Effective cyber security plans require a multi-layered approach. In the past, most businesses relied on anti-virus software as their sole protection. Adding a firewall was considered to be “going the extra mile.” To say that won’t cut it anymore is the understatement of the century.
What does a multi-layered cyber security plan include?
Minimum Requirements –
- Monitoring
- Software Patches
- AntiVirus Protection and Updates
- Spam Control
- Email Archiving and Continuity
- Critical Monitoring 24/7/365
- Routine Network Maintenance
- Advanced EndPoint Protection (EDR)
- A password platform
- 2FA
- Zero Day Endpoint Protection
- Managed Backup (Encrypted)
- Staff Education
- Business Risk Reviews
But, if you value your business add these too…
- SOC
- SIEM
- Security Policies
- Centralized User Management
- C-Level Consulting
- Vendor Risk Management (VRM)
- 24/7 Backup Failure Monitoring
- Disaster Recovery Plans
- Redundant, Multi-Locational Backups (also known as Geo Redundancy)
- Testing, Verification, and Reporting
- Employee Response Procedures and Practices
We’ve written countless articles about cyber threats – and how to prevent them, using tools like the ones mentioned above – but there is one cyber vulnerability we’ve never covered. In fact, we’ve read thousands of articles and this topic was NEVER addressed. Well, there were small mentions here and there, but basically, it has been as ignored as a feral cat.
How could all of us leave this essential element out of the conversation?
Speaking for ourselves, we took it for granted. The cyber landscape is changing so quickly, that it’s easy to get roped into thinking solely about online cyber threats. But, what if you can’t get online in the first place? If your computer crashes, your wifi is down, or your processor is flawed there is no software solution in the world that can help you.
So the essential, yet vastly ignored, cyber topic of the day? Hardware.
When most people think of hardware, images of computers, tablets, and smartphones come to mind. Given a little more time, they might think of printers, scanners, or even projectors.
Technically, these are hybrid items, made up of hardware, firmware, and software. In fact, any “smart” IoT devices – from cars and toasters to watches and lightbulbs – are also a combination of these features.
Our mission today is to talk specifically about hardware vulnerabilities. Which means software and firmware are going to have to sit this one out. Except to say, they need to be updated on a regular basis. If patches are ignored, you’re just leaving the door open for hackers. It’s important to note, that some older models (also known as legacy devices), may not be on the market anymore. Which means updates aren’t provided. Those devices need to be replaced immediately.
Okay, moving on…
According to excerpts from an article by Turbo Future, they wrote, “Hardware (sometimes abbreviated to HW) can be defined as the physical components that a computer system needs to function. This distinguishes it from software, which consists of written instructions that tell the physical components what to do.
Internal and External Hardware Components
The components that makeup hardware can be categorized as being either internal or external.
Internal components are those installed inside the computer, typical examples being the motherboard, power supply, and central processing unit (CPU).
External components are connected to the outside of the computer, these can also be referred to as peripherals, or peripheral devices, common examples being the monitor, keyboard, and mouse.
Examples of Computer Hardware
- Motherboard
- Central Processing Unit (CPU)
- Power Supply
- Random Access Memory (RAM)
- Hard Disk Drive (HDD)
- Video Card
- Solid-State Drive (SSD)
- Optical Disc Drive (e.g. BD drive, DVD drive, CD drive)
- Card Reader (e.g. SD, SDHC)
- External Hard Drive
- USB Flash Drive
I will explain each of the components listed in more detail below.
1. Motherboard
The motherboard (known colloquially as a mobo) is the main printed circuit board of a computer. It houses the CPU and operates as a hub that all other hardware runs through. It allocates power to the other components, coordinates them, and enables communication between them.
2. Central Processing Unit (CPU)
The central processing unit, or CPU for short, is responsible for processing all information from programs run by your computer. Each CPU has a clock speed, which is the number of instructions it can process in any given second, measured in gigahertz. The quality of a computer’s CPU has a major effect on overall system performance.
3. Power Supply
The main role of the power supply unit is to convert the alternating current (AC) from an outlet to the Direct Current (DC). The computer components need DC to run normally. The power supply unit also controls voltage to prevent overheating issues.
4. Random Access Memory (RAM)
Random Access Memory (RAM) is the physical hardware inside a computer that temporarily stores data. It is normally found in the memory slots of the motherboard. Its role is to serve as the computer’s “working memory” for the information created by programs. Generally speaking, the faster the RAM, the faster the processing speed at which memory moves data to other components.
