New Devices, Old Problems

 

Technology is a wonderful thing. This has advanced our society, way of life, and enjoyment in so many fields. As a simple example, look at cinema and the movies. Could the current level of CGI be done 15 years ago? Of course not. Also, the form factor for laptops have decreased while the processing power has increased substantially.

With consumers and businesses, the technological advances have increased our demand for new products. This could take the form of watches, fitness trackers, laptops, tablets, or anything with a processor. The replacement of the old technology creates e-waste, requiring recycling.

While this is important there are also risks with this. The information left on these within the hard drives is substantial. Think through the files you have on your hard drive used for personal uses, and all the critical/private information these hold. The files may be photos of your family, tax returns, bank statements, your will or passport, driver’s license, medical information, just to start. If you are a remote worker there may also be work data and documents.

When you replace the old equipment, you need to be sensitive as to this private information. With this in hand, it would be easy enough to work towards identity theft. To mitigate this, you need to sanitize the prior equipment.

The first action item is to back up any information that is important to you. This could be the photos, your resume, or any data you would really miss if you no longer had access to it. This may be done on an external drive, or cloud storage.

If you are logged into any accounts, and had not properly logged out, please do so. This may be email accounts, ride hailing apps, or streaming services. You probably don’t want to share this access or information.

You may have software or services on the laptop. With the new device, you may be able to transfer the software license or service to the new device. This will save you money and the time of re-signing up for these (e.g., AV).

If the device has a SIM or SD card, remove it. There may be documents or other information here you shouldn’t share. This only takes a moment.

Now that you have your important data and information from the equipment, erase the hard drive. To accomplish this, you can do a factory reset.

Lastly, wipe the disk. Granted the factory reset should be fine and work for some people, if you have any concerns, us an app and wipe the drive. Two options for this are Disk Wipe and Active Kill Disk. At this point you are safe to manually destroy the drive. The simplest way is to forcibly apply a hammer to the drive. Remember to wear goggles and gloves.

Thank you.

Services 

Enterprise and Embedded System Cybersecurity Engineering & Architecture

Red Team Pentesting | HW & SW BoMs | CBoM | 

Vulnerability Management | Tabletop Exercises (TTX) | 

Embedded Systems Architecture | Threat Intelligence | 

TARA (Threat Assessment and Remediation Analysis) 

Disabled Veteran Owned and Operated 

 

Yet Another Compromise

 

There are constantly compromises being published across the industries, and many more unpublished for a variety of reasons. Many years ago, the attacks were initiated by people showing their skills and the corporation’s lack of focus on security allowing these exploits. Times certainly have changed. Now this endeavor has been operationalized, streamlined, and become a profit center with an ROI.

Every company is a target for the various attacks. At the heart of most of these attacks is data. This has many uses for the bad actors, from selling to being ransomed. There are no geographic boundaries either. A company in Michigan recently had the opportunity to enjoy this at great length.

HealthEC, LLC, a population health management platform, coupled with Corewell Health. The focus of the work is to identify high risk patients, which is great and beneficial for the patients. The company was recently compromised, leaking confidential data and information on over a million Michigan residents.

The data leaked included the patient’s name, address, date of birth, social security number, medical information (e.g., diagnosis, diagnosis code, mental/physical condition, prescription information, and provider’s name), and health insurance information. Just the first four data points being compromised is bad enough (e.g., for identity theft), but add in the medical information and health insurance information, and the successful attackers have a field day. This allows more for the potential for ransomware to come into play.

To accommodate concerns, HealthEC is offering 12 months of credit monitoring and identity protection services through TransUnion. This may sound great, and it is for the first 12 months. Think about what happens after the 12 months. The stolen data, in part, is permanent or could be updated with a quick and easy internet search.

Thank you.

