Posts

5 Cyberattack Vectors for MSSP to Mitigate in Healthcare

It’s no secret that healthcare continues to be one of the most targeted industries for cybercriminals. Healthcare providers store and maintain some of the most valuable data and the appetite for fraudulent claims or fake prescription medications is insatiable.

Despite all of the regulations, there are still fewer watchdogs overseeing healthcare. For many providers, cyber security hasn’t been a priority until very recently.

With more and more organizations reaching out to cyber security experts for assistance, it’s more important than ever that managed security services providers (MSSPs) understand the healthcare industry so that they can tailor solutions aimed at improving the security posture of healthcare providers.

Inside Users Present the Greatest Threat

According to a 2018 survey of cyber security professionals conducted by HIMSS, over 60 percent of threat actors are internal users within a healthcare organization. Email phishing and spear-phishing attempts are aimed at tricking users into providing credentials or access to information for cybercriminals. Negligent insiders, who have access to trusted information, can facilitate data breaches or cyber incidents while trying to be helpful.

In addition to systematically monitoring and protecting infrastructure components, MSSPs need to consider a multi-faceted campaign that creates a cyber security awareness culture within healthcare organizations. This campaign should include template policies and procedures for organizations to adopt, regular and routine training efforts, and human penetration-testing.

From a systematic perspective, it’s important to have tools that will do everything possible to mitigate cyberattacks. Tools like next-generation email security to block potential phishing or spear phishing attempts; endpoint security solutions to monitor behavior through heuristic-based techniques; and internal network routing through a next-generation firewall to perform deep packet inspection (DPI) on any information transgressing the network — especially if it’s encrypted.

Mobile Devices Open Large Attack Surfaces

Mobile devices have changed the way that we do just about everything. And the same is true for the manner in which healthcare conducts business.

To enable mobility and on-demand access, many electronic health record (EHR) applications have specific apps that create avenues for mobile devices to access portions of the EHR software. The widespread adoption of mobile devices and BYOD trends are pushing healthcare to adapt new business models and workflows. Cyber risk mitigation must be a priority as momentum continues to build.

MSSPs need to pay very careful attention to the access that mobile devices have to the EHR application, whether hosted on-premise or in the cloud. For more protection, implement a mobile device management (MDM) solution if the organization doesn’t already have one.

IoT Leaves Many Healthcare Providers at Risk

The Internet of Things (IoT) is bringing connectivity and statistical information to providers in near real-time while offering incredible convenience to the patient. Even wearable devices have immense capabilities to monitor chronic illnesses, such as heart disease, diabetes and hypertension. With these devices comes an incredible opportunity for hackers and immense threat for healthcare providers.

IoT devices tend to have weaker protections than typical computers. Many IoT devices do not receive software or firmware updates in any sort of regular cadence even though all of them are connected to the internet. There are so many manufacturers of IoT devices, and they are distributed through so many channels. There are no standards or controls regarding passwords, encryption or chain of command tracking capabilities to see who has handled the device.

If it’s feasible for the organization, totally isolate any IoT-connected devices to a secure inside network not connected to the internet (i.e., air gapped).

Encryption for Data at Rest Is Critical

For healthcare providers, it’s equally important to have a strong encryption for both data at rest and data in transit. Encryption for data at rest includes ensuring the software managing PHI doesn’t have a really weak single key that could unlock everyone’s PHI. If at all possible, records should be encrypted with unique keys so that a potentially exposed key doesn’t open the door to everyone’s information.

Attacks Are Hiding within Encrypted Traffic

MSSPs serving healthcare organizations need to realize that there is not one layer of defense that they should rely on. That said, perhaps the most important layer is the firewall.

A next-generation firewall, with DPI capabilities, is a critical component to securing a healthcare network. Even internal traffic transgressing the network should be routed through the firewall to prevent any potential malicious traffic from proliferating the entire LAN and to log transactions.

As much as possible, isolate medical devices and software applications that host PHI inside a secure network zone and protect that zone with an internal DPI-capable firewall that will only allow access to authorized services and IP addresses.


