Netizen Threat Brief: 21 March 2018 Edition

Threats:

Listed below is information regarding three of this week’s most critical threats and preventative measures to lessen the chances of a breach:

  1. IoT Risks in Healthcare
  2. Text Editors Plugin Vulnerability
  3. Leaky VPNs

1. IoT Risk in Healthcare

Overview

IoT, or Internet of Things, is a system of physical things that are embedded with software, sensors, electronics, and network connectivity. IoT functions by exchanging information with other connected devices, internet-based systems, or other types of control systems. IoT is especially prevalent in the Healthcare industry where it is used for inventory tracking, various medical devices (life support, inhalers, pacemakers, etc.) and remote patient monitoring equipment to name a few.

Like anything connected to a network, there are risks. IoT devices in the Healthcare industries often lack proper security implementations, if there are any at all. Healthcare organizations have a very important need to protect their IoT devices from cyberattacks, especially since the lives of people are on the line should something go wrong.

Recommendations

Solutions for IoT devices are not always the easiest to implement—however there are actions that an organization can take to better protect their healthcare equipment and people:

  • Identify all IoT devices on the network, no matter how long it has been there. You cannot protect what you don’t know is there.
  • Data flows should be documented to ascertain what is needed and what is unnecessary and does not add value. With this knowledge, the network can be segmented appropriately—firewalling off any unneeded traffic.
  • Control the acquisition and implementation process—smart tv’s, fridges, etc. could open subtle channels for attackers to use to gain entry inside of the network. This happened in the well-known Target breach several years ago where a smart refrigerator was used to inject malware into the network and steal credit card numbers.
  • Perform regular vulnerability assessments on internal and external networks to reveal any hidden weaknesses or openings into environment. These risks should then be reviewed at regular intervals, implementing mitigation strategies as feasible.
  • Have a structured plan for the organization. Identify key stakeholders, establish security objectives, and coordinate actions to implement controls across the IoT spectrum.

2. Text Editors Plugin Vulnerability

Overview

Text editors like Sublime, Vim, Emacs, Gedit, and pico/nano are used by developers, editors and writers to edit things like files and documents. Advanced editors, like the aforementioned, offer users extendibility by allowing the installation and running of third-party plugins to extend the editor’s functionality and scope.

However, there’s inadequate separation of regular and elevated modes when loading plugins for these editors. For example, technical users will often need to edit “root-owned” files, requiring an editor with those elevated privileges and this could allow attackers to run malicious code on a victim’s machine, possibly taking full control of a targeted system.

Recommendations

Until developers of text editors change the folders and file permission models to complete the separation between regular and elevated or provide a manual interface for users to approve the elevated loading of plugins, we recommend:

  • Utilize open-source, host-based, intrusion detection systems (OSSEC, Snort, Kismet).
  • Actively monitor system activity, files integrity, logs, and processes.
  • If at all possible, avoid loading third-party plugins when the text editor is in an elevated state of permission.
  • Deny “write” permissions for non-elevated users.

3. Leaky VPNs

Overview

Three popular VPN services were discovered to be leaking sensitive data. HotSpot Shield, PureVPN, and Zenmate contain vulnerabilities that could compromise a user’s privacy—including real IP addresses and their actual locations—allowing governments, hostile organizations, or other individuals to see this information.

Three separate vulnerabilities were found HotSpot Shield, which has since been fixed by the company in later updates:

  • Hijack all traffic (CVE-2018-7879) — This vulnerability resided in Hotspot Shield’s Chrome extension and could have allowed remote hackers to hijack and redirect victim’s web traffic to a malicious site.
  • DNS leak (CVE-2018-7878) — DNS leak flaw in Hotspot Shield exposed users’ original IP address to the DNS server, allowing ISPs to monitor and record their online activities.
  • Real IP Address leak (CVE-2018-7880) — This flaw poses a privacy threat to users since hackers can track user’s real location and the ISP. the issue occurred because the extension had a loose whitelist for “direct connection.” Researchers found that any domain with localhost, e.g., localhost.foo.bar.com, and ‘type=a1fproxyspeedtest’ in the URL bypass the proxy and leaks real IP address.

It should be noted that these vulnerabilities were found in HotSpot Shield’s free Chrome plugin, and not in their desktop or smartphone apps. It is likely that there are similar vulnerabilities in the Chrome plugins of PureVPN and Zenmate but they have not yet been formally disclosed and no patches have been made to fix them. These risks may be prevalent in other VPN services outside of the three listed here.

Recommendations

If using any of these services, we recommend:

  • Check with the vendor as to the status of the vulnerabilities—have they been fixed? Is anything being done?
  • Do no use the Chrome plugin associated with these services—it is not secure.
  • If using HotSpot Shield, apply current patches.

For the time being, discontinue VPN services with Zenmate and PureVPN—at least until patches have been released for the leaks.

How can Netizen help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.  We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s