Services 

Enterprise and Embedded System Cybersecurity Engineering & Architecture

Red Team Pentesting | HW & SW BoMs | CBoM | 

Vulnerability Management | Tabletop Exercises (TTX) | 

Embedded Systems Architecture | Threat Intelligence | 

TARA (Threat Assessment and Remediation Analysis) 

Disabled Veteran Owned and Operated 

 

New Frontiers

 

Over the years there have been differing targets, moving from the enterprise side, to vehicles, satellites, shipping, aeronautics, and others. A significant new industry focus are medical devices. What brings this to the forefront of our attention is the criticality of the devices. These assist with our lives and living. The insulin pump helps patients with their blood sugar and notifies the patient when this is too high or low and provides insulin through the day. Neurotransmitters help patients deal with their pain. Defibrillators help with regulating heartbeats.

While these clearly are a benefit for the patients, these require cybersecurity to be applied. Without a thorough architecture and pentest to ensure the vulnerabilities have been mitigated, there are substantial liabilities. To validate this, you simply need to read through the FDA notices. Without fully addressing the product’s cybersecurity, the manufacturer is missing vital points which are required.

Thank you.

Services 

Enterprise and Embedded System Cybersecurity Engineering & Architecture

Red Team Pentesting | HW & SW BoMs | CBoM | 

Vulnerability Management | Tabletop Exercises (TTX) | 

Embedded Systems Architecture | Threat Intelligence | 

TARA (Threat Assessment and Remediation Analysis) 

Disabled Veteran Owned and Operated 

 

Linux SSH Servers as Viable Targets

 

Cybersecurity is such an interesting field. Just when you have the vulnerabilities figured out, the environment changes. This dynamic feature keeps everything on a pivot.

One of the newer focal points for attacks are the Linux SSH servers. These are garnering more attention lately. SSH is commonly used, which provides for a set of targets to try. The method for this attack is for the bad actor to install port scanners and tools for dictionary attacks. With this in place, the compromised servers would be used in attacks to compromise other servers. These would then be used for cryptocurrency mining and DDoS attacks.

This shows the need to address SSH server vulnerabilities, update the versions, and monitor these. Without the attentiveness, the vulnerabilities continue to be available to be exploited. The interesting piece of this is the exploit isn’t a one-off. With the compromised servers infecting others, this becomes exponential. Addressing this removes one more area attackers can test.

Thank you.

Services 

Enterprise and Embedded System Cybersecurity Engineering & Architecture

Red Team Pentesting | HW & SW BoMs | CBoM | 

Vulnerability Management | Tabletop Exercises (TTX) | 

Embedded Systems Architecture | Threat Intelligence | 

TARA (Threat Assessment and Remediation Analysis) 

Disabled Veteran Owned and Operated 

 

Diversity of Data

 

I’ve said many times data is the new gold. This may be used/sold many times and cut for the purchaser’s needs. Another aspect which makes this attractive to attackers is diversity. If a company has more than one type of data, there are more targets of different types which could be liberated from the company and sold or ransomed. For example, they may be industrial data with schematics and product design. This would certainly be a crown jewel to seek. Couple this data warehouse with another data set (e.g., consumer data) and there are more targets.

This is notable as Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand experienced a breach. This was confirmed on December 22, 2023. In this case, the company is assessing the extent of the breach. What is known however is an estimated 100GB of data were stolen by the infamous Akira ransomware group.

While this is troubling, there are lessons to learn from this to assist others in not making the same oversight. With each set of data, a security check should be done. The data could be held in different locations or platforms. Each of these should be reviewed for vulnerabilities. The greater likelihood is these are not co-located and may present unique vulnerabilities on their own.

Thank you.

Services 

Enterprise and Embedded System Cybersecurity Engineering & Architecture

Red Team Pentesting | HW & SW BoMs | CBoM | 

Vulnerability Management | Tabletop Exercises (TTX) | 

Embedded Systems Architecture | Threat Intelligence | 

TARA (Threat Assessment and Remediation Analysis) 

Disabled Veteran Owned and Operated