About ProviNET

ProviNET is a SonicWall SecureFirst Gold Partner. For nearly three decades, ProviNET has delivered trusted technology solutions for healthcare organizations. Whether it’s a single project or full-time onsite work, ProviNET designs and implements customized solutions so healthcare organizations can focus on core services.

ProviNET’s tight-knit group of experienced, industry-certified personnel are focused on customer satisfaction. They are a reputable organization, fulfilling immediate IT needs and helping plan for tomorrow. They are ready to put their extensive knowledge to work for healthcare, developing strategies and solving challenges with the latest technology.

To learn more about ProviNET, please visit www.provinet.com.

8 Cyber Security Predictions for 2018

In preparation for the upcoming publication of the 2018 Annual SonicWall Threat Report, we’re busy reviewing and analyzing data trends identified by SonicWall Capture Labs over the course of 2017.

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from more than 1 million sensors around the world, performs rigorous testing and evaluation, establishes reputation scores for email senders and content, and identifies new threats in real-time.

With the New Year, it’s appropriate to recap last year’s trends, and offer a few preliminary insights into noteworthy trends we expect to see in 2018.

Ransomware will persist, evolve

Ransomware will continue to be the malware of choice. It has never been easier to make your own ransomware. With the rise of ransomware-as-a-service, even the most novice developer can create their own ransomware. As long as cybercriminals see the potential to make enough in ransom to cover the costs of development, we will continue to see an increase in variants.

However, an increase in variants does not mean an increase in successful attacks, which we will explore in detail in the 2018 Annual Cyber Threat Report.

SSL, TLS encryption will hide more attacks

For the first time, Capture Labs will publish real metrics on the volume of attacks uncovered inside encrypted web traffic. At the same time, the percentage of organizations that have deployed deep-packet inspection of encrypted threats (DPI-SSL/TLS) remains alarmingly low.

In the year ahead, we expect there will be more encrypted traffic being served online, but unencrypted traffic will remain for most public services. More sophisticated malware using encrypted traffic will be seen in cyberattacks.

In response, we expect more organizations will enable traffic decryption and inspection methods into their network security infrastructure. This expanded deployment of DPI-SSL/TLS will rely in part on the success of solution providers reducing deployment complexity and cost to lower operating expense.

Cryptocurrency cybercrime expected to be on the rise

Due to rapid rise in cryptocurrency valuations, more cryptocurrency mining and related cybercrime is expected in the near future. Attackers will be exploring more avenues to utilize victim’s CPUs for cryptocurrency mining and cryptocurrency exchanges and mining operations will remain the targets for cyber theft.

UPDATE: On Jan. 8, SonicWall Capture Labs discovered a new malware that leverages Android devices to maliciously mine for cryptocurrency.

IoT will grow as a threat vector

As more devices connect to the internet, we expect to see more compromises of IoT devices. DDoS attacks via compromised IoT devices will continue to be a main threat for IoT attacks. We also expect to see an increase in information and intellectual property theft leveraging IoT, as capability of IoT devices have been largely improved, making IoT a richer target (e.g., video data, financial data, health data, etc.). The threat of botnets will also loom high with so many devices being publically exposed and connected to one another, including infrastructure systems, home devices and vehicles.

Android is still a primary target on mobile devices

Android attacks are both increasing and evolving, such as with recently discovered malware. Earlier ransomware threats used to simply cover the entire screen with a custom message, but now more are completely encrypting the device — some even resetting the lock screen security PIN. Overlay malware is very stealthy. It shows an overlay on top of the screen with contents designed to steal victim’s data like user credentials or credit card data. We expect more of these attacks in 2018.

Apple is on the cybercrime radar

While rarely making headlines, Apple operating systems are not immune to attack. While the platform may see a fewer number of attacks relative to other operating systems, it is still being targeted. We have seen increases in attacks on Apple platforms, including Apple TV. In the year ahead, macOS and iOS users may increasingly become victims of their own unwarranted complacency.

Adobe isn’t out of the woods

Adobe Flash vulnerability attacks will continue to decrease with wider implementation of HTML5. However, trends indicate an increase in attacks targeting other Adobe applications, such as Acrobat. There are signs that hackers will more widely leverage Adobe PDF files (as well as Microsoft Office file formats) in their attacks.

