dzone.com

dzone.com

Unexpected Security Breaches - DZone Security

Hackers are extremely creative. It's not just phishing and knocking, hackers will try every crevice, every small hole, even things you would never think of as a way into your data center. The reason you need zero-trust security is because you never know how they're going to slip behind the scenes and gain access to what you thought was an innocent little system.

If you just protect the edge of your network, then all someone has to do is get under the fence. Here are a few memorable ways they've done it:

Target Corporation's POS and the Air Conditioner

One of the biggest consumer breaches came from hackers who installed malware on the Point of Sale credit card machines in companies like Target. We're talking the thing that controls the flow of money from the cash register to the bank, which you would think is a pretty important system — and it is.

But what Target didn't think that a particularly critical system was the HVAC thermostat. Turns out, the PoS and thermostats were on the same network, so when the hackers got ahold of the password for the thermostats, they gained access to the network. That network is, of course, not just for one store, but it gave them access to every store, and once they were able to load their malware (which copied and reported credit card numbers and expiration dates) onto one machine, they were able to upload it to all machines throughout the company.

Faxing Your Way to Compromise

We don't really do a lot of faxing anymore, but we end up with the feature on those All-In-One printers that scan, fax, print, and do OCR, optical character recognition. It was that combination of features that researches from Check Point Software Technologies were able to exploit.

They faxed over lines of malicious code disguised as an image file to the printer, relying on the fact that no one usually checks the contents received over a fax. The file was decoded and stored in the printer's memory, which allowed the researchers to take over the machine. Then, they were able to get into the rest of the company network, explore other devices, and use the fax machine connection to upload malware to those devices

Having a Blue Wi-Fi

Bluetooth is that thing you use to connect your phone to your car... Wi-Fi is completely different, right? Well... not exactly. A number of enterprise Wi-Fi access points have Bluetooth as a discovery method to allow Wi-Fi access points to find each other and be set up (the irony being you can't set up a wireless access point on the Wi-Fi because the Wi-Fi isn't set up yet).

While the exploit has to be done over Bluetooth, which means you need to be physically within 100 meters or so of the access point (which means a laptop in a car outside the building could do it), the access gained is pretty frightening — the thing that every other thing needs to talk to is now compromised and can spread malicious code very quietly.

The Little Tiny Chip on the Server Board

And, of course, we know about the tiny chip that found its way onto motherboards from the manufacturing plants supplying Super Micro Computer Inc. The chip didn't do much, because it really didn't have to do much. It reported the details of the machine to a central location and, basically, held the door open for hackers to send bits of code into the operating system.

Once the OS is compromised, all bets are off. You don't need the little chip anymore because you now own all the big chips and network access.

At the end of the day, there will always be some way for a hacker to crack open a window or slip in a back door. Whether they get friends on the inside like with the little chip, or if someone just forgot to lock a door like the HVAC thermostat, the odds of an organization truly locking down the perimeter grow smaller and smaller every day as more "things" get connected and hackers get cleverer.

The moral is hold your code close, protect everything as close to that thing as you can, and remember, the network is already compromised.