Discovering the threat actor:

In a peculiar twist of events, the Boa Web server has been discontinued since 2005, and it is mystifying how a 20-year-old life server is still lingering around. Microsoft reiterated that Boa is incorporated in a series of sought-after software developer kits (SDKs) utilized in the manufacturing design of precarious components for ICS by the Internet of Things (IoT) device developers. The Boa Web server finds its functionality in multiple IoT devices for managing consoles, accessing settings, and industrial network’s sign-in screens rendering critical infrastructure endangered to large-scale attacks.The SDKs disseminated by RealTek implemented in SOCs delivered to manufacturing companies of devices such as routers, access points, and repeaters also employ the Boa Web Server. The discovery that the Boa servers were the utmost delinquent in the Indian energy-sector attacks took some time. The first step was observing that the Boa servers were running on the IP addresses on the list of indicators of compromise (IoCs) published by Recorded Future and that the compromised electrical grid-attacked IoT devices were running Boa Server. This was confirmed by observing that half of the exposed IP addresses returned suspicious HTTP response headers hinting at an alliance with the operative deployment of the malicious tool stated by Recorded Future. Detailed inspection of the headers stipulated that more than 10% of all the active IP addresses returning the unsafe headers belonged to critical industries comprising petroleum and associated fleet serves. The unpatched perilous vulnerabilities of IoT devices served as an accessible attack vector for malware operators. The culminating step in the discovery was the short return time of the sceptical HTTP response headers in several days, linking them to invasion and malicious activity on networks.

Attack Operation:

A Microsoft Security Threat Intelligence blog post highlights that the vulnerabilities existing in the IoT component supply chain owing to the Web Servers are mysterious for the developers and administrators who are the managers of the system along with its devices. Administrators are unaware that the updates and patches are not tackling the Boa server permitting the misuse of its susceptibilities by the attackers to attain silent access for gathering information from files. The presence of unpatched and unauthenticated arbitrary file access (CVE-2017-9833) and information disclosure (CVE-2021-33558) serve as security gaps in the Boa Web Server, sanctioning attackers for the remote execution of code.

The malicious threat actors gain access to the device by using the “passwd” file from the device or utilizing sensitive Boa Server URIs to extract a user’s credentials. Egregious vulnerabilities such as CVE-2021-35395 affected the digital administration of millions of devices globally using RealTek’s SD and zero-click overflow CVE-2022-27255. Consequently, this leads to the launching of codes, compromised devices, deploying botnets, and later operating throughout the network. The absence of patches for the RealTek SDK and Boa vulnerabilities in the device firmware updates resulted in ICS exploitation. Microsoft, in its research, indicated a recent ransomware attack on the Boa Server of Tata Power in India carried out by the Chinese Hive group. The continuous monitoring of attacks brought into light the targeting of Boa vulnerabilities acting as the attack vector. Keeping this in mind, it has become vital for ICS network administrators to pinpoint and eradicate the Boa Server vulnerabilities diminishing the risk of future attacks.

Mitigating the Boa-Server vulnerabilities:

Particular measures to mitigate Boa vulnerabilities include device discovery and classification to recognize unprotected device components and to exercise vulnerability assessments of unpatched devices in the networks. The developers should maintain a proper workflow with solutions befitting the patch process. Vulnerability and risk assessment should also be implemented beyond the firewall to locate internet-exposed infrastructure running the Boa Web server components. Terminating the futile IoT devices’ internet connections and isolating firewalls in the critical-device networks reduces the attack surface. Applying proactive antivirus scanning of malicious payloads, detection configuration rules for malicious activity, and adoption of comprehensive IoT and OT solutions for monitoring devices increases the visibility of entry point IoT devices operating on the Boa Web server.

Social media Instagram and others has grown to be an effective communication tool for personal use and a necessity for official and business connections. With the increase in popularity of social platforms the risk of cyber-attacks has become inevitable. In recent years, social media cybersecurity threats have victimized millions of individuals across the globe making these digital platforms subjected to data mining scandals, data breaches, phishing campaigns and account takeover attacks leading to theft of personal data.

A Deep Dive into Cybersecurity Vulnerabilities

In a novel Instagram hacking campaign highlighted by darkreading, the threat actors sent Instagram users fraudulent emails claiming that the administrator network intends to permanently delete their account due to copyright infringement. The email utilized URL redirection tactics to deceive business users and influencers into giving up their login credentials through clicking on an embedded phishing link. These phishing links steer the users to account takeover, theft of sensitive information and a demand of ransom payment with the threat to sell privileged data on Dark Web.

