Cryptojacking

 

Cryptojacking Attack Infects Thousands of ISP-Grade Routers

Cryptomining attack scripts, sometimes referred to as cryptojacking, are a subtle form of malware designed to harness the power of your CPU to mine cryptocurrency for those who develop them. These malware can be spread through infected files and the usual vectors of transmission. Cryptomining can also take place with our without your tacet consent on websites, especially those associated with torrenting and distribution of copywrited materials.

In this case however, a more sophisticated approach has been taken in an effort to spread the reach of the mining campaign through compromising industrial, ISP-grade routers. A hacking campaign has compromised “tens of thousands of MikroTik routers to embed Coinhive cryptomining scripts in websites using a known vulnerability.” (threatpost.com)

Censys.io reports that over 170,000 active Mikrotik devices were infected with the CoinHive site-key ( a single site-key was found across all infections, which indicates a single entity to be behind the attacks). Although the campaign appeared to originally target Brazil, infections are still growing internationally. A search on Shodan (a search engine for security researchers) shows growing tens of thousands of compromised routers outside of Brazil.

MikroTik routers are employed by large enterprises and ISPs in order to serve web pages to multiple thousands or more users each day. This means that each instance of compromise could pay out big for the threat actor.

This is a warning call and reminder to everyone who has a MikroTik device to patch as soon as possible,” Trustwave researcher Simon Kenin wrote. “This attack may currently be prevalent in Brazil, but during the final stages of writing this blog, I also noticed other geo-locations being affected as well, so I believe this attack is intended to be on a global scale.”

We’re … talking about potentially millions of daily pages for the attacker,” Kenin wrote. “The attacker wisely thought that instead of infecting small sites with few visitors, or finding sophisticated ways to run malware on end-user computers, they would go straight to the source: carrier-grade router devices.”

————————————————————————————–

Known Vulnerabilities 

Because the attack capitalizes on a known vulnerability, it is a prime example of what enterprises of all sizes risk when they delay or prevent installation of developer patches. The attack takes advantage of a vulnerability that was actually fixed by MikroTik in a previous patch.

Whoever is behind the attack, it appears they have an intimate understanding of the functionality of this particular router.

Initial investigation indicates that instead of running a malicious executable on the router itself, which is how the exploit was being used when it was first discovered, the attacker used the device’s functionality in order to inject the CoinHive script into every web page that a user visited,” explained Kenin.

Any MikroTik router users should make sure that their RouterOS is current with security patches, lest they fall prey to this latest cryptojacking campaign. 

The end user still has a few options as well, as cryptojacking can be halted in the web browser itself using (MinerBlock extension) or at the local firewall (CoinBlockerLists). Because the CoinHive script is injected into HTTP traffic, it can generally be avoided by forcing requests to be made over the secure version, HTTPS, depending of course on whether or not the site being accessed supports it.


Source: Threatpost.com  

————————————————————————————–
Contact us at     admin@gostst.com
  
 or call 24/7        (210)-446-4863

Supply Chain Attacks

 

When we think about security risks, we tend to expect the threat to come from shady online sources, perpetrated by “threat actors” and “hackers”. But the truth is that some security threats are waiting for us on our hardware before we even unbox it.

Supply chains today are often quite long and involve many companies and entities. Design, manufacture, logistics and shipping are generally handled by several groups along the chain, and some are more trustworthy than others. In many cases of supply chains being compromised, a worm or rootkit is introduced during the manufacturing process. The attacks can occur in any sector, financial, medical, government, and of course the physical security industry.

This will generally be carried out while the product is with the “weakest link” in the chain. As information is necessarily shared in a supply chain, risk is created. Information compromised in the supply chain can give threat actors time to determine what the best course of action is to deliver their malware.

In 2013, the US watched as retailer Target was hit with one of the largest data breaches in history. It is believed this was accomplished through a third party supplier gaining access to Target’s primary data network using passcode credentials from a company who provides HVAC systems.

Also common is modification of ATM firmware during manufacture, a scheme which has skimmed credit card information of millions on more than one occasion.

Of course, supply chain attacks can be and have been carried out against IP camera products. Having a security system compromised before installation would render it worse than useless, and even dangerous perhaps. In order to protect against these attacks it is recommended to:

. Maintain the smallest possible supplier base

. Impose strict control over what vendors are used. Conducting occasional site audits can help alleviate fears as well.

.Use products with security built into the design. Features such as “check digits” built into the software can help detect any previous unauthorized access to the code.

———————————————————————————————————

Contact us at admin@gostst.com

or call 24/7 (210)-446-4863

Sources https://securitytoday.com

Why Thermal Imaging?

