Blog

Trane thermostat is a hot spot for viruses on home networks

Trane thermostat is a hot spot for viruses on home networks:

Back in April 2014, the Cisco Talos security team alerted Trane that its Wi-Fi-connected ComfortLink II thermostat had some serious security flaws. The most egregious was the hardcoding of SSH passwords in the device.

The SSH service is exposed to the network, meaning a nearby hacker who can get onto the gadget’s Wi-Fi can use the credentials to login and execute code remotely. This design flaw is particularly bad news for you if the thermostat is facing the public internet, allowing anyone on the planet to potentially infiltrate the gizmo.

The other two flaws were buffer overflow vulnerabilities that could be used to gain access by sending unreasonably long data requests to the device. With trial and error, an attacker could overwrite sections of the device’s memory and perform remote code execution.

Once inside the ComfortLink II, the assailant would have the ability to turn the device into a little malware store that could be used to infect other devices using the same wireless network as the so-called “smart” thermostat. It’s a serious issue and you’d think Trane would want to fix it.

The Internet of Things, while a boom to convenience, is a huge bane to security and privacy. Most of the companies developing IoT devices have no practical experience designing security into their products, and rarely even consider it as a necessity. This will take a culture shift before things change, but it will be well worth the wait once it happens.

Cyber Attacks Target JR Hokkaido; Security Info May Have Leaked

Cyber attacks target JR Hokkaido; security info may have leaked:

More than 300 files of information, including those related to transportation security, may have leaked out after a personal computer at Hokkaido Railway Co. came under cyberattacks, NHK reported on Monday.

The company, known as JR Hokkaido, was targeted by cyberattacks when it was preparing for the opening of the Hokkaido Shinkansen Line scheduled for next month.

In August, a company official opened a file attached to an email that appeared to come from a customer making an inquiry. As a result, as many as seven personal computers were infected by a virus, the report said.

I would not classify a phishing campaign as a cyber attack. More importantly, it sounds like JR Hokkaido lacks any form of even basic endpoint cyber security defensive measures.

Their response sounds like a horribly inefficient and overall terrible idea:

JR Hokkaido is planning to introduce a new system that prevents emails from a third party from directly reaching its employees and revise its overall security measures, the report said.

What does that even mean? How does JR Hokkaido expect to conduct external business if its employees are incapable of directly receiving emails from third-parties?

Vawtrak and UrlZone Banking Trojans Target Japan

Vawtrak and UrlZone Banking Trojans Target Japan:

In January and February 2016, Proofpoint researchers observed threat actors spreading banking Trojans in Japan and other countries that had not recently experienced high volumes of this family of malware. These countries certainly have not been targeted previously in the same way as the UK, United States, and others. Instead, it appears that the new campaigns in Japan (and Spain) are continuations of the trend first observed with Shifu in October 2015. The key takeaways are:

  • The UrlZone banking Trojan is spreading via email spam and targeting Japanese and Spanish banks
  • The Vawtrak Trojan is spreading using Angler Exploit Kit and targeting Japanese banks
  • Both Trojans are using the same dynamic injects system that allows them to manipulate a financial institution’s website content (liekly sharing resources or renting from the same third party)
  • The injects system appears to be written by a Russian author

In terms of cyber security awareness, Japan is relatively unsophisticated compared to the rest of the modern world. It is fairly easy to attack Japanese consumers and trick them into performing unsuspecting actions.

What I find interesting about this attack, at least as observed by Proofpoint and their analysis, is the banks being targeted. The majority are smaller banks, likely servicing more rural areas, in turn meaning an easier chance of success against the intended targets.

EINSTEIN Not Smart Enough To Defend U.S. Government Against Cyber Attacks

EINSTEIN Not Smart Enough To Defend U.S. Government Against Cyber Attacks:

The U.S. Department of Homeland Security (DHS) has spent roughly $6 billion developing the EINSTEIN intrusion detection system – officially referred to as the National Cybersecurity Protection System, or NCPS. The firewall is intended to protect U.S. federal agencies against attacks launched by hostile nation states and malicious cyber actors.

According to a stinging report just released by the U.S. Government Accountability Office (GAO), EINSTEIN is not nearly as smart as it needs to be. The GAO, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people.

Here is an abstract on the DHS National Cybersecurity Protection System aka EINSTEIN.

Ex-CEO On How His Silicon Valley Cybersecurity Firm Crashed

Ex-CEO Sam Glines of Norse on how his Silicon Valley cyber security firm crashed and burned:

A recent story in Forbes stated that Norse Corp. – which raised more than $40 million in VC funding – looked like it may be shutting down, according to a blog posted by Brian Krebs, a well known investigative reporter who covers the cybersecurity industry.

Sam Glines, the beleaguered ex-CEO at Norse, wrote a detailed response to what Krebs wrote and the subsequent media reporting following the post. He takes responsibility for some of his actions while also deflecting some blame to the media coverage.

This is too bad. I really love their IP Viking cyber threat visualization tool and hope Norse is able to continue developing the product. IP Viking adds very interesting capability for a SOC, and has many defense-oriented applications, such as a cyber common operational picture.

Hello World!

Welcome to Cylncr, a startup currently being incubated and expected to launch in twenty-sixteen. Stay tuned to this space for further information.