Cryptojacking Attack Infects Thousands of ISP-Grade Routers
Cryptomining attack scripts, sometimes referred to as cryptojacking, are a subtle form of malware designed to harness the power of your CPU to mine cryptocurrency for those who develop them. These malware can be spread through infected files and the usual vectors of transmission. Cryptomining can also take place with our without your tacet consent on websites, especially those associated with torrenting and distribution of copywrited materials.
In this case however, a more sophisticated approach has been taken in an effort to spread the reach of the mining campaign through compromising industrial, ISP-grade routers. A hacking campaign has compromised “tens of thousands of MikroTik routers to embed Coinhive cryptomining scripts in websites using a known vulnerability.” (threatpost.com)
Censys.io reports that over 170,000 active Mikrotik devices were infected with the CoinHive site-key ( a single site-key was found across all infections, which indicates a single entity to be behind the attacks). Although the campaign appeared to originally target Brazil, infections are still growing internationally. A search on Shodan (a search engine for security researchers) shows growing tens of thousands of compromised routers outside of Brazil.
MikroTik routers are employed by large enterprises and ISPs in order to serve web pages to multiple thousands or more users each day. This means that each instance of compromise could pay out big for the threat actor.
“This is a warning call and reminder to everyone who has a MikroTik device to patch as soon as possible,” Trustwave researcher Simon Kenin wrote. “This attack may currently be prevalent in Brazil, but during the final stages of writing this blog, I also noticed other geo-locations being affected as well, so I believe this attack is intended to be on a global scale.”
“We’re … talking about potentially millions of daily pages for the attacker,” Kenin wrote. “The attacker wisely thought that instead of infecting small sites with few visitors, or finding sophisticated ways to run malware on end-user computers, they would go straight to the source: carrier-grade router devices.”
————————————————————————————–
Known Vulnerabilities
Because the attack capitalizes on a known vulnerability, it is a prime example of what enterprises of all sizes risk when they delay or prevent installation of developer patches. The attack takes advantage of a vulnerability that was actually fixed by MikroTik in a previous patch.
Whoever is behind the attack, it appears they have an intimate understanding of the functionality of this particular router.
“Initial investigation indicates that instead of running a malicious executable on the router itself, which is how the exploit was being used when it was first discovered, the attacker used the device’s functionality in order to inject the CoinHive script into every web page that a user visited,” explained Kenin.
Any MikroTik router users should make sure that their RouterOS is current with security patches, lest they fall prey to this latest cryptojacking campaign.
The end user still has a few options as well, as cryptojacking can be halted in the web browser itself using (MinerBlock extension) or at the local firewall (CoinBlockerLists). Because the CoinHive script is injected into HTTP traffic, it can generally be avoided by forcing requests to be made over the secure version, HTTPS, depending of course on whether or not the site being accessed supports it.
Source: Threatpost.com
————————————————————————————–
or call 24/7 (210)-446-4863
$119.4 Billion: Projected Growth of Physical Security Market by 2023
/in Access Control, Business Security /by Evan YoungmanSimply put, the physical security market consists of all the security solutions you can walk up to and touch. Cameras, virtual gate guard systems, HOA management systems and more all have elements of physical security. Of course, because all of these solutions are deeply integrated with network and cloud-based technologies, cybersecurity could be considered to be equally important, but is not what we are looking at in this article
As risk continues to rise with rapid progress sometimes leaving vulnerabilities unchecked, the demand for physical security, the tried and true barrier between real assets and those seeking to steal or destroy them, will grow along with the risk.
A combination of fear generated from media responses to so-called “terror attacks”, advancements in tech in general, and the growing use of IP cameras to perform video surveillance are expected to push the growth of the physical security market worldwide.
According to this report:
https://www.researchandmarkets.com/research/snkm2j/global_physical?w=5
this growth is expected to be from $84.1 billion in 2018 to $199.4 billion by 2023 with a CAGR (compound annual growth rate) of 7.3%.
This report details how the services segment of the market is expected to have the fastest growth rate. Physical security is indispensable for enhancing existing video surveillance through integration of digital (IP) solutions and integrating them with modern IT and network environments.
Of course, the larger enterprises are expected to be at the bleeding edge as this all occurs over the next few years, but this doesn’t mean that small or medium businesses need to miss out. While the big players have the greatest pools of revenue to draw from and more infrastructure to protect, the smaller enterprises can see just as much or greater benefit by implementing integrated IP-based physical security sooner rather than later. The best time to step up your security will always be before the attack comes, and not as a reactive measure.
Security Technology of South Texas is a leading provider of cutting-edge physical security products. We have the experience and attention to detail to give you the best for your money when it comes to IP cameras, access control solutions, monitored video, and more.
Cryptojacking
/in Business Security, Security General, Smart Security /by Evan YoungmanCryptojacking Attack Infects Thousands of ISP-Grade Routers
Cryptomining attack scripts, sometimes referred to as cryptojacking, are a subtle form of malware designed to harness the power of your CPU to mine cryptocurrency for those who develop them. These malware can be spread through infected files and the usual vectors of transmission. Cryptomining can also take place with our without your tacet consent on websites, especially those associated with torrenting and distribution of copywrited materials.
In this case however, a more sophisticated approach has been taken in an effort to spread the reach of the mining campaign through compromising industrial, ISP-grade routers. A hacking campaign has compromised “tens of thousands of MikroTik routers to embed Coinhive cryptomining scripts in websites using a known vulnerability.” (threatpost.com)
Censys.io reports that over 170,000 active Mikrotik devices were infected with the CoinHive site-key ( a single site-key was found across all infections, which indicates a single entity to be behind the attacks). Although the campaign appeared to originally target Brazil, infections are still growing internationally. A search on Shodan (a search engine for security researchers) shows growing tens of thousands of compromised routers outside of Brazil.