5. Hard Disk Drive (HDD)
The hard disk drive is the main data storage device of a computer. This is where the operating system, software titles, and the majority of files are stored. Unlike RAM, hard drives are non-volatile, which means that they maintain their stored data even when powered off.
6. Video Card
The video card (also known as a graphics card) is an expansion card that enables the computer to send output images to a video display device such as a monitor. The video card typically installs via a slot on the motherboard.
7. Solid-State Drive (SSD)
Solid-state drives are designed to be housed inside the computer as an alternative to traditional hard disk drives. Although they look almost identical to traditional hard disk drives from the outside, they have no moving parts. This means that they use less power, access data faster, and are generally more reliable.
8. Optical Disc Drive (e.g. BD drive, DVD drive, CD drive)
An optical disc drive (ODD) uses laser light or electromagnetic waves to read or write data onto optical discs. Common optical media designed for use with these types of drives are compact discs, DVDs, and Blu-ray discs. Optical disc drives can also be called disc drives, CD drives, DVD drives, and BD drives.
9. Card Reader (e.g. SD, SDHC)
Most personal computers and tablets have built-in memory card readers. This enables them to read data from memory cards, which are portable electronic storage devices used for storing digital information. Most contemporary memory cards use flash memory, although other memory technologies are currently being developed.
10. External Hard Drive
An external hard drive is a drive that typically connects to the computer’s USB port. Some draw power from the computer via the data cable, others need an AC wall connection. The main benefit of an external drive is its portability, you can carry relatively large amounts of data around with you, or transfer data between different computers.
11. USB Flash Drive
A USB flash drive is a portable data storage device. Unlike optical drives, flash drives have no moving parts, making them more durable. A USB flash drive has an integrated USB interface and connects to the computer via a USB port.”
For a more comprehensive list of Hardware, CLICK HERE.
We would also like to add Network Hardware to the list. In a fantastic article by Spiceworks, they wrote, “Network hardware refers to the physical devices that facilitate communication between hardware running on a computer network.
The Fundamental Devices of a Computer Network
Modems
A modem enables a computer to connect to the internet via a telephone line. The modem at one end converts the computer’s digital signals into analog signals and sends them through a telephone line. At the other end, it converts the analog signals to digital signals that are understandable for another computer.
Routers
A router connects two or more networks. One common use of the router is to connect a home or office network (LAN) to the internet (WAN). It generally has a plugged-in internet cable along with cables that connect computers on the LAN. Alternatively, a LAN connection can also be wireless (Wi-Fi-enabled), making the network device wireless. These are also referred to as wireless access points (WAPs).
Hubs, bridges, and switches
Hubs, bridges, and switches are connecting units that allow multiple devices to connect to the router and enable data transfer to all devices on a network. A router is a complex device with the capabilities of hubs, bridges, and even switches.
Hubs: A hub broadcasts data to all devices on a network. As a result, it consumes a lot of bandwidth as many computers might not need to receive the broadcasted data. The hub could be useful in linking a few gaming consoles in a local multiplayer game via a wired or wireless LAN.
Bridges: A bridge connects two separate LAN networks. It scans for the receiving device before sending a message. This implies that it avoids unnecessary data transfers if the receiving device is not there. Moreover, it also checks to see whether the receiving device has already received the message. These practices improve the overall performance of the network.
Switches: A switch is more powerful than a hub or a bridge but performs a similar role. It stores the MAC addresses of network devices and transfers data packets only to those devices that have requested them. Thus, when the demand is high, a switch becomes more efficient as it reduces the amount of latency.
Network interface cards
A network interface card (NIC) is a hardware unit installed on a computer, which allows it to connect to a network. It is typically in the form of a circuit board or chip. In most modern machines, NICs are built into the motherboards, while in some computers, an extra expansion card in the form of a small circuit board is added externally.
Network cables
Cables connect different devices on a network. Today, most networks have cables over a wireless connection as they are more secure, i.e., less prone to attacks, and at the same time carry larger volumes of data per second.
Firewall
A firewall is a hardware or software device between a computer and the rest of the network open to attackers or hackers. Thus, a LAN can be protected from hackers by placing a firewall between the LAN and the internet connection. A firewall allows authorized connections and data-like emails or web pages to pass through but blocks unauthorized connections made to a computer or LAN.”
So, now that you have seen some examples of hardware, which ones could expose you to cyber security threats?
