You probably deploy firewalls as your first line of defense between your pristine networks and the nasty, malware polluted internet.
You try to be picky about what data you allow through them, in order to protect your networks.
And, you probably tend to relax after you finish your monthly endpoint patching and updating.
Unfortunately, when the pandemic forced many businesses to transition to remote work, many devices once managed purely on-site were switched to internet accessible.
Though some IT teams benefitted (because they could manage the devices remotely), these rarely considered or patched devices are now under attack.
And, it’s led to quite a few unexpected cybersecurity issues.
How Attackers Locate Devices
Finding devices accessible to the internet isn’t difficult. It’s just tedious.
Certain tools, such as Shodan, can perform searches of IP addresses, open ports, and any devices that respond on open ports.
Now, cybercriminals are using this to their advantage.
Many attackers program similar detection algorithms into malware, scaning the internet for specific devices.
Then, once the algorithm locates a potential victim with the new flaws, the software automatically performs an attack on the target device.
For example, after releasing patches for on-premises Microsoft Exchange Servers, a variety of nation-state and criminal hacking groups reverse-engineered the patch. Then, they began attacks on detected, but not yet patched, systems.
Now, over a year later, ransomware attackers still locate servers vulnerable to attack.
Sure, you expect email servers to be connected to the internet, but recent attacks reveal many unexpected internet-connected network devices, too.
To prevent attacks on your systems, it’s time to check for and patch (or at least disable), internet connections for network-attached storage devices (NAS), uninterruptible power sources (UPS), and more.
Usually, you think of NAS as existing entirely inside the network.
However, certain features can expose these devices directly to the internet, allowing for attackers to exploit known weaknesses.
For example, the NAS devices produced by Taiwan-based QNAP were hit hard over the past few years. Here’s just a few of the recent unexpected cybersecurity issues:
- AgeLocker ransomware – July 2020
- Cryptomining – December 2021
- eCh0raix ransomware attack – December 2021
- Universal Plug and Play (UPnP) and port forwarding vulnerability – January 2022
- Denial-of-Service vulnerability in OpenSSL – March 2022
- Linux Kernel 5.8+ ‘Dirty Pipe’ – March 2022
- Apache HTTP Server unauthenticated user vulnerability – April 2022
However prominent QNAP may be in the headlines, it shouldn’t be considered unusual.
After all, we can easily also cite DeadBolt ransomware attacks on ASUSTOR NAS devices, and Western Digital NAS problems as unexpected cybersecurity issues, such as:
- My Book NAS involuntary factory reset or data deletion – July 2021
- My Cloud arbitrary code execution vulnerability – March 2022
Powering Down: UPS with Unexpected Cybersecurity Issues
Recently, the U.S. Cybersecurity and Infrastructure Agency (CISA) and Department of Energy (DOE) issued a joint alert regarding the potential threats of internet-connected uninterruptible power supply devices.
Historically, UPS devices were just batteries with switches. So, for the most part, people ignored their security.
But, the 20 million deployments of potentially-vulnerable APC Smart-UPS devices needs to be examined immediately.
If attackers are able to breach these UPS devices, they can access your internal network, prevent the devices from providing backup power, or even cause your UPS device to burn out.
Though researchers located this flaw before it was exploited by cyberattackers, you might miss patching it, since it’s not generally part of your normal routine.
It’s just another one of the unexpected cybersecurity issues you’ll need to be on the lookout for.
Closing Off Exploits
Cyber criminals often develop exploits from publicly-released patches. From there, they try to take advantage of flaws before businesses get around to patching them.
And, with so many employees joining the ‘great resignation’, many of these vulnerabilities remain open, exposed, and forgotten.
A random check of firewall logs typically reveals unknown devices exploring internet-facing ports regularly.
You’ll want to know what those devices are detecting, to prepare for potential attacks.
One way to find internet-enabled devices is to go through your IT asset list (hopefully updated), and then check the devices one-by-one.
But, with the correct tools, vulnerability scans (vuln scans) and penetration tests (pen tests) can be more accurate, thorough, and faster.
In addition to discovering internet-connected devices, pen tests and vuln scans discover unknown devices, detect misconfigurations, and identify obsolete software throughout your organization.
These scans provide a prioritized roadmap of problems you can then resolve.
It always seem like a never-ending cycle in the world of cybersecurity.
Products are created and secured, attackers find ways in, and the good guys patch, update, and correct.
That sort of process is a normal part of your routine, and you’re ready for that.
But, when unexpected problems begin to crop up, like NAS and power sources, it’s easy to let things slip under the radar.
Start by performing your vulnerability scans and pen testing, and you’ll at least be aware of any potential problems.
While some in-house IT teams can do this on their own, outsourcing to experienced security experts can save you enormous time and produce better results.
If you’re looking for guidance, assistance, or just someone to do the work for your, the security experts at Blue Bastion regularly perform penetration tests, vulnerability scans, cybersecurity monitoring, and incident response.
Contact us at 412-349-6680, or fill out the form below, to obtain a no-obligation consultation regarding how our experts can quickly detect and remediate internet-connected devices in your network.