Tag Archives: cyber security

Washington DC City Officials- Surveillance Cameras were Hit by Ransomware

Tyco Security Products Cyber Protection Program

The Washington Post reported that Washington DC City officials were hit by ransomware that, between Jan. 12 and Jan. 15, left the police cameras unable to record events. The cyberattack affected 123 of 187 cameras network video recorders deployed in a closed circuit TV system for public spaces across the city, the officials said late Friday in disclosing the event.

We encourage all of Tyco Security Products customers to take cybersecurity seriously and highly recommend implementing validated backup and restoration processes. Ensuring that our products have comprehensive capabilities required for a resilient operation is one part of our Six Part Approach to Cyber Protection of Physical Security Products. Read about it and other cybersecurity best practices on our Cyber Protection webpage and sign up to receive cybersecurity advisories.

80% of IoT apps not tested for vulnerabilities, report says

Tyco Security Products Cyber Protection Program

A new report from the Ponemon Institute, IBM, and Arxan claims that just 20% of IoT apps are actually tested for vulnerabilities.  In addition 46% were sure their organization experienced a breach due to an insecure IoT app. We encourage all of Tyco Security Products customers to take cyber-security seriously. That is why we have developed a Six Part Approach to Cyber Protection of Physical Security Products which includes on-going rigorous testing. Read about it and other cyber-security best practices on our Cyber Protection webpage and sign up to receive cyber-security advisories.

Cyber Security in the News

Cyber security breaches aren’t limited to high profile incidents such as credit card information theft from retail companies or personal information theft from government organizations. As recently reported by Reuters, ThyssenKrupp AG (TKAG.DE) was subject to various cyber attacks in their steel production and manufacturing plant design divisions earlier this year, resulting in loss of technical trade secrets and project data (http://www.reuters.com/article/us-thyssenkrupp-cyber-idUSKBN13X0VW) .

cyber protection

The gravity of these incidents serve as a reminder of the importance of Cyber Security.  To help better protect your organization from similar attacks, Tyco Security Products has developed a Six Part Approach to Cyber Protection of Physical Security Products. Read about cyber security best practices for physical security on our Cyber Protection webpage and sign up to receive cyber security advisories.

Tyco Security Products’ Cyber Protection Program’s Security Audit Tools Address Device Vulnerabilities

A recent analysis of Internet of Things device traffic identified various IoT connected devices that were exhibiting potentially dangerous behaviors including using plain-text HTTP protocol for authentication or firmware updates, leaving them susceptible to sniffing and man-in-the-middle attacks.

security-audit-docx

As part of its Cyber Protection Program, Tyco Security Products considers security at the beginning of the product development process resulting in features and capabilities needed to secure the product in its environment.  For example, VideoEdge NVRs provide a Security Audit page that allows integrators and end-users a single view of their security posture of the device.

The audit page is an important tool for customers, giving them visibility on all accounts with remaining default passwords, enable / disabled status of ports and protocols such as HTTP, TLS certificates, and user security configurations such as password complexity, auto logout, account lockout.

Tyco Security Products’ is committed to cybersecurity.  Our holistic Cyber Protection Program combines best practices in secure product development, testing and evaluation, rapid response to potential vulnerabilities, and configuration guidelines for compliance.

Competing hackers dampen the power of Mirai botnets

In a recent article published by PC World, the malware behind last month’s distributed denial-of-service attacks is losing its potency as hackers compete for control of IoT devices. As we reported in a recent Tyco Security Products Security Advisory, be sure to disable remote access if it’s not critical, change the password to a complex password, and reboot the device.  Be sure to complete these steps in this order rather than reboot it first – as this article states, competing hackers are quickly re-infecting the devices, sometimes within 30 seconds of the device being rebooted and going back online.  (Read the Article)

Cyber Security

Sign up to receive Tyco Security Products Cyber Security Advisories and read about other cyber security best practices on our Cyber Protection webpage.

Many Cyber Attacks Are Preventable

In a recent article published by eSecurity Planet, 43 percent of IT professionals admit that cyber-attacks could be prevented with better policies around potential vulnerabilities such as weak passwords; 58 percent prioritize heightened capabilities in perimeter-based controls such as ensuring that devices are properly configured and are running the most up-to-date software. (Read the Article)

cyber awareness

Tyco Security Products has developed a Six Part Approach to Cyber Protection of Physical Security Products. Read about it and other cyber security best practices on our Cyber Protection webpage and sign up to receive cyber security advisories.

National Cyber Security Awareness Month

October was National Cyber Security Awareness Month. As a trusted global leader, Tyco Security Products has developed a Cyber Protection Program and dedicated cyber protection team to lead the way in identifying, informing and developing cyber secure physical security products.

cyber awareness month_Future-threats

 

In case you missed any of our resources, here they are again:

Follow us to engage in the cyber security conversation and learn more about Tyco Security Products cyber protection program.

Distributed Denial of Service

If you were not already familiar with the term Distributed Denial of Service (DDoS), then over the past several weeks you probably have become aware of it through various news articles.

A few key points in the media about the DDoS attacks:

  • Some of the largest DDoS attacks ever launched[1] in late September
  • Release of the Mirai source code used to create the DDoS attacks in early October[2]
  • Growth of devices infected by Mirai malware is growing from 213,000 to 493,000, by mid-October[3]
  • Twitter, Netflix and PayPal and many popular site being unreachable for part of Friday as a result of a new DDoS attack[4]

Were Tyco Products Affected?
These attacks are of special interest for companies such as Johnson Controls because they were launched from botnets composed of “Internet of Things” (IoT) devices, such as CCTV video cameras and digital video recorders[5]There is no indication that any Tyco Security Products devices were involved in these attacks.

