We Come To Praise VPN
Not To Bury It...Yet

Every now and then, we like to give the devil his due. And by "devil," we mean the Virtual Private Network (VPN).

We're not saying the VPN is demonic. No, we actually want to tip our thinking cap to the brilliance of the network. Few technologies have had such an impact on the way businesses do business.

Long ago, when the Internet was in its Wild West stage, users sent information across it at their peril. All too often, documents either inexplicably disappeared into the netherworld or were captured by hackers.

This created a dilemma for big businesses and government agencies. They needed the reach and relatively low cost the Internet afforded them versus other intracommunications options. However, they could not risk losing sensitive documents and secrets that were the lifeblood of their operations.

Enter VPN.

VPN established a private connection for these enterprises, sort of a private network over the public Internet. In fact, if you're reading this at work, chances are it's being delivered to you via the traditional VPN hub-and-spoke architecture. Your corporate headquarters serves as the hub, while the branch offices are the spokes. VPN (or VPN over MPLS) connects each branch to the hub, where a VPN concentrator gives each branch access to the entire network.

(What keeps all these balls in the air is your IT staff. Love 'em or hate 'em, your IT staffers spend a lot of time and effort making sure your VPN remains functional, scalable, redundant and secure. Please keep that in mind the next time you want to chew your IT administrator out about a dropped call, choppy video or slow downloads.)

There are many impressive things about VPN. However, perhaps the most amazing is its longevity. The underlying technology was created in...you're sitting down, right?....1996. To put that into perspective, the 56k dial-up modem was invented in 1996.

Yeah, the 56k dial-up modem.

No matter how many times technicians revise it, marketers rename it or providers repackage it, VPN is still 20th century technology trying to handle 21st century challenges. It simply wasn't created to handle remote users, multiple clouds, colocation data centers or other elements of digitization. Which forces enterprises like yours to make a tough but necessary choice.

You can stay with your very familiar, once outstanding but now outdated VPN.

Or you can stay in business.

Next week: What The Model T Can Teach You About Digitization

New Research Reports Reveal Disturbing DDoS Statistics

Distributed denial-of-service (DDoS) attacks are more powerful, harder to prevent and costlier to deal with than ever before.

And if you need any proof, take a look at two major, recently released research studies.

According to the 2017 Data Breach Investigations Report from Verizon, enterprises experienced 11,246 DDoS incidents last year. Virtually all (98%) of the attacks were aimed at large organizations. Most of the incidents lasted a couple of days or less — more than enough time to bring down a website and render important systems useless.

The May 2017 Worldwide DDoS Attacks and Cyber Insights Research Report from information services firm Neustar gets into more detail. Neustar and Harris Interactive conducted global, independent research of directors, managers, CISOs, CSOs, CTOs and other c-suite executives. Respondents came from various industries, including financial services, technology, healthcare, retail and energy. Annual revenues of about half of these enterprises ranged from $500 million to $1 billion.

Of the 1,010 organizations surveyed, 849 had experienced a DDoS attack within the past year; 86 percent of those companies had been hit more than once. Furthermore:

  • 45 percent of DDoS attacks were more than 10 gigabits per second
  • 15 percent of attacks were at least 50 Gbps
  • 43 percent of organizations lost an average of $250,000 per hour
  • 51 percent needed three hours or more to detect an attack
  • 40 percent needed at least three hours to respond once an attack was discovered

What makes these numbers especially disturbing is that virtually all of the organizations surveyed (99 percent) were using some type of DDoS protection.

The Mirai Factor

Until recently, DDoS attacks rarely grabbed headlines the way cyber-espionage forays do. However, the Internet of Things (IoT) has changed all that. It's empowered DDoS attackers in unimaginable ways. the best example is Mirai malware.

Mirai, the Japanese word for "the future," infects IoT devices like cameras and servers, turning them into bots to be employed in DDoS attacks. Hackers can conduct large-scale DDoS attacks on services from hundreds or thousands of devices unattributable to the attacker.

Mirai botnets have done considerable damage since they were first discovered on Olympic websites last August. In September, they executed a record 620 Gbps attack on the cybersecurity blog KrebsOnSecurity, taking it offline. In October, the target was Internet infrastructure firm Dyn. That resulted in taking down many of the most-used web services, including Twitter, Reddit, Netflix and Spotify websites. Since then, other Mirai victims have included nearly a million Internet users in Germany and the entire country of Liberia.

