories would deliver a single body style across multiple years of production. Programmable robots can produce different configurations of materials with no down time. They are used everywhere in manufacturing, warehousing, distribution centers, farming, mining, and soon guiding delivery vehicles. The supply chain is automated.
However, the supply chain is not secure. The protocols industrial robots depend on assumed the environment was isolated. One controller would govern the machines in one location. Since the connection between the controller and the managed robots was hard-wired, there was no need for operator identification or message verification. My controller would never see your robot. My controller would only connect to my robot, so the messages they exchanged needed no authentication. Each device assumed all its connections were externally verified. Even the safety systems assumed the network was untainted and trustworthy. No protocols included any security or privacy controls. Then Industry 4.0 adopted wireless communications.
The move, which saved the cost of laying cable in the factory, opened those networks to eavesdropping and attacks. Every possible attack against industrial robots is happening now. Bad guys are forging commands, altering specifications, changing or suppressing error alerts, modifying output statistics, and rewriting logs. The consequences can be vast yet nearly undetectable. In the current report on Rogue Robots, our Forward-looking Threat Research team, collaborating with the Politecnico di Milano (POLIMI), analyzes the range of specific attacks today’s robots face, and the potential consequences those attacks may have.
Owners and operators of programmable robots should heed the warnings of this research, and consider various suggested remedies. Forewarned is forearmed.
The Rogue Robots research is here: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/rogue-robots-testing-industrial-robot-security.
The new report, Attacks on Smart Manufacturing Systems: A Forward-looking Security Analysis, is here: https://www.trendmicro.com/vinfo/us/security/threat-intelligence-center/internet-of-things/threats-and-consequences-a-security-analysis-of-smart-manufacturing-systems.
What do you think? Let me know in the comments below, or @WilliamMalikTM.
The post Securing Smart Manufacturing appeared first on .
We continue our four-part series on protecting your home and family. See the links to the previous parts at the end of this blog.
We’re now done with familiarizing ourselves with the features of Trend Micro Home Network Security (HNS) It’s now time for you to get a bit more adept at regular monitoring and maintenance, to ensure you’re getting the best protection HNS can provide your connected home.
Once you’re tracking the various internet-capable devices in your home within HNS, as with any security-related device it’s essential to monitor the activities captured by it. In the same way that we need to periodically review the videos taken by our security cameras, to check for any unusual events in or around the home that need our attention; so too, do you need to keep abreast of the goings on in your home network, particularly those of an unusual or suspect nature, as revealed by HNS. This can easily be done in two ways: via Voice Control and Reports.
Voice Control. When you want just a quick overview of the status of your network, you can use HNS’s Voice Control. Voice Control is available as a skill for both Amazon Alexa and Google Home.
Once the skill has been enabled, you can ask Alexa or Google Assistant to control your Home Network Security (HNS) using the following voice commands:
|
|
Reports. On the other hand, if you have more time to spare, you can peruse the Reports for your devices, user profiles, and network usage.
|
|
Now that you’re more acquainted with your home network through HNS, it’s vital that you know what to do when, for instance, you received a Smart Alert notification indicating an unusually high network activity detected on one of your connected devices.
A Range of Network Events. In brief, you’ll need to review the recent activities and perform the required actions to eliminate risks such as the following:
|
|
For more specific information regarding these types of incidents, you may refer to this Technical Support article.
The Home Network Security Station takes care of your home and your family’s security and safety. In return, you should know how to check if it’s in good working condition.
Physical Status. Check whether the physical components (LED, Reset button, Power, and Ethernet ports) of your Station are intact.
Power. Ensure that the Station is powered on. To check if the Station has power supply, just follow these simple steps:
|
|
Offline Notifications. When the HNS Station is offline the user will receive a notification about it. In addition, the HNS app will indicate the Station is offline. This situation can be attributed to loss of either the internet or LAN connections.
Internet Connection. Make sure you have stable internet connection. Checking your internet connection is easy:
|
|
If you are able to connect to the internet, just reconnect your Home Network Security Station to the router.
LAN Connection. Check the connection between the router and the HNS Station.
|
|
Updates. Make sure that you update the HNS App if you receive a notification that indicates, “Update Needed. Please click the button below to get the latest version.” This will guarantee that your HNS is up-to-date with app improvements.
Getting Help. Always remember, if you encounter any questions, issues or concerns that you’re unable to resolve, Help is just a click away.
Home networks are everywhere these days. However, the user knowledge required to secure and maintain our home networks spans from tech newbies to gurus and often seems to be a rather complicated or even confusing task.
To help you maintain and monitor your home network, Trend Micro offers a simple plug-and-protect home network device to protect your smart home and connected devices from being hacked, while keeping the internet safe for your kids on any device. But plug-and-protect doesn’t mean plug-and-forget. As with any security device, ongoing monitoring and maintenance is needed to provide the best protection your home network and family members need and deserve.
For more information, go to Trend Micro Home Network Security.
To read the rest of our series on HNS, go to
You’re in Safe Hands with Trend Micro Home Network Security – Part 1: Setup and Configuration
Trend Micro Home Network Security Has Got You Covered – Part 2: Parental Controls
In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions
The post Monitoring and Maintaining Trend Micro Home Network Security – Part 4: Best Practices appeared first on .
We continue our four-part series on protecting your home and family. See the links to the previous parts at the end of this blog.
