Search This Blog

Showing posts with label Vulnerabilities. IoT. Show all posts

Active Cypher: Great Deal of Orchestration of Our Intelligence in AI into Existing Systems

Active Cypher: The company is built upon a socially responsible fabric, that provides information security for individuals and corporations in an increasingly complex digital age. The guest speaker for the interview was Mr. Michael Quinn, CEO, and Mr. Caspian Tavallali, COO Active Cypher. Active Cypher’s Ransom Data Guard utilizes a combination of Active Cypher’s proprietary encryption orchestration, smart AI, and advanced endpoint protection. 
Please tell us about your company Active Cypher? 

I am Michael Quinn, CEO of Active Cypher. We are a data protection company; we have an ethos within a company that the data needs to be able to protect itself wherever it is created. We have built a product line that offers those capabilities of protection against ransomware attacks through protecting data at the file level in the server environment and in the cloud. What our product allows us to do is be crypto agile. We can work with numerous encryption schemes. Once we are installed we basically back out of the situation and allow the client to run and trust their own data. 

Your company talked about game-changing software “Ransom Data Guard” that will protect organizations against ransomware threats. Please describe more about it. 
What we developed is a capability where understanding what ransomware has to do in order to take control of the device in a user environment. We built a product just before the Covid-19 and work from home culture started and we realized that people are using shared environments on the same device at home. So we basically allow the organization to encrypt the data down to the device level and protect it. The ransomware protection that we provide basically allows us to manage the files in such a way that they are not accessible to external sources like ransomware. We put this product along with our cloud fortress product to make sure that we were meeting compliance regulations. What we found after working with the law firms is we allow the companies to meet compliance through this capability if the product was ransomed or even if it was exfiltrated because we encrypt the data so the actual data itself is useless. On the ransomware side, the beauty of it is we allow a lot of flexibility in how the data can be stored and used. 
Besides ransomware protection, what are the other solutions Active Cypher provides? 
We do a great deal of orchestration of our intelligence in AI into existing systems, we integrate into Microsoft tools as well as we have APIs that can write to any of the tools that are out there. We don’t bring in to replace anything or add to anybody’s burden, we integrate into it with our information.  
Let’s say somebody opens a doc. file or they load up a doc. file which has an exploit. How do you handle that? 

If somebody uploads an exploit or malware and when it’s opened, because of the process we use to interrogate the document for its integrity, we will stop any process that is trying to intervene with the environment and we’ll put a warning out. What will happen is you’ll get an alert from us, let’s say you open up a “wannacry” as an example, you will get a screenshot saying “your device has been ransomed.” The reality is you can still open all your files. What we do is, with our cloud fortress product, we do a real-time backup. 
At a time when hospitals and medical institutions are struggling with Covid-19, how has Active Cypher protected them from ransomware threats? 

In most of the hospitals and medical environments, their IT staff lacked the sophistication to understand what was happening. Earlier, the attackers were not really trying to damage the data, they were trying to ransom it and return it. Now what the attackers are doing is, that they are actually getting into the environment and not going after the data because most of the hospitals have upgraded their capabilities along with using our products. Now, the hackers are attacking the IoT (internet of things) at the device level, which is more life-threatening. What we have done to help healthcare institutions is basically putting a “Data Guard” which is the stand-alone ransomware product on devices. 
How do you handle the GDPR (General Data Protection Regulation) and Privacy requirements when it’s the home environment? 

With “Data Guard,” the way the product is designed, it can be installed on a consumer device. In that environment it allows people to protect what they have like personal data or business data that they have on their device is protected. And that’s the simplicity of Data Guard, is the fact that it protects your device and the files on it and ensures that ransomware can’t launch successfully.  
With cyberattacks rising, is there any advice you can give to our readers on cybersecurity? 

Everybody has to be aware, you don’t have to be afraid. With the stress of work, particularly with this remote work environment, the user has to be more diligent. So, ease of use and awareness are probably the keys to maintaining good data hygiene.

Vulnerabilities in Logitech Harmony Hub Giving Adversaries Root Access to the Device

Researchers at FireEye's Mandiant Red team recently detected four vulnerabilities in the Logitech Harmony Hub as improper certificate validation, an unreliable update process, leaving developer debugger symbols and images in the production firmware and having a blank root user password.
These vulnerabilities are found to give the oppugners root access to the device– enabling attackers to control other smart home devices connected to it, for instance, smart locks and connected surveillance cameras.

Joel Hopwood, in a report about the vulnerabilities posted on Friday said that the exploitation of these vulnerabilities from the local system could enable an aggressor to control the devices connected to the Hub and in addition utilize it as an execution space to attack various other devices on the local network.

Fire Eye analysts revealed the vulnerabilities to Logitech in January 2018. Logitech discharged a firmware update (4.15.96), April 10, to address the discoveries made and public disclosure was on May 4.

Researchers first found that the Harmony Hub disregards invalid SSL declarations and certifications by testing out using their own particular self-signed certificate to block the HTTPS traffic sent by the Harmony Hub.

 “The Harmony Hub sends its current firmware version to a Logitech server to determine if an update is available. If an update is available, the Logitech server sends a response containing a URL for the new firmware version. Despite using a self-signed certificate to intercept the HTTPS traffic sent by the Harmony Hub, we were able to observe this process – demonstrating that the Harmony Hub ignores invalid SSL certificates,” the researchers wrote.

They were additionally ready to confirm that the root password of the IoT device was blank which thusly assumed a major part in granting them complete control over the device after they additionally looked more about firmware of the Hub's SquashFS file system.

It was a direct result of these two vulnerabilities that Hopwood later said made it quite easy for him to hijack the Harmony Hub by means of its update procedure.

 “Since we were able to previously observe what a real update process looked like, we could just simulate a false update to tell the Hub it has an update and tell it where to download the update from,” Hopwood told Threatpost. “Then we would download that resource onto the Hub with our own controlled web server that had a malicious update posted on it.”

Logitech's Harmony Hub is one of numerous unreliable and insecure IoT devices – from smart thermostats to connected surveillance cameras. Smart hubs, specifically, extend the potential attack vector since they go about as a hub for different associated devices across the home.
What's more, because of the way that the Harmony Hub, in the same way as other IoT gadgets, utilizes a typical processor design, malevolent devices could without much of a stretch be added to a compromised Harmony Hub, expanding the general effect of a targeted attack, Hopwood later included in his post Fire Eye’s Official website.