Defense-in-depth will continue to matter

Make no mistake: Layered defenses will continue to be important. While malware evolves, much of it often leverages traditional attack methods.

For example, WannaCry may be relatively new, but it leverages traditional exploit technology, making patching as important as ever. Traditional email-based threats, such as spear-phishing, will continue to become more sophisticated to evade human and security system detection. Cloud security will continue to grow in relevance, as more business data becomes stored in the data centers and both profit-driven cybercriminals and nation-states increasingly focus on theft of sensitive intellectual property.

Conclusion

When gazing into our crystal ball, we’re reminded that the only thing certain is change. Look for more detailed data in our soon-to-be-published 2018 SonicWall Annual Threat Report.

3 Disruptive Trends Driving Demand for Automated Cyber Security for SMBs

Organizations typically struggle to provide a holistic security posture. There are many security vendors providing exciting and innovative solutions. But from a customer perspective, they often become various point solutions solving several unique problems. This often becomes cumbersome, expensive and unmanageable. Some of the most recent trends in this area are discussed in this blog, which could bring about even further complexity to an organizations security posture.

IoT the new mobile?

Internet of Things (IoT) brings similar challenges to the industry, to those which mobile introduced over the last eight years. These endpoints are non general-purpose computing devices often with a specific function, but typically have an operating system, applications and internet access. Unlike Mobile, IoT devices do not usually have the same high level of user interaction, so breaches are more likely to go unnoticed.  The result of poor security controls can result in similar events, to the recent IoT botnet which caused havoc to major online services, including Twitter, Spotify and GitHub.

The industry should look to the lessons from securing mobile and apply these to IoT. This is most important in the consumer space, but as with mobile we’ll see risks arise in the commercial also, including HVAC, alarm systems and even POS devices.

Mobile and Desktop Convergence

More focus needs to be spent on unifying the identity, access and controls for mobile and desktop security. As this often requires custom integration across differing solutions and products, it’s difficult to maintain and troubleshoot when things go wrong.

Some solutions only focus on data protection, endpoint lockdown or only on mobile applications. By themselves, none of these go far enough, and software vendors should aim to provide more open ecosystems. By exposing well documented APIs to customers and integration partners, this would allow for better uniformity across services, with a richer workflow and improved security.

Cloud and SaaS

As we see endpoints split across mobile and desktop, customers are rapidly splitting data across a hybrid IT environment. While we expect hybrid to be the norm for many years to come, organizations need to consider how the security and usability can be blended, in a way that security controls don’t become too fragmented, or result in a poor experience for users and unmanageable for IT.

How SMBs can automate breach detection and prevention

The impact of a security breach to the SMB is significant. When large organizations detect fraudulent activities, they expect to write off a fair percentage of the cost. On the flip side, the impact of a $50,000-$200,000 incident to a small business could be enough for it to cease trading. To the attacker, SMBs are a relatively easy target; as they may not have the expertise or man-power to protect against an advanced and persistent threat.

For 25 years, SonicWall has maintained a rich security portfolio, which is primarily focused on delivering enterprise-grade security for our SMB customers. Our vision is to simplify and automate, to solve complex security challenges — all while meeting the constantly evolving threats. It’s an ongoing arms race after all!

Taking full advantage of our vast database of threat intelligence data, coupled with our advanced research from SonicWall Capture Labs team, we ensure our customers of all sizes can detect and prevent from these threats.  The breadth and depth of our portfolio, also includes those that specifically help with mobile, cloud and IoT security.

Stop ransomware and zero-day cyber attacks

One of our biggest strengths is combatting advanced persistent threats, ransomware and zero-day cyber attacks with the award-winning SonicWall Capture Advanced Threat Protection (ATP) multi-engine sandbox. Capture ATP is now available as a security service across each product in our portfolio, providing a unique protection solution across a multitude of scenarios.

Simplify endpoint protection

For endpoint protection, we are also very excited with our recent partnership agreement with SentinelOne.  This brings the highest level of zero-day malware prevention on the endpoint while concurrently simplifying solutions for organizations of all shapes and sizes.

To learn more about how SonicWall helps our customers implement mobile security, download: Empowering Mobile Workforce to Collaborate Securely.