"The Mirai botnet attacks were a wake-up call," said Deborah Clark-McGinn, senior director or product marketing at Neustar. "What most organizations have in place is not enough, especially in the face of new and emerging attack methods. Most organizations have some sort of DDoS protection in place, yet 90 percent are investing more than they did a year ago, and 36 percent think they should be investing even more."

Is your enterprise prepared? We can help. Our Dispersive™ Virtualized Network will enable you to prosper from the benefits of IoT while minimizing the security risks IoT poses.

Find out how we or one of our carrier partners can improve your situation. Email us at info@dispersivegroup.com or call us at (844) 403-5852.

 

Protect Your POS System From Hungry Hackers And Careless Vendors

Hundreds of millions of Americans dine at restaurants each year. Unfortunately, so do hackers.

In the past year alone, we've learned about cybercriminals devouring credit card information from CiCi's Pizza, Wendy's and Arby's. What makes these retailers so attractive to attackers is their highly vulnerable point-of-sale (POS) systems. The problem is so severe that cybercrime investigative journalist Brian Krebs recently blogged on KrebsOnSecurity:

From my perspective, organized crime gangs have so completely overrun the hospitality point-of-sale systems here in the United States that I just assume my card may very well be compromised whenever I use it at a restaurant or hotel bar/eatery.

According to the just-released 2017 Data Breach Investigations Report from Verizon, almost 65% of POS breaches involved the use of stolen credentials as the hacking variety. And 95% of breaches featuring the use of stolen credentials leveraged vendor remote access to hack into their customer's POS environments.

Anatomy Of A POS Hack

A vendor-enabled POS hack usually involves three basic steps. To illustrate this, we'll use the infamous Target hack, which compromised 40 million credit cards.

First, the hacker steals vendor login credentials. In the case of Target, a phishing email loaded malware on the computers of one of the retailer's HVAC vendors. The next time that vendor logged into the Target portal, the attacker captured the login credentials.

Next, the hacker uses these credentials to enter and roam the network. Target never released details on how its Windows servers were breached, but speculation has it that they fell to SQL injection attacks. This would have helped attackers attain elevated credentials, allowing them to move across Target's internal network.

And finally, the hacker begins exfiltrating POS credit card data. Target's attackers infected the system with malware that scraped the RAM off POS devices and grabbed data as cards were swiped. This information was sent to a "dump" server outside the compromised network, from which cybercriminals then moved the stolen data to off-site FTP servers.

Protecting Your POS System

Obviously, you can't eliminate third-party vendors. Doing away with your vendor portal is also unfeasible. It would greatly limit your working relationship with these important suppliers.

However, keep in mind that all it takes is one compromised vendor to put your entire POS system in jeopardy. So it's imperative you do all you can to prevent that. Here are some suggestions:

Require two-factor authentication. Make sure your vendors can't access your portal with just a user name and password. For even higher security, add a third factor of authentication for client devices.

Secure your network perimeter. Insist that third-party vendors access your network only with authorized devices. With software-defined networks, this means only devices on which the software is registered. This prevents attackers using stolen credentials from entering your portal via their devices.

Hide your vendor portal. It should not be visible, reachable or scannable from the public Internet. Instead, establish a zero-trust firewall to protect your enterprise applications and vendor portal from prying eyes.

Limit vendor access. Once inside the Target network, attackers moved laterally from server to server, searching for valuable data. Prevent this by locking down vendor access to just one application or server. That way, if an attacker does sneak through your vendor portal, he's limited to only that portal application.

Vet your vendors. We'll end with where you should begin. As the Verizon report stated:

"We recommend all businesses, small and large, ask the right questions to any third-party management vendors about their security practices, specifically about use of two-factor authentication."

Don't wait to be the next victim. Talk to Dispersive. Our virtualized networks can bring unmatched security to your POS systems, minimizing your concerns about hungry hackers and careless vendors.

Find out how we or one of our carrier partners can improve your situation. Email us at info@dispersivegroup.com or call us at (844) 403-5852.

Proceed With Caution When Building Your IIoT Network

A 2015 Accenture report estimated that the Industrial Internet of Things (IIoT) will add $14.2 trillion to the global economy by opening new opportunities. And Cisco estimates IIoT will save an additional $3.9 trillion via efficiency improvements and cost savings.