Combatting Social Media Cyber Threats

The analysis by SpiderLabs discloses that the attack email deceives the social media influencers, businesses, and the average account holder by employing the instagram’s official logo and recommending that the affected users are probably executing copyright infringement. The email raises concerns by originating from an email addressmail@theinstagram.team or info@theinstagram.team which is analogous to Instagram’s actual support email, support@instagram.com.

Meta’s Battle Against Cyber Attacks

Earlier this year the instagram’s parent company Meta owned Facebook was also exposed to a similar “infringement phishing” attack with emails suggesting that the users had violated community standards but the attack on instagram was deadlier, as culminated by the researcher Homer Pacag at SpiderLabs. The attack on instagram caused more devastation because it maneuvered malware creators leveraging URL redirection to steal personal information from victims using messages crafted to appear urgent. The URL redirection directly included an embedded URL in the message instead of attaching a malicious file that a user clicks to reach a phishing page. It can be difficult for most URL detection systems to identify this deceptive practice, as the intended phishing URLs are embedded mostly in the URL query parameters.

The attackers employ bogus copyright reports and step by step data harvesting to make their exploitation tactics more evasive, luring the users into credential theft. The cyber endangered landscape entails detection of Novel Phishing Tactics and technology catchup to nip the evil of cyber threats in its bud. Social media is a haven for cybercriminals and the companies should implement ahead-of-time threat detection to block potential phishing domains and cloned legitimate websites. With social media security being more important than ever the social media companies’ security teams should conduct a simulated phishing engagement on their phishing defenses to make cybersecurity awareness, prevention, and security best practices a part of their culture. A solid social media and digital media protection plan is the way forward to ensure cyber threat resilience and to boost cybersecurity defense.

The exponential growth of the Internet connectivity has led to a significant growth of cyber attack incidents often with disastrous and grievous consequences. Cyber attacks have become potentially more disastrous as our dependence on information technology increases. Cybercriminals only require a few expenses and are unconstrained by geography and distance. The difficulty to identify cybercriminals and prosecute them due to the anonymous nature of the Internet has opened a lot of opportunities for the criminals. Given that, the attacks against information technology systems for extorting ransom are very attractive and it is expected that the number and sophistication of these cyber attacks will keep growing.

How Cyber Attacks Disrupt Industrial Giants

Bleepingcomputer published a report highlighting a crippling cyber-attack on Europe’s leading German copper producer Arubis. Copper is a highly significant metal being widely used in producing different things, especially in electric vehicles, renewable energy production, and energy storage technology. The attack forced the conglomerate to shut down its IT systems preventing any further attack spread. The copper producer Arubis is the second largest in the world, with 6,900 employees worldwide, and claims to manufacture more than one million tonnes of copper cathodes annually. It was announced that the discontinuation of various IT systems at different locations were a precaution to prohibit damage and had not impacted production of copper. The company further assured that the production and environmental protection facilities at the smelter are fully functional and are being maintained manually without any affect to the incoming and outgoing of goods.

Ransomware or Coordinated Cyber Operation?

At the instant there is no clarity on whether the attack was large-scale ransomware attack or it was a part of an extensive operation launched against the mining and metal sector. The company is still accessing the ramifications of the cyberattack by operating with the authorities to speed up the process. The preference is to ensure the production volumes and maintain the supply of raw materials unagitated for the dispatch of finished goods. To avoid any hindrance in the manufacturing process some of the functions have been switched to manual mode for sustaining the incoming and outgoing of final products until computer assisted automation at smelters can be secured for utilization. Arubis stated that at the moment the expected time of return to normal operations is impossible to estimate. Till then, the company has institutionalized a plan of transitional solutions for alternative communication channels by employing a phone line among the company and its customers.

The preventive measures taken by Aurubis indicate a possibility of ransomware involvement in the cyberattack but the company has not yet provided any details on its cyberattack. BleepingComputer has contacted the company to learn more about the incident and is awaiting a response. Earlier one such incident on such a large scale took place when LovkerGaga forced aluminum giant Norsk Hydro to shut down its IT systems in March 2019.

The development of more innovative and effective cyberattacks defense mechanisms has been regarded as an urgent requirement in the cybersecurity community to protect the functionality and sanctity of organizations.

In this byline for Spiceworks penned by our CEO Camellia Chan, she outlines the key threats posed by these innocuous household items and how individual homeowners can step up their security efforts.

CCTVs and IoT: A Landscape of Threats

The ubiquity of CCTVs and IoT devices creates a broad canvas for potential threats. From compromised home security leading to privacy infringements and burglaries to large-scale intrusions at retail spaces and financial institutions, the threat matrix is expansive and evolving.