  • Illustra cameras are designed to prevent user access to the camera’s operating system and as a result of that decision: telnet is not available on any Illustra camera model.
  • VideoEdge NVRs do not support telnet. Also, all known botnet scanners look for a different version of Linux than used on VideoEdge.
  • iSTAR controllers do not support any remote access protocol and will not be detected by the malicious scanners.
  • DCM controllers, AC200 (RTC) Ethernet Controller and Emerald Intelligent, multi-function access terminals do not support Telnet
  • exacqVision network video recorders and video management system (VMS) software has SSH disabled making it unaffected.
  • Kantech  access control system also remains unaffected.
  • Applications such as AC2000, C•CURE 9000 and victor are not affected. These applications also do not require remote access protocols.

Background: What are Distributed Denial of Service Attacks?
If you are not familiar with a Distributed Denial of Service (DDoS) attack, it is an Internet attack, which typically targets websites in an attempt to bring down the site so that it is inaccessible to other Internet users.  It is a common tactic for activists and groups looking to suppress information or as a form of extortion; demanding money from the victim to cease to attack.  These attacks work by flooding the target website with large amounts of data, or requests for data, that use up a website’s resources. With a small attack, the site may appear to be slow, but large attacks can bring down a website making it inaccessible.

What is a botnet?
These recent attacks have used a ‘botnet’, or a network of devices, infected with malware. The attacker is able to remotely control the device. The owner of the device will not know it has been infected because the malware does not affect the devices normal operation.

This malware is only able to be loaded onto the device if it has a remote protocol such as telnet or SSH enabled on the device. Telnet and SSH are common among physical security products and devices with the protocols enabled will be detected by the scanner.  The Mirai malware uses a table of common factory default usernames and passwords to log into devices.

Recommendations for Installers and End Users
If you have a device which is using the default password and a remote access protocol enabled, you are at risk. To prevent your device from becoming a bot, you should immediately:

  • Disable remote access if it is not required.
  • Reboot the device. This does not have to be a factory reset, just turning the power off, wait a minute and turning it back on is sufficient
  • Change the password to a complex password. If you do not change the password or have a device that doesn’t allow you to change the password, you run the risk of becoming infected.

Again , the following Tyco Security Product devices are not affected:

  • Illustra Cameras
  • VideoEdge NVRs
  • iSTAR
  • DCM
  • AC2000 RTC Controllers
  • Emerald Intelligent Access Terminals

Sign Up to Receive Security Advisories
Tyco Security Products dedicated Cyber Response Team generates notices, typically within 24 hours, advising which products, if any, might be vulnerable along with mitigation steps. If it’s a critical security vulnerability, the team will develop, test and release patches to resolve issues.  Sign up to receive security advisories and access compliance guidelines. 


Sources:

[1] Wall Street Journal Sept 30th 2016 Hackers Infect Army of Cameras DVRs for Massive Internet Attacks http://www.wsj.com/articles/hackers-infect-army-of-cameras-dvrs-for-massive-internet-attacks-1475179428

[2] Wall Street Journal October 5th 2016 Hackers Release Botnet Code, Raising Specter of More Attacks ttp://www.wsj.com/articles/hackers-release-botnet-code-raising-specter-of-more-attacks-1475677667

[3] PC World October 18,th 2016 Hackers create more IoT botnets with Mirai source code http://www.pcworld.com/article/3132571/hackers-create-more-iot-botnets-with-mirai-source-code.html

[4] Wall Street Journal October 21st 2016 Cyberattack Knocks Out Access to Websites http://www.wsj.com/articles/denial-of-service-web-attack-affects-amazon-twitter-others-1477056080

[5] Krebs on Security October 21, 2016 Hacked Cameras, DVRs Powered Today’s Massive Internet Outage  https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/#more-36754

Cyber Security Assessment

Today’s businesses are faced with unprecedented threats from sabotage, theft of intellectual property and compromised sensitive data. Have you considered how your physical security products affect your cyber security?

TSP Cyber Protection Program Flowchart

 

Take a look at our infographic and assessment quiz to see if you are asking the right questions and taking the next step to be cyber secure.

Access the InfographicTake the Assessment Quiz
Learn more about Tyco’s industry-leading Cyber Protection Program.

Cyber Security Language

Security breaches are in the news today more than ever before. Security integrators and security officers must work with IT departments to ensure the physical security system is successfully deployed, maintained and upgraded on the network with minimal impact and without compromising network security.

cyber crime

To create a complete cyber secure environment, IT and security departments must effectively work together. However, physical security and IT often use the same words to mean different things – resulting in everyone being confused. Sometimes security integrators and security officers even avoid the IT department due to the misunderstanding.

For example, IP may mean intellectual property to a corporate security officer but internet protocol to IT security professionals. Or perimeter may mean the exterior building wall to the security officer and network connection to the outside to the IT professional.

To make sure all departments are speaking the same, common language, we suggest developing a list of terminology definitions that everyone can use.

Terms to be Clearly Defined:

  • IP
  • CredentialsTyco Security Products Cyber Protection Program
  • Key
  • Patch
  • Firewall
  • Vulnerability
  • Social engineering
  • Perimeter
  • Intrusion detection
  • Bandwidth
  • Directory
  • Security logs
  • Revocation
  • Signature

Having a common subset of terms will help you understand how to ask the right questions and quickly comprehend the answers. After establishing your company common language, clearly explain the information you need from IT to be able to define the network and security requirements.

Learn more about the Tyco Security Products Cyber Protection program.