 

 

Thermal Imaging

Once solely the province of police and military units, thermal imaging technology has seen a rapid adoption by the commercial security industry in the last decade. Thermal cameras give us the ability to see what our eyes cannot, and provide data that would never be available to analytics software with traditional devices.

Through imaging of invisible heat radiation given off by any object absorbing and reflecting light, irrespective of lighting conditions, these cameras allow us to see not just into dark rooms and outdoors at night, but also through foliage and semi-permeable objects such as netting and meshes.

As security cameras have become the staple for protection of property and personnel across every industry, the demand for better and more varied methods to produce high quality imaging in any setting has grown.

Thermal imaging cameras offer the best protection in conditions traditionally considered challenging:

.Work in the darkest of low-light scenarios

.Can see through foliage at night

.Are immune to visual limitations

.Produce fewer false alarms

.Work well in tandem with conventional high definition IP cameras

How Thermography Works

Thermographic or Infrared (IR) cameras create images using IR radiation as apposed to the visible light used in conventional cameras. Basically, what this means is that they are able to “see” heat as it radiates from an object and then display the differences in heat within its picture as various shades of grey in black and white video. Thermal cameras are therefore able to see through objects when a heat source is inside, require no light, and are not affected by things like smoke or dust.

Thermal cameras can be used to great effect in outdoor and low-zero light settings. This makes them particularly easy to camouflage, if desired. In many cases an IR camera could be used entirely in place of a traditional one, especially if it is being used to trigger an alarm and not just for surveillance.
IR is something that can be integrated into existing systems. It is especially helpful in analytics due to its ability to generate high contrast images.

The high-contrast, black and white images provide another metric in an entirely different spectrum of light for the algorithm of the analytics software to perform its operations on.

Analytics is already used to similar effect in systems with conventional cameras only, but being able to match heat signature against already existing video analytics creates a more robust and reliable overall surveillance operation.
Most importantly, a system can be set up to trigger only on the heat signature of a person, whereas the heat signature of an animal would be ignored.

To learn more about how thermal imaging cameras can help protect your commercial facility, please contact:

Security Technology of South Texas, Inc. at 210-446-4863

or email admin@gostst.com

Source: FLIR.com

STST Partners with 3XLOGIC as Authorized Dealer and Integrator

Not just another IP camera manufacturer, 3XLOGIC is changing how the end user manages and interacts with the IP ecosystem through implementing industry leading software-as-a-service architecture that gives even the newest IT novice the power to manage a complicated network of IP cameras and access control technology like a pro admin.
3XLOGIC makes use of the cloud for all storage and video processing needs, and systems will not feature on-site NVRs. This creates a robust video management structure and shifts processing power requirements away from the end-user or any computers located at the site. Through their proprietary “Infinias CLOUD” cloud hosting technology, a 3xLOGIC system can easily be made capable of handling video monitoring and analytics alongside access control solutions from just a single door all the way to “enterprise” scale operations.
This cloud based service “delivers broad access control capabilities to conveniently secure and manage user location(s)” (3xlogic.com) and uses an easy to use browser-based GUI. Having an easy to understand end-user interface allows for access control to be both practical and affordable for virtually any user, independent of the size of the business or the technical expertise of the end-user.
The user can “view, monitor, and report” (3xlogic.com) on events and alarms, as well as do things like define security rolls and create different levels of access privileges for the individual users.

Unique to the systems that can be built using 3xLOGIC’s hardware are what they term the “rules engine”. This is a logic system in their cloud space that allows the customer to “build the functionality they need such as Lock-down, First-in, last-out, n-man rule, and much more” (3xLOGIC.com) This rule engine can be used effectively on any scale to apply systems of rules and is particularly useful for access control purposes.

The “Infinias” cloud system is also capable of interfacing with wireless locks, which is increasingly a popular method used in large scale security solutions. While the same effect can be achieved by running wire to each door in the facility, the relatively low cost of using wireless locks, cameras, and etc. make this an increasingly attractive option for some. With time and improvements to wireless technology and a greater number of systems making use of cloud technology, wireless “everything” seems to be just on the horizon.

Overall, the solutions offered by 3xLOGIC are some of the most smooth and seamless out there. Technology like this is setting the stage for the future of fully integrated video surveillance, analytics, and access control systems. Above industry standard IP cameras, custom analytics, and a simple yet robust end-user interface all make 3xLOGIC stand out even among what sometimes feels like a crowded security market.
Security Technology of South Texas is an authorized dealer and integrator for 3xLOGIC. Contact us today to see what kind of system is right for your business or project.
Call us 24/7 at    (210)-446-4863     or       email admin@gostst.com

Source: 3xLOGIC.com