… All of them
According to excerpts from an article by INFOSEC, they wrote, “Hardware and firmware vulnerabilities can put your business and your customers’ sensitive data at risk, costing you in diminished sales, reputation loss, and penalties.
Most of them arise from the continued use of legacy systems and out-of-date software that is no longer maintained by their respective vendors. The fact that the majority of these loopholes don’t necessarily raise a red flag may allow hackers to steal information, inject malware, or completely hijack your applications or corporate systems.
In THIS ARTICLE, we give a breakdown of the 32 most commonly exploited hardware and firmware vulnerabilities. If any of these relate to systems or devices that are under your jurisdiction, it’s extremely important that you take steps to plug these holes before disaster strikes.
Organizations should also strive to automate as much of the process as possible, which includes automatic updating of applications and the OS as soon as the vendor seeds a new version. Running hardware and software on the latest firmware is critical to safeguarding both household and corporate computing devices.”
Let’s move on to the protection portion of this article…
In a phenomenal article by JumpCloud called Mitigating Hardware-Based Attacks, they wrote, “These attacks are becoming more commonplace. They can bypass most authentication and endpoint security systems, and are challenging to trace. Attackers are adapting their modus operandi to leverage weaknesses in how operating systems manage hardware. The Postal Service, your employees, and even commercial products stacked on the shelves of big box stores are the latest and least understood avenues of attack. Training, internal controls, zero-trust access controls, and supply chain management must adapt in kind.
This problem is so prevalent that Honeywell Cybersecurity Research warned about it in June, 2021. Key findings were that 79% of cyber threats originating from removable media were ‘critical’ to Operational Technology in heavy manufacturing and that the amount of malware specifically engineered for use with that attack vector doubled year-over-year.
The U.S. Centers for Medicare and Medicaid similarly advised about the threats posed to healthcare devices. A USB drive or rogue device masquerading as a keyboard can bypass EDR and NAC security systems, exposing mission-critical systems to MitM attacks, industrial espionage, and ransomware.
This was ‘Jame Bond’ stuff 5-6 years ago, but cybercriminals are now targeting industries including manufacturing and healthcare, using the Layer 1 attack vectors. Hackers recently mailed devices out to companies throughout the United States; another threat is coming from ‘inside the house,’ as remote workers return to the controlled office environment.
Why Care about Hardware-Based Attacks?
Operating Systems are Too Trusting
Hardware-based attacks are happening because the USB standard did too good of a job simplifying the process of connecting peripherals to systems, which is exactly what it was designed for. There are instructional YouTube videos on how to spoof a trusted vendor’s Device and Class IDs, which are identifiers that operating systems use to recognize hardware such as keyboards. Crooks can replicate the look and feel of a known device, such as a keyboard, but have additional components hidden within the chassis that house a hidden malware payload.
These can be categorized into the following groups:
Rogue Devices
These include fake peripherals or a Raspberry Pi Zero impersonating logical parameters; the O.M.G. cable and NSA Cottonmouth that appear to be legitimate smartphone chargers, but are actually USB implants that are equipped with remote access tools or malware.
- These devices can load malware to become wireless USB interceptors
- IT doesn’t take the brightest engineer to master how to make one
- Information is available in public repositories online
Repurposed Devices
The Proxicast PocketPORT 2 is a tiny 3G/4G/LTE modem-to-ethernet bridge that can serve as a modem or router. Criminals have used this for deep monitoring within the financial services industry at a Tier 1 bank. Such a device could work over a passive cable connection, siphoning power from your systems. They’re not easy to find and remain hidden.
Secure IoT Devices
Internet of Things devices aren’t famous for quality security. There are examples where IoTs have been used to clog networks or engage in Bluetooth attacks including Blue Borne and Bleedingbit. Other flaws exploit methods that IoT products use to discover one another for easier installations. Malware can utilize that ability to propagate itself. These devices are often not easy to update and can become an underlooked attack vector within the network.
How it Happens
I recently had the pleasure of working with ‘retired’ intelligence agents from one of the world’s leading agencies. They now work with a company that’s addressing this problem and shared a few tales about how these attacks might (and probably did) occur:
- Devices are mailed to targeted companies
- A rogue state outsourced operations to target a U.S. power plant by way of a criminal syndicate that manages to deliver the device onto a plant floor.
- Affluent areas are targeted ‘like lottery tickets’ and thieves swap hardware from big box store shelves and replace the goods with rigged products. The assumption is that wealthier people have more to hide, and more to lose.
- Fake cable company workers knock on doors within a neighborhood, establishing trust, and then show up at the intended victim’s domicile with a ‘free gift’.
