You are Good, But Neighbor is not… Now What?

Let’s set this up…

You have paid attention to some Cyber security efforts, and have a number of defenses, maybe not “all of them” but your risk management matrix has shown you where to focus. What is impact on a device if having Cyber security problems?

Assuming you set up the probability matrix of all of your devices failure impact… Did you think of everything?

What about this:

Internet Storm center has  a story “More malspam pushing Lokibot”  

The post is about when an email attachment RTF(Rich Text Format) runs and then downloads an exploit for CVE-2017-11882 which installs Loki the information stealer.

Once Loki is on the machine it will contact home base and more.

Loki is an especially bad malware software, as it steals FTP credentials, SMTP credentials, Browser data, database information, and keylogger abilities.

So how do we defend against this malware? we need to deny the entry points. Because if once the malware is in one of your systems or one of your partners then it is a different game.


So what happens when  you think the neighbor is infected?  The firewall is no longer in play, as all internal machines are now open to attack. All it takes is another payload to be dropped into the infected machine that will take advantage of other machines with weak defenses.

So the problem is that any machine that you allow into your network (with vpn or otherwise) also can make your network systems weaker.

Coming back to our neighbor, if the neighbor does not have the same methods to security as you do, they are now a liability if you do not take the neighbor threat seriously.

I want to give an example in an apartment building that has been setup with a well known ISP internet service. So you get an apartment  and the service for internet is built-in to the price of your apartment(or at least is a minor add-on).

The Apartment people tell you to just plug into the wall and voila you have internet service.

So when i plug in, do i get my own router? Or am I connected within a switch with every other apartment first? So now I have to run a discovery scan, and check all other IP addresses first?

This is why one runs a discovery scan, to see all the machines that are on the network and that can see you. This is all part of the risk management of your company.


Contact Us to discuss Risk management and more.

Smart Cameras have Cybersecurity Problems

Everything has cybersecurity problems if it is not built with some security in mind at least. One should not build security after building the product, it tends to be ad-hoc or kluge.

Tom’s Guide has a good article of several cameras, it happens that AV-TEST evaluated 8 IP(Internet Protocol) cameras.

Only 3 cameras received 3 stars out of 3 (best stat): Logitech Circle, Myfox Security Camera, and the Netgear Arlo.  D-Link and Hanhwa Techwin need to get updates. Samsung Smartcam had  a new vulnerability that was found in March. And the unknown brands should just be thrown out.

 Logitech’s Circle above.  (a new one Circle 2 is available now)

Why focus on cameras? because they are easy to set up but not as easy to keep up and secure.

What happens when new firmware is released? How long until you update the camera? the camera requires a password and then upload the file – update, and ‘reboot’.

These new cameras also have cloud accounts or mobile apps, which may need updating too.

MyFox security camera is also a good option. (Made by Somfy protect, here is Somfy tech support page).

The other “top camera” in the review is:

Netgear Arlo has many options in cameras

Security light, Pro2, Pro, regular, Go, Q, Q plus, and baby

So you bought a nice camera, set up the Wifi, and the app on your phone.  Now you can keep an eye on a certain area from anywhere you have phone service. Pretty good right?

Now in a year or so, a new vulnerability comes out, and you have to upgrade the firmware. Where was that password again?

this year’s top product become next years liabilities (remember the Intel/AMD security problem in all processors).

So better do some documentation of the camera devices, and keep track of the vulnerabilities just like all the other computer devices on your network.


Contact Us to discuss your security policy needs.

Achieve True Privacy Protections

Your data and your customer data must be protected and in such a manner that even a breach in an area is not making it easy for the criminal to get the last link and thus the whole database.  Losing a portion of customer data is bad, but losing all of it is much worse.

So just like we have a layered defense in our network a layered defense of the database  is essential.

Before we  discuss technical details it is good to lay out how we intend to use the customer and employee data.

Because the technical people should look at a document that says how you will use data so that  customers, vendors, and employees know what is happening(or supposed to happen).

Also knowing what to do when there is a failure is important.

So we need to answer the following:

  1. Where is the data?
  2. Who has data?
  3. Why is data kept?
  4. What data is kept?
  5. How is data kept is a technical issue, and should be answered if encryption is answered.
  6. When will data be kept til? Forever? or is there a time lapse?
  7. How much data will be kept? (similar to what?) but can clarify the amount and size.


The new data privacy compliance law in the EU is GDPR(General Data protection regulation) and we have discussed this before at “Can European Regulation Help You Design Data Privacy”

In the us there are NIST(National Institute of Standards & Technology) standards – specifically 800-171. Which this company (Imprimis) has a video and discusses the complete process to go through to get yourself compliant for government oversight/ contracts.

The interesting slide is the next one that discusses the continuous compliance state one must build into any program


continuous monitoring, training and improvements must be done while performing quarterly periodic scans, and annual assessments.


We have discussed periodic scans before: our recon scan and vulnerability assessments

NIST 800-171 is the defacto standard of the US government and all of the contractors, sub-contractors, and anyone who is handling classified or CUI(Controlled Unclassified Information) data.  there are 110 items that one has to write an assessment on. So if your data is classified/unclassified one has a framework to work in.

PCI Payment card industry has a new version out (as of May 2018)  Summary of changes link

basically this latest compliance update is just a confirmation of TLS v1.1 or higher and some errata fixes.  Our post: Internet insecure without TLS

So although everyone has different data to place in the  Who, What, When, Why, Where, and how/how much we need to review and constantly improve our data storage and redemption states.


Contact Us to review this.


Sophisticated Method to Hack Your Network Devices

So the Criminal hackers have to get more sophisticated as some networks are patching their devices.


You must have heard of the Casino that got breached through a thermometer in the fish tank?  We get excited with new capabilities of Internet connectivity. But unfortunately we forget that a Cybersecurity weak device can open doors for criminal hackers.  You have a firewall right? It defeats the easy entry of a hacker.

But what if the hacker is already in your network? How? Somehow they were able to make the connection…

“Wicked Botnet uses passel of exploits to target IoT”by has an interesting paragraph:

“It scans ports 8080, 8443, 80 and 81 by initiating a raw socket SYN connection; if a connection is established, it will attempt to exploit the device and download its payload,” explained researchers Rommel Joven and Kenny Yang, in the analysis. “It does this by writing the exploit strings to the socket. The exploit to be used depends on the specific port the bot was able to connect to.”

Since other previous malware has already infected the easy to infect routers, the  botnets now have to infect using exploit tactics.  This is typical of old and new tactics as the cybersecurity landscape changes quickly.

This new botnet is called “Wicked Botnet uses passel of exploits to target IoT”  and scans for ports 80,81,8443, and 8080.

Unfortunately  there are cloud based problems as well:

Nolacon2018 had Sean Metcalf discuss this very issue

There is a specific issue  Sean is concerned about

because every 2 minutes password synchronization has to occur for Azure cloud, thus an attacker can capture the stored password hash, and then try to guess it at their leisure.

The reality is the hacker will always try to use the technologies that you use to outfox and steal your money, data, and anything else they can.

In some ways it is always a losing game – a catch-up if you will. We have to defend everything, and all the criminals have to do is to attack and succeed in one spot.

So we have to do the proper risk management analysis to figure out where to put most of our time and resources.

Contact us to discuss.