Archive for February 16, 2024

Review: EnGenius Fit6 4×4 Lite WiFi Access Point

Posted in Products with tags on February 16, 2024 by itnerd

Engenius last year launched a series of access points targeted towards home and small office users called EnGenius Fit. This line of products is meant to take aim at the pain points of these user by making them easy to deploy and manage. Today I’m reviewing the EnGenius Fit6 4×4 Lite (also known as the EWS-276fit) and here’s a look at it starting with the bottom:

  • 1 x 10/100/1000/2500 N-BASE-T, RJ-45 Ethernet Port
  • 1x DC Jack (this is a good time to mention that this is a PoE device and no AC adapter is included)
  • Reset button

On the side is a Kensington lock slot.

The top has a bunch of LED’s to indicate the status of the access point. One thing that I should point out is that this access point is really thin. Thus it’s more likely to go unnoticed.

This access point supports 2.4 Ghz and 5 Ghz WiFi. Which means that you can get up to 2400 Mbps in the 5-GHz frequency band & 1148 Mbps in the 2.4-GHz frequency band in ideal conditions. It also supports everything up to 802.11ax. In my testing using my usual testing protocol, I got these speeds:

  •  4.5 meters away:  912 Mbit/s
  • 10 meters and a pair of concrete walls to deal with: 569 Mbit/s

These are better than respectable speeds. If you had this access point, I doubt there’d be any complaints. Especially with multiple clients which this access point handed without an issue.

In terms of managing this access point, you get three options:

Option A – Cloud Management: Manage and monitor the Access Point through the FitXpress Platform with a mobile app or through the web portal.

Option B – On-Premises Management: If you want to manage the device in on-premises mode, you need an onsite management station running a FitController connected to the same network.

Option C – Standalone Configuration: You connect to the access point with a web browser and manage it that way.

I set it up using Option C, but it’s nice to have options for whatever you feel most comfortable with. And deploying it only took me 15 minutes.

The EnGenius Fit6 4×4 Lite Indoor Wireless Access Point is available now for a price of $149 USD. If you’re looking to blanket your office, or a home with WiFi that won’t break the bank, and at the same time have something that is easy to deploy and manage, this is totally access point is totally worth looking at.

Leave a comment »

LockBit Claims Responsibility For Pwning Fulton County

Posted in Commentary with tags on February 16, 2024 by itnerd

The LockBit ransomware gang is claiming responsibility for the January Fulton County Georgia cyber-attack and are threatening to publish “confidential” documents if the ransom is not paid by this Friday.

You might recall that I first brought this story to you on February 1st. But here’s a quick recap.

Initial reports by the county on January 29th acknowledged a “cyber security incident”, confirming widespread system outages, including phone, court and tax systems, but gave no further details.

It wasn’t until yesterday, almost three weeks later and only after LockBit claimed the attack, that officials acknowledged the outage was in fact a ransom attack, but still offered no details on the attack itself. Many of the county’s systems are still down and the investigation is on-going.

Services remaining down include:

  • 2/3rd of phone services
  • Court systems
  • Property tax systems
  • Jail IT systems
  • Water billing

LockBit has given a deadline of Friday 2/16 for the County to pay the ransom. Fulton county is Georgia’s largest county and home to the state’s capital, Atlanta.

Steve Hahn, Executive VP, BullWall had these thoughts:

   “What we are seeing here is part of a larger trend. Cities all across the US are under attack by Russian threat actors. Oakland declared a state of emergency when nearly all services, all the way to their city hall, were shut down. In that instance the threat actor stole and released data as well. Hundreds of US cities have been the victim of these attacks.

   “In the past these Russian threat actors were strictly financially motivated. Since the war in Ukraine the attacks have become increasingly targeted and not just getting the Ransom but also hurting us financially. Hitting supply chains that could impact inflation, hitting hospitals and cities providing life saving services to maximize the human impact. The other new trend is the threat actor is typically getting command and control access prior to the attack. This means they have admin level rights, they steal data, then set up their ransomware attack in a way that no preventative tool can stop it.