Are You Seeing This? Uncovering Encrypted Threats

Night vision goggles. Airport x-ray machines. Secret decoder rings. What do they all have in common? Each helps you find something that is hidden, whether it’s an object or code that someone may not want you to discover. Your organization’s security solution needs to perform in a similar manner by inspecting encrypted traffic. Here’s why.

Over time, HTTPS has replaced HTTP as the means to secure web traffic. Along the way there have been some inflection points that have spurred on this transition such as when Google announced it would enable HTTPS search for all logged-in users who visit google.com. More recently, Google began using HTTPS as a ranking signal. Other vendors including YouTube, Twitter and Facebook have also made the switch. If you read articles on the use of Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption the latest numbers typically indicate that a little over 50% of all web traffic is now encrypted and that percentage is expected to continue growing. At SonicWall, data gathered by our Global Response Intelligence Defense (GRID) Threat Network shows the percentage to be a little higher, around 62%. We found that as web traffic grew throughout 2016, so did SSL/TLS encryption, from 5.3 trillion web connections in 2015 to 7.3 trillion in 2016. Like others, we also expect the use of HTTPS to increase.

On one hand, this is good news for everyone. Securing web sessions, whether the user is making a financial transaction, sending/receiving email or simply surfing the Internet, is a good thing. It’s also good business for organizations such as online retailers who receive sensitive personal and financial information from their customers and need to secure it from hackers. On the other hand, cyber criminals are now hiding their attacks in encrypted web traffic. Threats such as malware, intrusions, and ransomware are able to pass through the network undetected if they’re hidden using encryption. Cyber criminals are also using encryption to receive communications back from infected systems.

Given organizations’ growing trend toward HTTPS and its use by hackers to steal information, it makes sense to have a security solution in place that can decrypt and scan SSL/TLS-encrypted traffic for threats. Not everyone does, however, especially smaller organizations. According to Gartner’s Magic Quadrant for Unified Threat Management (UTM) from August 2016, the research and advisory company estimates that “Less than 10% of SMB organizations decrypt HTTPS on their UTM firewall. This means that 90% of the SMB organizations relying on UTM for web security are blind to the more advanced threats that use HTTPS for transport.”

Let’s add a little more fuel to this. By now most people have heard of the “Internet of Things.” The idea is that we have all manner of devices available that can connect to the Internet and send/receive data. No longer is it just our PC, laptop, smartphone and tablet. It’s our TV, car, refrigerator, watch, security camera. Essentially anything that’s Internet-enabled. The number of connected devices is growing rapidly. Gartner forecasts there will be 8.4 billion connected “things” in use in 2017 and by 2020 that number will grow to 20.4 billion. That’s a lot of things that can be potentially taken over by malware delivered through encrypted traffic.

Here’s the big question every organization needs to ask. “Does our security solution (typically a firewall) have the ability to decrypt SSL/TLS-encrypted web traffic, scan it for threats, use deep packet inspection technology to stop malware, and do it all with little or no performance hit?” If your firewall is three years old or more, the answer is likely no. Legacy firewalls may decrypt the traffic and do some threat detection, but not prevention. Or, it may do everything that’s required, just very slowly which isn’t good either. The firewall shouldn’t be a bottleneck.

In his blog titled, “DPI-SSL: What Keeps You Up at Night?” my colleague Paul Leets states, “We must look into encrypted packets to mitigate those threats.” And he’s right. We need to be able to “see” into encrypted traffic in order to identify threats and eliminate them before they get into the network. And it needs to be done in real time. We call this automated breach prevention and it’s what our lineup of next-generation firewalls delivers. To learn more about automated breach prevention and how SonicWall next-generation firewalls decrypt SSL/TLS-encrypted traffic and scan for and eliminate threats without latency, visit the “Encrypted Threats” page on our website. Secret decoder ring not required.

SonicWall Annual Threat Report Reveals the State of the Cybersecurity Arms Race

In the war against cyber crime, no one gets to avoid battle. That’s why it’s crucial that each of us is proactive in understanding the innovation and advancements being made on both sides of the cybersecurity arms race. To that end, today we introduced the 2017 SonicWall Annual Threat Report, offering clients, businesses, cybersecurity peers and industry media and analysts a detailed overview of the state of the cybersecurity landscape.

