March 23, 2021

Good morning, everyone!

Hopefully the last time I talk about the Microsoft Exchange Server debacle

Microsoft has released a one-click Exchange On-Premises Mitigation Tool to help organizations quickly determine whether an Exchange server has been compromised.

CISA has released the “CISA Hunt and Incident Response Program (CHIRP) – a forensics collection capability – to assist network defenders with detecting activity related to the SolarWinds and Active Directory/M365 Compromise. CHIRP is an open source project and is freely available to all stakeholders on CISA’s CHIRP GitHub repository. Visit CISA Alert AA21-077A for instructions and guidance on how to run the tool, and CISA CHIRP overview on YouTube for a step-by-step demonstration video.

When smart devices let you down

Let’s see, we’ve talked about smart devices letting you down when they are killed or restricted by the manufacturer, and when loss of connectivity renders them dumb. What else could happen?

Ransomware

Yep, since “smart devices” are really computers, and computers can get ransomware …. your smart things can be infected with ransomware! The first instance I’ve read about dates to 2016, when the Flocker strain of ransomware began infecting smart TVs. That was a real-world example. A month later, security researchers demonstrated how to hack a smart thermostat control and install ransomware. They set it to heat to 99 degrees and ask for a PIN to unlock it, with the PIN changing every 30 seconds. That’s dastardly!

Chaos and destruction

I love listening to Michael Caine in The Dark Knight. when he says ”Some people just want to watch the world burn.” There is truth to that, and then sometimes bad guys get paid for creating chaos and destruction. A fascinating demonstration of “what could happen” was seen at Black Hat in 2017, when Honeywell security researcher Marina Krotofil demonstrated an example of using “evil bubbles” to destroy a $50,000, 610-pound industrial pump. An associate on stage typed a command into a laptop, sending a stream of thick bubbles through the visible pipes. He did this by adjusting a valve upstream, with no access to the pump.

In a matter of hours, she said, the bubbles would start to wear pits in the pump's metal surfaces, and in days would wear down the “impellers” that push water through it, until it’s rendered useless. “Bubbles can be evil,” she said. “These bubbles are my attack payload. And I deliver them through the physics of the process.”

Protect the “smart” things

What’s the point of these stories? Protect ALL the “things”! Smart devices are just little computers, and they need to be protected from the bad guys just like your PC does. Put them behind a properly-configured firewall (with the default password changed!). Even better, put them on a network segmentation (behind the firewall) to keep them separate from your computer network, to prevent cross-contamination if something does get infected with malware (or to prevent access to that valve upstream). If they don’t need Internet access to function, block them from Internet access. Make it hard for the bad guys to do their work!

I think that's enough for this week. Go forth and apply your patches, enable 2FA and think before you click!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Talk to you again soon!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Goes Virtual

Thanks to COVID-19, lots of things are going virtual, and that includes my employee Security Awareness Training. I've set up a small studio in our conference room (nobody there but me) so I can provide live training (almost) just like before! You can see me wave my hands and make faces while a wall of fascinating facts and practical tips slideshow across your screens, wherever you and your employees may be.

Contact me to schedule your employee training sessions. They're fun! ☺