A breach at cloud video security startup, Verkada, stands out as a pressing example. Here, a hacker collective gained access to an alarming 149,000 security camera footage. Another incident saw Iranian dissidents exploiting surveillance systems for political objectives. Such breaches underline a central theme: cyber attackers possess an alarming reach, and no entity is entirely immune.

The advancements in facial recognition technology only magnify the risks. Breaches, akin to Verkada’s, signify more than just visual data compromise. Access to servers storing such footage could mean unauthorized access to personal identities and associated data.

Vulnerabilities Beyond Software

Beyond software, hardware vulnerabilities demand equal attention. Even with the most advanced software protections in place, human lapses and inadequate cyber hygiene can be entry points for cyber attacks. Consider the vulnerabilities spotlighted in SpaceX’s Starlink satellite system or the criticisms faced by Hikvision over neglected bugs and potential surveillance concerns.

The Need for Integrated Security Strategies

For an effective defense against such threats, a holistic effort integrating both physical and cyber security protocols is essential. Many breaches have roots in simple lapses: unchanged default passwords or lack of multi-factor authentication.

Home Cyber Hygiene: A Priority

Cameras, designed for our safety, are ironically now points of vulnerability. Homeowners must prioritize cyber hygiene, adopting practices like frequent updates and rigorous password management.

For more insights and to understand how we can fortify your organization’s security infrastructure, reach out to us today!

Read the full commentary by Camellia here: https://www.spiceworks.com/it-security/cyber-risk-management/guest-article/playbook-for-diffusing-cctv-cybersecurity-threats/

For modern cutting-edge capabilities, the manufacturing factories are heading towards data-driven facilities where customers, operators, and designers can share information online. They are utilizing partake of cloud services, horizontal and vertical system integration, nanotechnology, advanced data analytics, simulated technology. However, all of these sources are connected to intellectual property (IP) and operators that are prone to cyber-attacks and sophisticated threats to data. Hence, a lot of critical data is at stake when there’s a chance of a cyberattack in industries. 

CyberAttack in Industries

Manufacturing infrastructure is risking high for cyber-threats. The number is increasing and it is a matter of real concern. If it goes unbound, the feature of connecting throughout the world and infiltration of data transfer can be the gateway for threats. The trespassing can shut down the entire plant’s operation or may lead to equipment failure that will stop the production or manufacture faulty products keeping the managers or the employees unaware.

As technology is evolving, the cybercrime evolution is also constant. The most dangerous cybersecurity threats are the common cyberattack in industries like IP theft, social engineering, malware, IoT attacks, supply chain attack, etc.

To ensure utmost cybersecurity, the manufacturing infrastructure should have the ability to capture the value with the frontier of technology. It requires a dynamic solution to protect and enhance value for the longer term. A system-level solution can be a perfect solution. Flexxon introduces the world’s first standalone X-PHY® AI Cyber Secure Solution with firmware-level protection and defense against harmful cyberattack in industries.

Benefits of X-PHY® AI Cyber Secure Solution

The AI-Embedded technology is the priority for a powerful cyber-defense and the X-PHY® AI Cyber Secure Solution comes with the most improved version of it. The built-in AI Co-Processor Quantum Engine enables constant monitoring and ensures protection with continual vigilance. It proves its resilience with firmware-level protection that detects unusual activities in real-time to thwart a cyberattack in industries. The self-learning and high-functioning threat detection block the gateway of cyber-threats and hardware sensors distinguish the anomaly from data access patterns.  

The manufacturing companies must be associated with exponential technologies and take proper precautions with vigilance. The X-PHY® revolutionizes cybersecurity facilitating continual vigilance as it never trusts anyone. It will keep the confidential files safe and sound within the devices. The benefits are:

IP Theft Security: It is the most common type of cyber-attack through which someone steals the trade secret of a company and incurs a data breach. It is like robbing confidential data of an organization. Implementing X-PHY® can ensure protection featuring Security Scout, and Keycode 2-Factor along with Secure Connectivity.

Social Engineering Prevention: Social engineering mostly causes by human negligence where users are tricked to download or click malicious phishing email attachments. These sorts of attacks can be prevented by the X-PHY® Solutions facilitating Guardian Pro-X and AI-based Security Engine into the system.

IoT Attacks Defense: Hackers can infiltrate the network system with malicious traffic, block the network with ransomware, install malware software and launch physical attacks on the IoT devices. The X-PHY® works as the last line of defense enabling Keycode Encryption, Signalock, Anti-Virus Warden, and Guardian Pro-X protects with AI-Based Security Engine, Intelligent Activities App, and Rooted Firmware Protected Engine.