As you use more internet-connected devices and smart appliances in your home, it’s of utmost importance to make sure your gadgets are properly protected from malware and hackers—and Trend Micro Home Network Security (HNS) helps you do just that. But while it’s easy to set up, connect, and configure (and even to forget!), you reap the most benefit when you’re actively involved with it, maintaining and monitoring its features and controls.
Start by asking the question: Are you sure your home network is secure? As you learn what network security entails, by the end of this blog you’ll be able to answer that question confidently. The more you’re involved with HNS, as the tech-savvy “guru” of the household, the more you’ll know when things are properly secured.
We’ll cover three main topics in Part 3 of our 4-part series, where we help you to test the following features: Threat Blocking, Access Control, and Parental Controls.
To better understand how HNS blocks malware on malicious websites from being downloaded to your devices, open your browser either from your mobile device or PC then proceed to these links:
http://www.eicar.org/download/eicar.com
When you run these tests, the test URL will be blocked, your browser will say “Website Blocked by Trend Micro Home Network Security,” and the payload will not be downloaded to the test device. The HNS app will then notify you that a web threat has been blocked, along with the name of the test device that was able to detect it. In the future, you should monitor the HNS app for such messages, so you can see which malicious sites your family has been accessing and warn them.
Next, there are three aspects of Access Control that you should test to familiarize yourself with the features. They are: Approving and Rejecting Devices, Remote Access Protection, and Disconnecting Devices.
Device control is the first part of access control.
|
|
Based on the decision to Allow Connection, verify the connection status on the new device by navigating to a webpage or using an application that connects to the internet.
For the next test, Remote Access Protection, you’ll use a real-world remote-access program commonly used in tech support scams. Note that remote desktop software such as LogMeIn, AnyDesk, TeamViewer, and others are not inherently harmful, but malicious hackers often use them for nefarious activities, such as tech support scams, where they lure you into downloading such a program, pretending they need it to “solve” your computer problems. Unsuspecting consumers around the world have fallen victim to such scams, often losing a large amount of money in fake support fees and ransoms. Additionally, such hackers can use remote desktop programs to scoop up your private data and sell it on the Dark Web.
Home Network Security gives owners peace of mind by preventing these types of Remote Desktop programs from establishing connections with remote computers.
In this test, we will use the free version of TeamViewer.
|
|
HNS will block the TeamViewer session and the HNS app will receive a notification of a remote access connection attempt, along with the name of the target PC. Once you’ve run your tests and understand how this access blocking works, you can delete the instances of TeamViewer on your devices, if you have no need of them.
Next, you should test Disconnecting Devices.
|
|
As we indicated in our last installment of this series, there are many facets to HNS’s Parental Controls. In this segment we will check the effectiveness of its Website Filtering, Content Filtering, App Controls, Time Limits, and Connection Alert & Notification capabilities.
Testing Website Filtering is easy.
|
|
The browser will show, “Website Blocked by Trend Micro Home Network Security” and indicate the rule that triggered the block, i.e., the Category: Personals/Dating rule in our test. The HNS app will receive a notification indicating HNS prevented your “Pre-Teen device” was from visiting a Personals/Dating site. Tapping the notification will show more details, such as the time and website visited.
Moving forward, Content Filtering is next in our checklist.
|
|
When it’s toggled ON, you can try to search for inappropriate content, such as red band trailersDoing this, the user will see a message that says, “Some results have been removed because Restricted Mode is enabled by your network administrator.” In addition, videos with mature or inappropriate content will not be displayed when you open YouTube’s Home page.
To continue, you can test the Inappropriate App Used functionality. Note that this feature only logs the apps opened in your devices; it does not block those apps from being used by the child.
|
|
Next, on your test mobile device, open any of the apps that correspond to the App Categories you’ve chosen. For instance, when a gaming app is opened, The HNS app should get a notification that a Games App was found in the user’s device. Tapping this notification should open the Report section where more detailed information is presented, such as the name of the app, the amount of time it was used, and the name of the device that triggered the notification.
To test Time Limits, you can set up a simple rule that consists of the chosen days the family member can use the internet, set the internet time limit, and set the time spent on YouTube within the set time period they’re allowed to use the internet, then enable notifications for this rule.
As an example:
|
|
To check if the rule is working, look for when the user attempts to surf and use YouTube beyond what’s permitted by the rule. HNS will block access to the internet and YouTube and provide you with a notification that says the YouTube or internet time limit has been reached by the user account. This notification is also logged in the user profile’s Report section.
Let’s wrap up testing the Parental Control features with enabling Connection Alert. This allows you to receive a notification when a device you choose, like your child’s mobile phone, reconnects to your HNS-secure network after getting home from school.
To do this, from the HNS App’s User Account > Settings, enable Connection Alert to indicate when the devices you have selected connect to the home network, according to your set schedule. You’ll only receive notifications of connections from HNS during that scheduled time.
Is your network secure? As the techie in your household, you’re the designated technical support for the family. As the saying usually goes, “Heavy is the head that wears the crown,” but armed with what you’ve just learned about Trend Micro Home Network Security’s capabilities, your burden will lighten significantly and you and your family will stay safe and secure from constantly evolving network threats.
Go to our website for more information on Trend Micro Home Network Security. And watch for Part 4 of this series, where we wind up with some additional monitoring and maintenance best practices.
Go here for Parts 1 and 2 of our series:
You’re in Safe Hands with Trend Micro Home Network Security – Part 1: Setup and Configuration
Trend Micro Home Network Security Has Got You Covered – Part 2: Parental Controls
The post In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions appeared first on .
FreshRSS