Obviously, the sooner an industry decides to expand its IIoT ecosystem, the quicker it can enjoy new revenue streams and cost efficiencies. However, jumping on the IIoT bandwagon too quickly and too extensively can lead to problems. In its report about the future of IoT, Gartner describes three red flags that also applies to IIoT:

  • The IoT demands a wide range of new technologies and skills that many organizations have yet to master.
  •  A recurring theme in IoT is the immaturity of technologies and services and of the vendors providing them. Architecting for this immaturity and managing the risk it creates will be a key challenge for organizations exploiting the IoT.
  •  In many technology areas, lack of skills will also pose significant challenges.

One of those significant challenges is thwarting cyberattacks. According to a Kaspersky Lab report, 40% of industrial computers were hacked during the second half of 2016. The Internet was the source of 22% of industrial system infections – more than removable media, email clients, archives, network shares, backup copies and cloud storage combined.

When choosing network architecture, its imperative industry infrastructure and operations (I&O) authorities understand the threats their industries face. Here are four major security risks to consider when implementing IIoT within your ecosystem:

DoS/DDoS. DoS/DDoS performed against IIoT can result in blackouts, loss of revenue and loss of life. A DoS attack can be launched against an IIoT network to deny services performed by its devices. These attacks can also be instrumented from the IIoT network itself when the devices are infected with malware.

Replay attacks. IIoT devices are small with a specific task that they do repetitively. This makes IIoT susceptible to replay attacks and detection of anomalies that can be replayed to cause an event-affecting alarm.

Unauthorized access. The biggest security risk to your network and devices is people. IIoT involves multiple ecosystem partners that include people within your organization and external contractors. Access to the industrial control networks from the enterprise network or the enterprise VPN can easily lead to unauthorized access to the entire network even when access to a specific service is all that is required.

Infiltration/exfiltration of data and malware. Employee devices have a high potential for malware infection through personal interactions with the Internet. These compromised devices come in and out of your enterprise and are connected to the IIoT network, increasing the risk that it will be compromised. Once that happens, hackers have the opportunity to exfiltrate valuable data from your business.

The IIoT learning curve is steep, slippery, and potentially costly. Choosing the wrong network architecture can limit more than its performance or scalability. It can limit your ability to protect your enterprise from cyberthreats.

For more information on how we or one of our carrier partners can help you secure your network and take advantage of all IIoT has to offer, email us at info@dispersivegroup.com or call us at (844) 403-5852.

 

Why The Dallas Siren Hack Should Alarm Every City

As you probably know, last week someone hacked the Dallas emergency weather alarm system. All of the citys 156 sirens wailed for 95 minutes until the system was shut down. The incident spawned hundreds of tweets and memes poking fun at the situation.

However, most of Dallas 1.3 million residents were not amused.

Since the alarms went off shortly before midnight, citizens were literally in the dark about what was going on. Some thought a tornado was about to hit the area, something that had happened only days earlier. Others, learning just hours earlier that the U.S. had bombed Syria, wondered if the U.S. was now under attack.

From 11:30 a.m. Friday and 3 a.m. Saturday, 911 operators were deluged with 4,400 calls nearly twice the normal volume. In one 15-minute period shortly after the first siren blast, a staggering 800 calls were recorded. There is no way to determine how many lives may have been lost due to legitimate emergency calls failing to get through.

This incident should be a wakeup call to every U.S. city. While the Dallas hack involved radio signals, not Internet connections, it still illustrates a critical point. As our cities become smarter thanks to the Internet of Things (IoT), they also become more vulnerable.

The IoT enables street lights to adapt to weather conditions, traffic lights to adjust their patterns to traffic, and video cameras to view and record virtually every inch of a city. Yet IoT devices incorporate sensors and microcontrollers that sorely lack effective encryption and security protocols.

And its not just the fault of IoT devices; the networks that connect them 4G LTE, GSM, WiFi bluetooth, etc. are vulnerable, too. Data can be snatched by attackers and used to invade connected devices. Infrequently updated codes can make telecommunication switches easy prey.

Infrastructure attacks can garner immediate and often fatal results. They can create a ripple effect that overloads other infrastructures. They can demoralize a citizenry and weaken a nation. Its no surprise more and more hostile nations and terrorist groups are creating cyberattack units that target critical infrastructure and industrial secrets.

Dallas Mayor Mike Rawlings is looking at the siren hack as another serious example of the need for us to upgrade and better safeguard our citys technology infrastructure. We hope other cities heed that warning.

Dispersive's solutions can help any city or state even our nation protect its services and critical infrastructure. For more information on how we or one of our carrier partners can benefit you, email us at info@dispersivegroup.com or call us at (844) 403-5852.