January
15
2016
Reflare - Weekly Security Briefing 2016-02
This week, we saw two major security breaches that brought down not only a major player in broadband, but also an entire country.
Ukraine
80,000 people in the Ukraine lost electricity for several hours after hackers breached the country’s power grid using a type of social engineering attack called “spear phishing.†Spear phishing sends phishing attacks to key personnel within an organization to obtain highly sensitive credentials and data. In the case of Prykarpattyaoblenergo utility, hackers were able to breach Ukraine’s critical power supply using malware called “BlackEnergy Malware†in a corrupted Microsoft Word file.The breach brings to light the importance for workers in major infrastructures such as power, sewage, water, and food sources to be on alert for potential risks. Hackers are no longer targeting just individuals but also government entities and critical networks. These structures were built decades ago, and older systems are sometimes vulnerable to various attacks if not patched properly. It is no longer a question of “if†the system will get hacked, but when and who will hack it.
Xfinity
Comcast engineers learned the importance of thinking like a hacker this week. Engineers do not often think of security risks when designing systems, and it is a critical mistake in software development. Such is the case with Comcast’s Xfinity Home Security systems. IoT has become increasingly targeted more by hackers since security is not often integrated into its software.Xfinity’s security system monitors the home for intruders. However, jamming the wireless signal that sends data back to the central hub was found to set a false negative within the home even if an intruder is present. Instead of considering “failure†a case for an alert, the Xfinity system considers the environment “safe,†which goes against standard security protocols. This could leave the home vulnerable to a thief with US$ 20 worth of jamming equipment.
The breach brings to light the importance of security as part of development and engineering with IoT systems, which are currently problematic. The Xfinity hack is just one of several IoT systems that were shown to be vulnerable to hackers. Until IoT designers think like hackers, these systems will continue to expose severe flaws.