Archive for May 11, 2020

Trend Micro Research Identifies Critical Industry 4.0 Attack Methods

Posted in Commentary with tags on May 11, 2020 by itnerd

Trend Micro today released research describing how advanced hackers could leverage unconventional, new attack vectors to sabotage smart manufacturing environments. 

For this report, Trend Micro Research worked with Politecnico di Milano in its Industry 4.0 lab, which houses real manufacturing equipment from industry leaders, to demonstrate how malicious threat actors can exploit existing features and security flaws in Industrial IoT (IIoT) environments for espionage of financial gain.

Critical smart manufacturing equipment relies primarily on proprietary systems, however these machines have the computing power of traditional IT systems. They are capable of much more than the purpose for which they are deployed, and attackers are able to exploit this power. The computers primarily use proprietary languages to communicate, but just like with IT threats, the languages can be used to input malicious code, traverse through the network, or steal confidential information without being detected.

Though smart manufacturing systems are designed and deployed to be isolated, this seclusion is eroding as IT and OT converge. Due to the intended separation, there is a significant amount of trust built into the systems and therefore very few integrity checks to keep malicious activity out.

The systems and machines that could be taken advantage of include the manufacturing execution system (MES), human machine interfaces (HMIs), and customizable IIoT devices. These are potential weak links in the security chain and could be exploited in such a way to damage produced goods, cause malfunctions, or alter workflows to manufacture defective products.

The report offers a detailed set of defense and mitigation measures, including:

  • Deep packet inspection that supports OT protocols to identify anomalous payloads at the network level
  • Integrity checks run regularly on endpoints to identify any altered software components
  • Code-signing on IIoT devices to include dependencies such as third-party libraries
  • Risk analysis to extend beyond physical safety to automation software
  • Full chain of trust for data and software in smart manufacturing environments
  • Detection tools to recognize vulnerable/malicious logic for complex manufacturing machines
  • Sandboxing and privilege separation for software on industrial machines

To find out more and read the full report, please visit: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/threats-and-consequences-a-security-analysis-of-smart-manufacturing-systems

Guest Post: ASUS Provides Tips For Improving Wi-Fi At Home

Posted in Commentary on May 11, 2020 by itnerd

As the return to work and school remains on the distant horizon, many people are continuing to rely on their home Wi-Fi networks more than ever before. However, with entire households now streaming video content, working remotely and accessing e-learning classes, it’s creating additional strain that can lead to bandwidth and connectivity issues. Here are some tips from ASUS on improving the quality of WiFi networks at home:

  1. Placement matters: Wi-Fi is a non-prioritized wireless signal, as opposed to signals from printers, phones, baby monitors or security cameras. To avoid interference, make sure your router is at least one to three feet away from such devices.
  2. Make sure your firmware is up to date: Most manufacturers continue to tweak software after a product’s first release – so update your firmware on a regular basis for performance improvements, better features and security updates. Additionally, updating the drivers in your PC can improve the overall experience and performance of your Wi-Fi.
  3.  Change the channel: Most routers will operate on a standardized channel. It’s possible that you might share the channel with nearby neighbours, creating issues with your signal. Consider using a free Wi-Fi scanning app to check for which Wi-Fi channel is used the most and try switching it to another.
  4.  Create a media bridge for device-heavy areas: Imagine a living room with a smart TV, TV-streaming hardware, gaming consoles and smart speakers. While all these feature built-in Wi-Fi, you can get much better reception and performance by using a low-cost router to function as a media bridge. To do this, just connect a hardline cable from the router to your TV, console or streaming device.
  5. Upgrade your hardware: If all else fails, it might be time to consider upgrading to a new router, especially if yours is a few years old. A mesh router can provide strong coverage for large houses and concrete-walled apartments alike. The ASUS ZenWiFi CT8 Router, for example, delivers perfect coverage to every corner of your home, for houses of all shapes and sizes. An older router can be limiting the speed to which your devices can perform, so you might want to consider upgrading.