   “We have to recognize that we are truly under attack and if you’re in their crosshairs it’s not “if” but “when” you’ll be hit with Ransomware. We have to shift focus from simply trying to prevent these attacks to also how to contain them quickly to minimize the effect. Containment and recovery are key strategies these cities need to employ so their services aren’t impacted. We need MFA to every server, every session. They need to work towards a zero-trust environment and, most importantly, they need containment and recovery strategies in place. In the same way we “war game” physical attacks, knowing you can’t pin your hopes on “preventing” them, we need to take that same approach to cyber-attacks and assume it’s not “if” but “when” and how do we respond. Cities simply aren’t doing that today.”
   

Emily Phelps, VP, Cyware follows with this comment:

   “Effective cybersecurity is challenging for even the most well-resourced organizations. Local governments have additional resourcing challenges that further complicate protecting the critical data of their citizens.

   “Organizations, across sectors, must become more proactive in their cyber defense strategies. This starts with advanced threat intelligence that can be automatically operationalized across a security team. Context-rich threat intelligence enables security teams to prioritize critical threats and take rapid action. Intelligence sharing organizations (ISACs) are also an important component that can provide relevant intelligence to industry organizations to improve effectiveness and efficiency.”

Given that I started to write about this at the start of this month and the incident is still ongoing shows how devastating and disruptive cyberattacks can be. Which is why prevention and rapid detection of intrusions has to be the way to go to stop from being the next headline.

1 Comment »

Microsoft & OpenAI – How nation-states are weaponizing AI 

Posted in Commentary with tags , on February 16, 2024 by itnerd

According to research from Microsoft and OpenAI, Nation-state threat actors from Russia, China, and North Korea and Iran are using generative AI tools, including large language models (LLMs) such as ChatGPT, in their efforts to support cyber campaigns rather than to develop novel attack techniques.

The researchers observed that AI is currently being used to scale and enhance existing social engineering attacks and to help bad actors find unsecured devices and accounts using the following services:

  • Querying open-source information (reconnaissance)
  • Translation
  • Scripting
  • Finding coding errors
  • Running basic coding tasks

OpenAI said yesterday that it terminated 5 threat actor accounts linked to China, Russia, Iran and North Korea observed to be using these TTPs.

Also, as part of the report, Microsoft published a set of principles to govern its efforts to prevent other state-backed hackers from abusing its AI models. Those principles are:

  • Identification and action against malicious threat actors’ use
  • Notification to other AI service providers
  • Collaboration with other stakeholders
  • Transparency

“Understanding how the most sophisticated malicious actors seek to use our systems for harm gives us a signal into practices that may become more widespread in the future, and allows us to continuously evolve our safeguards,” OpenAI wrote.

Ted Miracco, CEO, Approov Mobile Security had this comment:

   “The emergence of nation-state actors leveraging generative AI in cyber operations is no surprise and underscores the urgent need for proactive measures to safeguard digital infrastructure and information assets. Microsoft, OpenAI and Google can shutdown accounts periodically, but powerful generative AI technologies are readily available to all nation states through open source LLMs that are very close in capabilities to the industry leaders. There is no effective choke point that will prevent these nation states form using these emerging AI technologies, and it is essential to understand that safeguards need to be in place across the digital landscape as the opportunity to curtail access at the source has passed.”


Mark Campbell, Sr. Director, Cigent follows with this comment:

   “At the end of the day nothing really changes for security professionals.  Phishing, whether human or AI generated, is still the leading cause of initial access. Cyber security professionals need to keep systems up to date and deploy advanced endpoint security solutions that include AI and behavior analysis, to more effectively detect and block malicious activities, including those initiated by AI generated phishing emails.”

Making sure that AI isn’t being abused by bad actors to launch attacks should be priority one. Yes there’s a ton of cybersecurity priorities out there, but this one at the moment appears to potentially be the most dangerous.

