Cryptojacking

 

Cryptojacking Attack Infects Thousands of ISP-Grade Routers

Cryptomining attack scripts, sometimes referred to as cryptojacking, are a subtle form of malware designed to harness the power of your CPU to mine cryptocurrency for those who develop them. These malware can be spread through infected files and the usual vectors of transmission. Cryptomining can also take place with our without your tacet consent on websites, especially those associated with torrenting and distribution of copywrited materials.

In this case however, a more sophisticated approach has been taken in an effort to spread the reach of the mining campaign through compromising industrial, ISP-grade routers. A hacking campaign has compromised “tens of thousands of MikroTik routers to embed Coinhive cryptomining scripts in websites using a known vulnerability.” (threatpost.com)

Censys.io reports that over 170,000 active Mikrotik devices were infected with the CoinHive site-key ( a single site-key was found across all infections, which indicates a single entity to be behind the attacks). Although the campaign appeared to originally target Brazil, infections are still growing internationally. A search on Shodan (a search engine for security researchers) shows growing tens of thousands of compromised routers outside of Brazil.

MikroTik routers are employed by large enterprises and ISPs in order to serve web pages to multiple thousands or more users each day. This means that each instance of compromise could pay out big for the threat actor.

This is a warning call and reminder to everyone who has a MikroTik device to patch as soon as possible,” Trustwave researcher Simon Kenin wrote. “This attack may currently be prevalent in Brazil, but during the final stages of writing this blog, I also noticed other geo-locations being affected as well, so I believe this attack is intended to be on a global scale.”

We’re … talking about potentially millions of daily pages for the attacker,” Kenin wrote. “The attacker wisely thought that instead of infecting small sites with few visitors, or finding sophisticated ways to run malware on end-user computers, they would go straight to the source: carrier-grade router devices.”

————————————————————————————–

Known Vulnerabilities 

Because the attack capitalizes on a known vulnerability, it is a prime example of what enterprises of all sizes risk when they delay or prevent installation of developer patches. The attack takes advantage of a vulnerability that was actually fixed by MikroTik in a previous patch.

Whoever is behind the attack, it appears they have an intimate understanding of the functionality of this particular router.

Initial investigation indicates that instead of running a malicious executable on the router itself, which is how the exploit was being used when it was first discovered, the attacker used the device’s functionality in order to inject the CoinHive script into every web page that a user visited,” explained Kenin.

Any MikroTik router users should make sure that their RouterOS is current with security patches, lest they fall prey to this latest cryptojacking campaign. 

The end user still has a few options as well, as cryptojacking can be halted in the web browser itself using (MinerBlock extension) or at the local firewall (CoinBlockerLists). Because the CoinHive script is injected into HTTP traffic, it can generally be avoided by forcing requests to be made over the secure version, HTTPS, depending of course on whether or not the site being accessed supports it.


Source: Threatpost.com  

————————————————————————————–
Contact us at     admin@gostst.com
  
 or call 24/7        (210)-446-4863

Why Thermal Imaging?

 

 

Thermal Imaging

Once solely the province of police and military units, thermal imaging technology has seen a rapid adoption by the commercial security industry in the last decade. Thermal cameras give us the ability to see what our eyes cannot, and provide data that would never be available to analytics software with traditional devices.

Through imaging of invisible heat radiation given off by any object absorbing and reflecting light, irrespective of lighting conditions, these cameras allow us to see not just into dark rooms and outdoors at night, but also through foliage and semi-permeable objects such as netting and meshes.

As security cameras have become the staple for protection of property and personnel across every industry, the demand for better and more varied methods to produce high quality imaging in any setting has grown.

Thermal imaging cameras offer the best protection in conditions traditionally considered challenging:

.Work in the darkest of low-light scenarios

.Can see through foliage at night

.Are immune to visual limitations

.Produce fewer false alarms

.Work well in tandem with conventional high definition IP cameras

How Thermography Works

Thermographic or Infrared (IR) cameras create images using IR radiation as apposed to the visible light used in conventional cameras. Basically, what this means is that they are able to “see” heat as it radiates from an object and then display the differences in heat within its picture as various shades of grey in black and white video. Thermal cameras are therefore able to see through objects when a heat source is inside, require no light, and are not affected by things like smoke or dust.

Thermal cameras can be used to great effect in outdoor and low-zero light settings. This makes them particularly easy to camouflage, if desired. In many cases an IR camera could be used entirely in place of a traditional one, especially if it is being used to trigger an alarm and not just for surveillance.
IR is something that can be integrated into existing systems. It is especially helpful in analytics due to its ability to generate high contrast images.