MikroTik routers are employed by large enterprises and ISPs in order to serve web pages to multiple thousands or more users each day. This means that each instance of compromise could pay out big for the threat actor.
“This is a warning call and reminder to everyone who has a MikroTik device to patch as soon as possible,” Trustwave researcher Simon Kenin wrote. “This attack may currently be prevalent in Brazil, but during the final stages of writing this blog, I also noticed other geo-locations being affected as well, so I believe this attack is intended to be on a global scale.”
“We’re … talking about potentially millions of daily pages for the attacker,” Kenin wrote. “The attacker wisely thought that instead of infecting small sites with few visitors, or finding sophisticated ways to run malware on end-user computers, they would go straight to the source: carrier-grade router devices.”
Known Vulnerabilities
Because the attack capitalizes on a known vulnerability, it is a prime example of what enterprises of all sizes risk when they delay or prevent installation of developer patches. The attack takes advantage of a vulnerability that was actually fixed by MikroTik in a previous patch.
Whoever is behind the attack, it appears they have an intimate understanding of the functionality of this particular router.
“Initial investigation indicates that instead of running a malicious executable on the router itself, which is how the exploit was being used when it was first discovered, the attacker used the device’s functionality in order to inject the CoinHive script into every web page that a user visited,” explained Kenin.
Any MikroTik router users should make sure that their RouterOS is current with security patches, lest they fall prey to this latest cryptojacking campaign.
The end user still has a few options as well, as cryptojacking can be halted in the web browser itself using (MinerBlock extension) or at the local firewall (CoinBlockerLists). Because the CoinHive script is injected into HTTP traffic, it can generally be avoided by forcing requests to be made over the secure version, HTTPS, depending of course on whether or not the site being accessed supports it.
Source: Threatpost.com
Supply Chain Attacks
/in Security General /by Evan YoungmanWhen we think about security risks, we tend to expect the threat to come from shady online sources, perpetrated by “threat actors” and “hackers”. But the truth is that some security threats are waiting for us on our hardware before we even unbox it.
Supply chains today are often quite long and involve many companies and entities. Design, manufacture, logistics and shipping are generally handled by several groups along the chain, and some are more trustworthy than others. In many cases of supply chains being compromised, a worm or rootkit is introduced during the manufacturing process. The attacks can occur in any sector, financial, medical, government, and of course the physical security industry.
This will generally be carried out while the product is with the “weakest link” in the chain. As information is necessarily shared in a supply chain, risk is created. Information compromised in the supply chain can give threat actors time to determine what the best course of action is to deliver their malware.
In 2013, the US watched as retailer Target was hit with one of the largest data breaches in history. It is believed this was accomplished through a third party supplier gaining access to Target’s primary data network using passcode credentials from a company who provides HVAC systems.
Also common is modification of ATM firmware during manufacture, a scheme which has skimmed credit card information of millions on more than one occasion.
Of course, supply chain attacks can be and have been carried out against IP camera products. Having a security system compromised before installation would render it worse than useless, and even dangerous perhaps. In order to protect against these attacks it is recommended to:
. Maintain the smallest possible supplier base
. Impose strict control over what vendors are used. Conducting occasional site audits can help alleviate fears as well.
.Use products with security built into the design. Features such as “check digits” built into the software can help detect any previous unauthorized access to the code.
———————————————————————————————————
Contact us at admin@gostst.com
or call 24/7 (210)-446-4863
Sources https://securitytoday.com
Why Thermal Imaging?
/in Smart Security, Video Surveillance /by Evan YoungmanThermal Imaging
Once solely the province of police and military units, thermal imaging technology has seen a rapid adoption by the commercial security industry in the last decade. Thermal cameras give us the ability to see what our eyes cannot, and provide data that would never be available to analytics software with traditional devices.
Through imaging of invisible heat radiation given off by any object absorbing and reflecting light, irrespective of lighting conditions, these cameras allow us to see not just into dark rooms and outdoors at night, but also through foliage and semi-permeable objects such as netting and meshes.
As security cameras have become the staple for protection of property and personnel across every industry, the demand for better and more varied methods to produce high quality imaging in any setting has grown.
Thermal imaging cameras offer the best protection in conditions traditionally considered challenging:
.Work in the darkest of low-light scenarios
.Can see through foliage at night
.Are immune to visual limitations
.Produce fewer false alarms
.Work well in tandem with conventional high definition IP cameras
How Thermography Works
Thermographic or Infrared (IR) cameras create images using IR radiation as apposed to the visible light used in conventional cameras. Basically, what this means is that they are able to “see” heat as it radiates from an object and then display the differences in heat within its picture as various shades of grey in black and white video. Thermal cameras are therefore able to see through objects when a heat source is inside, require no light, and are not affected by things like smoke or dust.
Thermal cameras can be used to great effect in outdoor and low-zero light settings. This makes them particularly easy to camouflage, if desired. In many cases an IR camera could be used entirely in place of a traditional one, especially if it is being used to trigger an alarm and not just for surveillance.
IR is something that can be integrated into existing systems. It is especially helpful in analytics due to its ability to generate high contrast images.
The high-contrast, black and white images provide another metric in an entirely different spectrum of light for the algorithm of the analytics software to perform its operations on.
Analytics is already used to similar effect in systems with conventional cameras only, but being able to match heat signature against already existing video analytics creates a more robust and reliable overall surveillance operation.
Most importantly, a system can be set up to trigger only on the heat signature of a person, whereas the heat signature of an animal would be ignored.
To learn more about how thermal imaging cameras can help protect your commercial facility, please contact:
Security Technology of South Texas, Inc. at 210-446-4863
or email admin@gostst.com
Source: FLIR.com