Leave a comment »

Roku Surpasses 80 Million Active Accounts and More than 100 Billion Streaming Hours in 2023 

Posted in Commentary with tags on February 16, 2024 by itnerd

Roku has more than 80 million active accounts and counting, a major marker of the company’s growth and scale as consumers continue to move to TV streaming. Viewer engagement on Roku is also at a record high—for the first time, more than 100 billion hours were streamed on the platform in 2023, averaging a record of 4.1 hours per day per account in Q4. Additionally, in the U.S., Roku’s active account base is now bigger than the subscribers of the six largest traditional pay-TV providers* combined. 

In 2023, Roku launched its own line of TVs and expanded the Roku TV licensing program to include more than 30 partners, furthering the reach of the Roku Operating System (OS). In select markets, user experience updates, new features, and content discovery tools like the Sports Experience, What to Watch, All Things Food, and All Things Home were added to the platform. These enhancements, plus a more informative and engaging Roku search, have led to increased time spent on the platform and an easier, more enjoyable experience for the Roku user.  

Since the launch of its first streaming player in 2008, Roku has put the needs and experience of the consumer at the center of its offerings, such as The Roku Channel and Roku’s purpose-built OS. Through its streaming players, Roku TV program, Roku-branded TVs, and continuous innovation on its platform, the company will continue to grow its scale and deliver a best-in-class TV streaming experience for viewers. This continued growth helps the company on its mission to be the global TV streaming platform that connects and benefits the entire TV ecosystem, connecting content partners to an engaged audience and providing advertisers with unique capabilities to reach viewers. 

Roku is the leading TV streaming platform in the U.S. and Mexico by hours streamed (Hypothesis Group, Dec 2023) and is the #1 selling TV operating system in the U.S., Canada, and Mexico in Q4 (Source: Circana, Retail Tracking Service, Unit Sales, Oct-Dec 2023 combined).  

*Leichtman Research Group, Nov 2023 

Leave a comment »

New iOS And Android Malware Takes Over Your Device And Steals Your Facial Image To Commit Fraud

Posted in Commentary with tags on February 16, 2024 by itnerd

According to the Feb 15th report by Group-IB, the malware steals the users facial image with video and stills and gets them to upload the images and PII to their C2 servers. The threat actors have been using “multi-staged social engineering scheme” to persuade victims to install a Mobile Device Management (MDM) profile that gives them full control of the user’s device. The malware affects iOS and Android devices.

According to Group-IB the trojan was found disguising itself in 20 different applications from the Thailand’s government, the financial sector, and utility companies and stealing login credentials from these services.

Approov Mobile Security CEO Ted Miracco offers some thoughts on this malware and attacker’s approach:

   “While the social engineering piece of this attack is common, and stealing facial data isn’t entirely new, the focus on deepfake creation for financial fraud is a concerning and very recent development, that wouldn’t have been possible a couple years ago. This is part of the rapidly evolving threat landscape that are 100% enabled through the use of AI technologies. 

   “At this time, the GoldPickaxe malware can trick users into generating images and videos from their iOS and Android phones. This is not the same as stealing biometric data that is stored on the device’s secure enclave and is encrypted and remains secure. This malware is not breaching the Face ID functionality nor breaching either of the two mobile OSes security features, so at this time there is no reason to fear widespread attacks, and there is no reason to disable biometric support from the apps and phones that enable them. 

   “There are several things that can be done to prevent these kinds of attacks. Endpoint detection and response (EDR) and runtime application self protection (RASP) are solutions specifically designed for mobile devices to detect and respond to malicious activity in real time. 

   “It’s extremely unlikely that “GoldPickaxe” will slow facial recognition development, however, it serves as a wake-up call for responsible development and implementation of security mechanisms to detect deep fakes and other fraud.”

This is pretty scary as it’s always been thought that biometrics are an excellent way to secure your device. Clearly given the existence of this malware, that no longer appears to be the case. And it proves that threat actors will stop at nothing to get what they want.

Leave a comment »