The high-contrast, black and white images provide another metric in an entirely different spectrum of light for the algorithm of the analytics software to perform its operations on.

Analytics is already used to similar effect in systems with conventional cameras only, but being able to match heat signature against already existing video analytics creates a more robust and reliable overall surveillance operation.
Most importantly, a system can be set up to trigger only on the heat signature of a person, whereas the heat signature of an animal would be ignored.

To learn more about how thermal imaging cameras can help protect your commercial facility, please contact:

Security Technology of South Texas, Inc. at 210-446-4863

or email admin@gostst.com

Source: FLIR.com

Intelligent Video Solutions for Campuses

The promise of AI enabled video in academic settings centers around finding solutions to the social issue of school gun violence. 2018 was in fact the worst year for gun violence by number of incidents in our nation’s history, and this reality is driving demand for innovative campus security solutions. Intelligent video technology facilitates school safety through integrating already existing systems such as security cameras, fire alarms and sprinklers, and automatic door locks. By integrating data from multiple sources and sensors, cloud security platforms can discover new insights and make predictions. Basically, intelligent video has the potential to bring campus security from reactive to proactive.

These intelligent video platforms combine cloud and AI to bring data in closer relationship with each other. Video and sensor data are aggregated to perform analytics functions, allowing a type of machine learning to occur which has the effect of improving efficiency and overall security. While conventional school security measures were designed to function as forensic evidence after the fact of an incident (video to be used by the police and the court systems), these newer “smart” systems aim to go after problems before they make themselves manifest. Using video and IoT sensor data in the cloud, data is analyzed in real time and in aggregate, something human operators simply can not do fast enough to be effective. This allows the campus to identify patterns to help the platform better point out salient insights as it learns over time.

Using a cloud based solution for campus security also makes sense with regard to maintenance and upkeep. On-premise security architecture requires manual updating of software on each server, whereas a cloud system takes its updates automatically from the cloud. The updates are simply scheduled during closed hours as automatic, which reduces the amount of IT manpower needed and allows IT staff to remotely work on the system.

Another benefit of cloud based security is how scalable these systems are. As a campus expands and adds more doors, entry points and etc., the cloud is more than capable of expanding along with any new hardware that is added.

These systems also reduce the need for staffing in large campus security operations. Due to the integration of data from multiple types of sensors, less humans are needed in the response chain to initiate lockdown procedures, active shooter response, and other incident protocols. When integrated with an automated door locking system for instance, the platform can communicate a proactive response in an active shooter situation faster than any human team and lockdown to prevent entry as it alerts the human security element or the police.

——————————————————————————————————————————————

Security Technology of South Texas has the direct experience and skilled team to integrate a cloud based security solution into your school or campus. We meet with relevant staff to design custom, turn-key solutions from the ground up and offer the reliable and reachable service you need for these critical systems.

——————————————————————————————————————————————

Contact us at admin@gostst.com on our website or via phone at 210-446-4863 24/7

Security Drones Out in Force with NYPD

29 officers have been trained and licensed to operate 14 drones for the NYPD in a unit known as the Technical Assistance Response Unit. These drones will perform a wide variety of tasks such as monitoring both vehicle and pedestrian traffic, surveilling large events, search and rescue, and assisting in other miscellaneous emergencies. It has been a little while since we looked at the emerging market for security drones. It is still true that security drones require human pilots to be effective in a police force, and it is worth clarifying that these UAVs are not autonomous.

The idea is for the drones to act as an advanced party to a crime or emergency scene. Drones having eyes on the situation first gives incident commanders the chance to see what they are getting into before they jump into danger. Unlike in China, where drones disguised as doves watch every living thing in Beijing, these 19 drones will not be used to perform warrantless surveillance, though many still suspect misuse to occur anyway.

Two of the drones are quadcopters with zoom-in cameras and thermal imaging capabilities. The remaining drones are smaller, with one being relegated to training purposes. NYPD has said that these drones are for special situations and not for routine patrol or for use in traffic enforcement. They also claim they will never attach weapons to these machines or use the drones themselves as weapons. Whether or not that is a promise that sticks remains to be seen.

Drone use by police is certainly not new and not just for big city departments anymore. The Center for the Study of the Drone at Bard College has shown over 900 law enforcement agencies with deployed drones at the time of their study. However, that scale of drone surveillance still pales in comparison to what China is executing, and for that we should probably be grateful.

 

Security Technology of South is proud to offer integration of security services and custom solutions for any and all security needs.

Please contact us through email at admin@gostst.com on our website or via phone at 210-446-4863 24/7