Supply Chain Attack Protection: Cybercriminals gain third-party access and enter the network, steal data, and cause significant harm to the company. The Keycode Pro-X together with Rooted Firmware Protected Engine features of the X-PHY® constantly monitor the attacks and ensures protection.

Increase Cybersecurity Efficiency in Manufacturing Industry with X-PHY®

Prohibit the ransomware attack on the manufacturing infrastructure by establishing the X-PHY® AI Cyber Secure Solution to mitigate the risks of million-dollar impact. The advanced AI-Enabled technology provides firmware-based security and ensures a secure data transmission process. Experience the closest defense at the fastest reaction time and increase cybersecurity efficiency to avoid cyberattack in industries.

The medical sector consolidates with patient’s essential and confidential data every day. Other than that medical network also contains valuable financial information. It involves online services like shares analysis results through portals, connects various devices like remote monitoring systems, connects wristbands, pill dispensers, etc. Thus, it relates with multiple software and functions to make sure a precise diagnosing process that increases the cyber-related risks. 

Cyber Attacks on Healthcare Facility

The Revolution of technology in medical and healthcare facility has made things easier. However, the interconnection with EHRs can open up a loophole for hackers to access data. Cyber-threats in the medical sector faces major consequences for financial loss and breach of privacy. Data confidentiality is affected due to sharing details online and data integrity directly affects patient’s privacy. 

Medical devices usually are the easy entry points for cyber-threats. The healthcare facility can experience damage and disruption caused by malware, ransomware, phishing, data breaches, DDoS attacks, crypto-jacking, supply chain attacks, and so on.  The modern and sophisticated IT infrastructure is prone to cyber-attacks and data breaches.

Ensuring healthcare information security is the major concern for service providers. Currently, this problem is a top priority for the systems to manage without compromising. If proper action is not taken in time to enable a powerful defense, then the damage cannot be mitigated. For a reliable and safe cybersecurity assurance, a system-level solution is essential. To ensure security from the core, Flexxon introduces the world’s first standalone X-PHY® AI Cyber Secure Solution for the safekeeping of crucial data inside the medical devices.

Benefits of X-PHY® AI Cyber Secure Solution

The X-PHY® AI, Cyber Secure Solution is incorporated with an AI-embedded protection facility to optimize protection for the shared medical networks. It ensures constant monitoring through the built-in AI Co-Processor Quantum Engine that also protects transmitted data while sharing. To block the gateway of cyber-threats, the self-learning and high-functioning threat detection feature enhances firmware-level protection and detects malware in real-time. The hardware sensors also detect anomalies in data access patterns. 

To ensure data security the X-PHY® revolutionizes cybersecurity to facilitating continual vigilance throughout the servers. It never trusts anything and makes sure that the healthcare and medical facility can have a safer network without risking confidential patient information. The benefits include:

Defense for Malware, Ransomware, and Phishing: The hacker tries to reveal information by sending spam emails to the users, installing malware software, and diffuses spyware or ransomware. The X-PHY® ensures protection enabling AI-Based Security Engine along with the Anti-Virus Warden and Guardian Pro-X.

Protection against Data Breaches: Data breaches are caused due to some incidents regarding encrypted authorization access or lost devices. The attacker may use a random approach or password dictionary to gain access from the device. The Keycode 2-Factor, Security Scout, and Active Detective feature paired with Secure Connectivity from the X-PHY® helps in preventing certain threats.

Prevention for DDoS Attacks: This attack targets specific software and risks the layers and the infrastructure security by flooding the systems, servers, or networks with malicious traffic. The X-PHY® enables multilayer protection enabling boot loader in Rooted Firmware Protected Engine, Keycode Encryption, and Signalock feature.

Forbid Cryptojacking: The attackers target a vulnerable website to inject a script into the devices while unprotected visitors visit that website. Even mining software can be installed into IoT devices and networks. To prohibit crypto-jacking, the X-PHY® featured with Keycode Encryption and Guardian Pro-X enabling Secure Connectivity.

Prohibit Supple-Chain Attacks: The cybercriminals intercept the data transmission delivery from a supplier to inject anomaly into the device. By the attack, the firmware becomes exposed and causes data leakage. The Keycode Pro-X together with Rooted Firmware Protected Engine features of the X-PHY® monitors the AI-based firmware attacks and prohibits entering into the system.

Protection of Medical and Healthcare Facility with the X-PHY®

The extensive security features and functionalities of the X-PHY® AI Cyber Secure solution leads to its user to have a safe and reliable system as well as a network facility that makes the data transmission of the medical and healthcare sector successful. For maintaining data confidentiality and integrity, the X-PHY brings the ultimate cybersecurity solution with superior devices to fight against vulnerable threats and attacks.