- Tailgating, where a friendly-looking individual carrying a keyboard is allowed access to an organization’s facilities, being mistaken for an IT person who will ‘finally fix that problem’. Bearing donuts was a favorite trick of the former intelligence agent I know. Who doesn’t like someone who’s carrying a box of goodies?
Threat Mitigation
Technical
There are now purpose-built systems to scan and control access to the physical layer, making it possible to uncover rogue devices without mirroring your network traffic. This is an emerging space where industry analysts and security professionals are paying greater attention to. The founders of some household name security companies are on the boards of start-ups addressing hardware-based access control. These solutions are typically not intended for Small and Medium Sized Enterprises (SMEs), however. Your controls are more likely to be targeted.
- Utilize a policy to block removable storage media
- Have your security systems configured to check for anomalous behavior such as USB drive activity outside of normal work hours.
- Deploy a quality EDR solution to protect to isolate malware and trigger alerts
- Have the ability to quarantine/isolate infected devices
- Conditional Access can be utilized to direct a specific host IP address to a Zero Trust Exchange Platform that will assess whether that device should access your network and determine ’trust’, depending on the system state.
- Consider using a cloud-based least-privilege file sharing platform to control access to sensitive data. There are several excellent options. Alternatively, setup shared NTFS folders on local machines with the appropriate permissions before granting anyone access.
- Control access to network storage devices (NAS/SAN, or even online file system) that use LDAP or SAML with a directory using group membership; JumpCloud uses attribute value conditions such as the job title of the department, but Windows uses nested groups. Admins who are following the older nested method of grouping may encounter redundancies and not proactively be alerted if there’s a violation of a business rule that’s not baked into group membership.
- Some permissions can be assigned through attributes if you’re using SAML. Least privilege settings are otherwise commonly configured directly on those devices.
- Use VLANs and network access control as much as possible. You may use VLAN steering to select and define user access to network resources. These are simple RADIUS attributes that are assigned through our RADIUS service.
Administrative
Effective mitigation also comes down to training your staff on the principle of ‘if you see something, say something.’ Strangers should be reported, and if possible, leverage proximity badges and employee IDs. More advanced controls can include a mantrap, deploying CCTV, or hiring security guards.
Also, keep in mind that employees could be disgruntled or compromised; ensuring that your people are happy, appreciated, and motivated plays a role in security. Manage your emotional culture: insider threats can and do occur, especially if someone is motivated to fulfill an emotional need, and criminals will try to exploit those pressure points.
You won’t have that controlled environment at your disposal when employees work from home. Train your employees to be vigilant and on the lookout for scams, odd packages, ‘free’ gifts, and requests for home mailing information in the form of phishing emails. Cybercriminals are well organized and will adapt to changing work conditions as Work from Anywhere normalizes.
Supply Chain Integrity
The worst case is if the rogue device comes from the inside, from you to your employees. Don’t bow to financial pressure when being pennywise is a pound foolish while rogue devices are infiltrating online merchants. We all think about smart budgeting, but saving a few dollars on inexpensive peripherals may not be worthwhile given the rising supply chain risk.
Your rationale is that there’s a very valid reason why the Federal Government has issued executive orders and guidance for government agencies to fully vet suppliers. You may not be the Feds, but taking measures such as having your purchasing department use legitimate suppliers, and avoiding Whitelabel and secondhand devices is advisable in today’s environment. You may also consider adopting ISO’s SDPX supply chain standard.
There are global ‘hotspots’ for this activity in Asia and Eastern Europe, but it’s a small, integrated world through global commerce and online auction sites. Don’t buy from a supplier that you don’t know and trust and you should be fine. Find other ways to cut your costs.
Conclusion
The IT industry has done a decent job of discussing threats to the network and software buckets of cybersecurity, but hardware-based attacks are something that’s not frequently talked about or well understood. Be aware that this is an emerging threat that we’ll be hearing more about and take precautions to be proactive before your organization is among the first to get caught unprepared and scratching its head during a post-mortem analysis of what went wrong.”
At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By making an investment in multilayered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions.
When you know your technology is being looked after, you can forget about struggling with IT issues and concentrate on running your business. By making an upfront investment in your cybersecurity, you can lower your costs through systems that are running at their prime; creating greater efficiency and preventing data loss and costly downtime.
To schedule your Cyber Security Risk Review, call the Adaptive Office Solution service hotline at 506-624-9480 or email us at helpdesk@adaptiveoffice.ca