According to a March 8, 2022, report, analysts at Armis Research Labs discovered three vulnerabilities in uninterruptible power supplies (UPSs) that could allow attackers to take down critical infrastructure. The security flaws, collectively dubbed TLStorm, could enable remote code execution, allowing a hacker to execute a ransomware attack or steal data. The attacker could potentially take over the device, disrupt the power supplied to equipment, and even cause a fire hazard.
Effective Security Starts with Understanding Potential Attack Vectors
Effective Security Starts with Understanding Potential Attack Vectors
Researchers estimate that about 20 million of the popular UPSs are in use worldwide. Organizations rely on UPSs to provide backup power to equipment that requires high availability. Many of these devices now connect to the Internet to enable remote monitoring and management. The newly discovered vulnerabilities involve improper error handling in the Transport Layer Security (TLS) connection between the device and the cloud.
These are merely the latest potential attack vectors hackers use to breach networks. Most organizations underestimate the potential for seemingly innocuous devices to become critical IT security threats.
Don’t let your company become one of the many that is taken over by a security threat. At DeSeMa, we offer high-quality IT security services where we can assess your security risks and provide you with a plan that can help keep your data safe. Continue reading below to learn more about security threats that could cause harm to your business, and reach out to our team at DeSeMa to schedule a consultation for our IT security services today!
Growing Numbers of Threats
Printers, copiers, and fax machines are an often-overlooked security weakness. These devices connect to the network and can be accessed from outside the firewall. In 2020, white hat hackers with CyberNews took control of almost 28,000 printers worldwide and made them print a guide on printer security. Malicious actors could have infiltrated the network and accessed sensitive data.
Internet of Things (IoT) devices add a new dimension to these types of threats. Companies now have hundreds, even thousands of network-connected devices that are sending and receiving data and automating tasks. They have notoriously weak security, and any one of them could be hijacked and used in a cyberattack.
The convergence of information technology (IT) and operational technology (OT) has also created risk. By integrating IT with building automation, process control technologies, and other OT systems, organizations can eliminate data silos, optimize their operations, and make better decisions. However, many OT systems were not designed to connect to the network. They lack even basic security controls, making them attractive targets for hackers.
Building automation and, oddly enough, physical security systems are frequently the largest problem. There are documented cases in which hackers have pulled the faceplates off badge readers mounted on the outside of a building and used them to connect directly to the company’s network. The attacker now has access to the data center, and nobody is aware of it.
DeSeMa was asked to perform penetration testing for a major technology company. The company’s internal team had not found any issues of major concern. However, DeSema noticed that the building’s thermostats had Ethernet connections. The DeSeMa team used the thermostats to obtain a backdoor into the corporate network.
Taking Action
People outside of IT add devices to the network without realizing they’re creating security holes. That’s what happened to Home Depot — the company’s HVAC vendor added a device to monitor the health of air conditioning units that left an opening in the network. IT is not accustomed to looking for these kinds of devices and doesn’t have the tools and procedures for finding them.
Awareness is the first step toward effective security. IT security asset inventories should include every device and system that connects to the network. DeSeMa is adept at discovering nonstandard connection types and assessing the potential threats. Mapping these connections reveals pathways into the network that many people don’t consider.
If you’re serious about protecting your company and your assets, the next step is to isolate vulnerable devices — segment the network by placing a firewall between the devices and critical systems. For example printers should connect to a print server on their own network segment. The print server controls communications between the printers and the network and, as a bonus, helps monitor printer health.
Often the solution isn’t complex. It’s a matter of recognizing the potential threats, maintaining data flow diagrams, and keeping your asset inventory up-to-date. DeSeMa provides asset management, security assessments, penetration tests, and other services to help you better understand potential attack vectors. If you are interested in learning more about our IT security services, don’t hesitate to reach out to our team and request a quote today! We look forward to working with you and strengthening the security of your business.