Expert Comments

On Cybercriminals Leveraging Smart Building Access Systems to Launch DDoS Attacks

Expert(s): Security Experts
Expert(s): Security Experts

Linear eMerge E3 devices that are part of access control systems for Smart buildings have been found to contain serious vulnerabilities that can be used by cybercriminals to launch DDoS attacks according to security researchers at Applied Risk.

Experts Comments

Dot Your Expert Comments
Bob Noel
February 04, 2020
VP of Strategic Partnerships
Plixer

When end devices (IoT or other) have an IP address and are attached to the corporate network.
When end devices (IoT or other) have an IP address and are attached to the corporate network, they introduce new threat surfaces. It is imperative that network and security teams know every device that is attached to the network, and monitor all traffic to and from them so those end devices can be provisioned, monitored, and secured properly. The only way to do this properly is to deploy and correlate network traffic analysis with end device visibility/asset management tools.
Marc Gaffan
February 04, 2020
CEO
Hysolate

The number of IoT devices worldwide is growing exponentially - estimated to be over 75 billion by 2025.
The number of IoT devices worldwide is growing exponentially - estimated to be over 75 billion by 2025. As these devices continue to make their way into our everyday lives, attackers naturally are finding ways to exploit them. Attackers always look for the easiest way to establish their foothold - which happens to be these vulnerable access control systems. Vulnerabilities in hardware devices such as these are a common "low hanging fruit" for attackers. In fact, we must not forget that.....Read More
The number of IoT devices worldwide is growing exponentially - estimated to be over 75 billion by 2025. As these devices continue to make their way into our everyday lives, attackers naturally are finding ways to exploit them. Attackers always look for the easiest way to establish their foothold - which happens to be these vulnerable access control systems. Vulnerabilities in hardware devices such as these are a common "low hanging fruit" for attackers. In fact, we must not forget that endpoints (laptops/desktops) are one of the most commonly targeted devices by attackers - 70% of breaches start on the endpoint. We advise organizations to inventory and assess the security of all of the connected devices being used - everything from access card systems & connected security cameras to traditional connected devices like endpoints and network access control systems.  Read Less
Javvad Malik
February 04, 2020
Security Awareness Advocate
KnowBe4

Much like the original Mirai takeover of IoT cameras, this tactic can allow criminals to recruit many hundreds.
Unpatched software is the second most common vector used to compromise systems after phishing. IoT devices in particular are notorious for either having weak default settings that can be exploited, or have poor mechanisms to allow updates and patches to be deployed in a timely manner. Additionally, many IoT systems are not monitored with the same rigour as traditional IT systems, so it can be easier for a compromised device to be used for much longer by a criminal without it being detected. .....Read More
Unpatched software is the second most common vector used to compromise systems after phishing. IoT devices in particular are notorious for either having weak default settings that can be exploited, or have poor mechanisms to allow updates and patches to be deployed in a timely manner. Additionally, many IoT systems are not monitored with the same rigour as traditional IT systems, so it can be easier for a compromised device to be used for much longer by a criminal without it being detected. Much like the original Mirai takeover of IoT cameras, this tactic can allow criminals to recruit many hundreds, if not thousands, of devices into a botnet relatively quickly and be used to launch extremely effective DDoS attacks. IoT manufacturers have their part to play in ensuring devices are secured upon shipping and can be quickly and easily patched when a vulnerability is discovered. Organisations should also ensure any IoT or smart devices are secured and protected in the same way as other IT systems are so that any threats can be quickly detected and responded to.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Fake App Attacks On The Rise, As Malware Hides In...

Expert On Study That Brits Using Pets’ Names As Online...

Expert Reaction On Europol Publishes Its Serious And Organised Crime...

Fake Netflix App Allows Hackers to Hijack WhatsApp

Hackers Pretend To Be Your Friend In The Latest WhatsApp...

Millions Of Brits Still Using Pet’s Names As Passwords Despite...

Advertised Sites May Appear Genuine On First Glance

Facebook Ran Ads For Malware-ridden ‘Clubhouse for PC’

Linkedin Data Of 500 Million Users Being Sold Online

Experts Comments On Identity Management Day – Tuesday 13th April