Corporate brass digital devices ripe for hacker attacks

Digital devices and home networks of executives, board members, and high-value employees with access to financial, sensitive, and proprietary information are malicious attackers, according to a study released Tuesday by a cybersecurity services company. Is the target of.

Connected homes are a major target for cybercriminals, but few executives or security teams are aware of the excellence of this new threat.Fortune 1000-based enterprises using the Executive Protection Platform of BlackCloak..

“Black Cloak’s research is extraordinary,” said Darren Guccione, CEO of. Keeper securityPassword management and online storage company.

“This is a wide range of issues and vulnerabilities caused by millions of companies migrating to decentralized remote work while trading with corporate websites, applications and systems from unsecured home networks. It helps to clarify, “he told TechNewsWorld.

Researchers at BlackCloak found that nearly a quarter (23%) of executives have open ports on their home network. This is very unusual.

Daniel Floyd of BlackCloakCISO attributed some of these open ports to third-party installers. “They are audiovisual or IT companies and don’t want to send trucks when things break, so we set up port forwarding on our firewall,” he told TechNewsWorld.

“It allows them to connect remotely to the network and solve the problem,” he continued. “Unfortunately, the vulnerabilities that have not been patched with the default credentials or 4-5 years are improperly configured.”

Exposed security camera

An open port resembles an open door, explained customer threat analyst Taylor Ellis. Horizon3 AI, Automatic penetration testing as a service company in San Francisco. “In this era, we don’t keep doors unlocked 24/7, even if our home network ports are open,” he told TechNewsWorld.

“For business leaders, open ports that provide access to sensitive data escalate intrusions and threats of intrusion,” he continued.

“The port acts like a communication gateway for a particular service hosted on the network,” he said. “An attacker can easily open a backdoor to one of these services and manipulate it to place a bid.”

According to the report, 20% of the open ports on a company’s brass home network are connected to open security cameras, which can also pose a risk to executives and board members. ..

“Security cameras are often used by threat actors in both malware planting and distribution, but perhaps more importantly, they provide pattern and habit monitoring. If the resolution is sufficient, passwords and It’s about making sure that you have entered other credentials, “says Bud Broomhead. , CEO ViakooDeveloper of cyber and physical security software solutions in Mountain View, CA.

“Many IP cameras have default passwords and outdated firmware, making them ideal targets in the event of a breach, and once breached, it makes it easier for threat attackers to move laterally within their home network. “Masu,” he told TechNewsWorld.

Data leak

BlackCloak researchers have also found that corporate brass personal devices are not as secure as or better than home networks. More than a quarter (27%) of executives had malware on their devices, and more than three-quarters (76%) of their devices were leaking data.

One method of data leakage from smartphones is through applications. “Many apps require sensitive permissions that you don’t need,” Floyd explains. “People only open the app for the first time and click Settings and don’t realize they’re giving the app access to their location data. Then the app sells that location data to a third party.”

“This is a personal device for everyone, not just executives and their personal devices,” added Chris Hills, chief security strategist. Beyond TrustManufacturer of privileged account management and vulnerability management solutions in Carlsbad, Calif.

“The amount of data contained in a typical smartphone these days, PII, and even PHI, is amazing,” he told TechNewsWorld. “If we don’t think about the security associated with smartphones, we don’t know how vulnerable we can be.”

For many executives, personal device security does not seem to be a top priority. According to a survey, 9 out of 10 people (87%) do not have security installed on their devices.

Mobile OS lacks security

“Many devices ship without security software installed, but they may not be installed enough,” says Broomhead. “For example, Samsung Android devices come with Knox Security, where a security hole was previously found.”

“Device manufacturers may try to trade off security and ease of use to improve usability,” he added.

Hills argued that most people are comfortable and happy to think that the operating system that underlies smartphones contains the security measures needed to keep out malicious users.

“For the average person, that’s probably enough,” he said. “Given our role in the business and the enterprise, the security blanket of the underlying operating system is not enough for executives who have a lot to lose.”

“Unfortunately, most of the time we focus on trying to protect ourselves as individuals. Some of the most common things, such as smartphones, are often overlooked,” he continued.

Lack of privacy protection

Another finding by BlackCloak researchers was that most executive personal accounts, such as email, e-commerce, and applications, lack basic privacy protection.

In addition, they have discovered that executive security credentials such as bank and social media passwords are readily available on the dark web, making them vulnerable to social engineering attacks, personal information theft and fraud.

Nearly nine (87%) of the ten executives are currently leaking passwords on the dark web, and more than half (53%) do not use secure password managers, according to researchers. On the other hand, only 8% of applications and devices have multi-factor authentication enabled.

“While measures such as multi-factor authentication aren’t perfect, these basic best practices are essential for board / C suites, which often opt out of requirements, especially for convenience issues,” said Endpoint Security. Research specialist Melissa Bischoping said. TaniumA manufacturer of endpoint management and security platforms in Kirkland, Washington, told TechNewsWorld.

“Attack on an individual’s digital life can be a new risk for businesses to consider,” the researchers write. “But that’s a risk that needs immediate attention. Adversaries have determined that home executives are the least resistant path. As long as they are safe, seamless, and profitable, they Endanger this attack vector. “ Corporate brass digital devices ripe for hacker attacks

Back to top button