Review: TP-Link AX1800 Deco X20 Mesh WiFi System

Posted in Commentary with tags on May 11, 2020 by itnerd

The TP-Link AX1800 Deco X20 Mesh WiFi system bills itself as the “WiFi Dead Zone Killer” among other things. That’s a pretty bold claim as pretty much every mesh WiFi system has some version of that claim. So I guess the question that I’m asking is if it lives up to that claim. Let’s find out. I’ll start with the specs that are on board:

  • WiFi 6 speeds up to 1,800 Mbps
  • 1,201 Mbps on 5 GHz
  • 574 Mbps on 2.4 GHz
  • OFDMA and MU-MIMO technology to increase capacity over 150 devices.
  • WPA3 encryption
  • 2 Gigabit ports per unit
  • Amazon Alexa compatibility (which I did not get the opportunity to test for the record)

Well on paper things look good so far. So let’s look at what you get in the box:

In the box you get three units. These three units will cover a staggering 5800 square feet.

Here’s one of the units with the protective wrap still on it. It’s going to fit into any decor without a problem because it doesn’t look like something from space or a Transformers movie.

You get a power plug on the back along with two gigabit Ethernet ports which increases the versatility of this mesh WiFi system. And as part of the deal you get TP-Link HomeCare. That encompasses the following:

  • Parental controls
  • Built-in antivirus
  • Quality of service

Setup is insanely easy. All you have to do is the following:

  1. Turn off your modem
  2. Connect one of the Deco units to your modem and power on both devices
  3. Download and launch the Deco app (Available for iOS and Android. I used the iOS version) to walk through the setup
  4. Declare victory and have a beer

Once everything was set up, everything happens through the app. Firmware updates, configuration, setting up TP-Link HomeCare. Everything. You can also get all sorts of stats from the app as well. But if old school web management is your thing, it can do that too as long as you have the most recent firmware version.

So, now that I am through the setup and specs, how does it perform is the next question? Well, I don’t have a 5800 square foot home. But I have a 1000 square foot condo with lots of concrete as well as a ton of competing WiFi access points as illustrated here:

If you come back in 30 seconds, you’ll see more WiFi access points. It is a challenging environment for WiFi to operate in. I used this setup for a week and noted these observations:

  • Even though I don’t currently have any WiFi 6 devices, I found that devices that relied on WiFi connected with more consistent speed above roughly 600 Mbps downstream. Which was about 100 Mbps higher than normal.
  • The range that I was getting was impressive. I could easily get these same numbers on places like my balcony which is usually a dead spot in my condo. I was also able to get WiFi in the hallway outside my condo. Plus I could also get WiFi one floor above or below my condo. If I had a house with a second floor, there’s no question that this range would be most welcome.
  • I noted no connection issues of any sort and moving devices like laptops and smartphones from place to place was a non-issue as the device was able to seamlessly connect from Deco unit to Deco unit without a problem.

So based on all of that, I think that it is safe to say that the TP-Link AX1800 Deco X20 Mesh WiFi system talks the talk and walks the walk in terms of being the “WiFi Dead Zone Killer”. If you want speedy WiFi that will cover your entire home, this mesh WiFi system is worth a look. I found it on Amazon for $400 CDN with free shipping which is a very aggressive price for a mesh WiFi system. That gives you another good reason to have a look at this mesh WiFi system and perhaps set one up in your home.

COVID-19 Survivors Blood On The Dark Web Costs 3 Times More Than Hiring A Hitman: Atlas VPN

Posted in Commentary with tags on May 11, 2020 by itnerd

Blood of supposedly recovered coronavirus patients on the dark web costs three times more than hiring a hitman, Atlas VPN research reveals. Cybercriminals are selling blood and other fake cures for 16 thousand dollars; meanwhile, you can commission a murder for 5 thousand dollars.

Criminals are claiming the blood as “passive vaccination”. Supposedly, the blood plasma of a recovered COVID-19 patient is harvested for the antibodies and injected into a COVID-19 patient, researchers explain. Also, criminals are selling the blood and saliva of a coronavirus survivor, or even anti-malaria drugs.

In comparison, the New York Times found a list of hitman “services” offered on the dark web. One website offers to murder a person for 5 thousand dollars, which is more than three times cheaper in comparison to coronavirus survival’s blood. 

The full report provides additional information on marketplaces for death and assassination, and analyses the pricing in the organ trade market.

To read the full report, head to: https://atlasvpn.com/blog/covid-19-survivors-blood-on-dark-web-costs-3-times-more-than-hiring-a-hitman/