To map out the cybersecurity battlefield, we studied data gathered by the SonicWall Global Response Intelligence Defense (GRID) Threat Network throughout the year. Our findings supported what we already knew to be true – that 2016 was a highly innovative and successful year for both security teams and cyber criminals.

Security Industry Advances

Security teams claimed a solid share of victories in 2016. For the first time in years, our SonicWall GRID Threat Network detected a decline in the volume of unique malware samples and the number of malware attack attempts.  Unique samples collected in 2016 fell to 60 million compared with 64 million in 2015, whereas total attack attempts dropped to 7.87 billion from 8.19 billion in 2015. This is a strong indication that many security industry initiatives are helping protect companies from malicious breaches.  Below are some of the other areas where progress is clearly being made.

Decline of POS Malware Variants

Cybersecurity teams leveraged new technology and procedural improvements to gain important ground throughout the year. If you were one of the unlucky victims of the point-of-sale (POS) system attack crisis that shook the retail industry in 2014, you’ll be happy to learn that POS malware has waned enormously as a result of heightened security measures. The SonicWall GRID Threat Network saw the number of new POS malware variants decrease by 88 percent since 2015 and 93 percent since 2014. The primary difference between today’s security procedures and those that were common in 2014 is the addition of chip-and-PIN and chip-and-signature technology particularly in the United States, which undoubtedly played a big role in the positive shift.

Growth of SSL/TLS-Encrypted Traffic

The SonicWall GRID Threat Network observed that 62 percent of web traffic was Secure Sockets Layer/Transport Layer Security (SSL/TLS) encrypted in 2016, making consumers and businesses safer in terms of data privacy and integrity while on the web. This is a trend we expect to continue in 2017, based on Google’s announcement that it has a long-term plan to begin marking HTTP traffic in its Chrome browser as “not secure.” NSS Labs estimates that 75 percent of web interactions will be HTTPS by 2019.

Decline of Dominant Exploit Kits

We also saw the disappearance of major exploit kits Angler, Nuclear and Neutrino after cybersecurity investigations exposed the likely authors, leading to a series of arrests by local and international law enforcement agencies. The SonicWall GRID Threat Network observed some smaller exploit kits trying to rise to fill the void. By the third quarter of 2016, runner-up Rig had evolved into three versions employing a variety of obfuscation techniques. The blow that dominant exploit kit families experienced earlier in 2016 is a significant win for the security industry.

Cyber Criminal Advances

As with any arms race, advances made by the good guys are often offset by advances made by the bad guys. This is why it’s critical for companies to not become complacent and remain alert to new threats and learn how to counterattack. Below are some of the areas where cyber criminals showed their ability to innovate and exploit new ways to launch attacks.

Explosive Growth in Ransomware

Perhaps the area where cyber criminals advanced the most was in the deployment of ransomware. According the SonicWall GRID Threat Network, ransomware attacks grew 167 times since 2015, from 3.8 million in 2015 to 638 million in 2016. The reason for this increase was likely a perfect storm of factors, including the rise of ransomware-as-a-service (RaaS) and mainstream access to Bitcoin. Another reason might simply be that as cybersecurity teams made it difficult for cyber criminals to make money in other ways, they had to look for a new paycheck.

Exploited Vulnerabilities in SSL/TLS Encryption

While the growth of SSL/TLS encryption is overall a positive trend, we can’t forget that it also offers criminals a prime way to sneak malware through company firewalls, a vulnerability that was exploited 72 percent more often in 2016 than in 2015, according to NSS Labs. The reason this security measure can become an attack vector is that most companies still do not have the right infrastructure in place to perform deep packet inspection (DPI) in order to detect malware hidden inside of SSL/TLS-encrypted web sessions. Companies must protect their networks against this hidden threat by upgrading to next-generation firewalls (NGFWs) that can inspect SSL/TLS traffic without creating performance issues.

IoT Became a New Threat Network

Many people who enjoy using Reddit, Netflix, Twitter or Spotify experienced another of our top threat trends firsthand. In October 2016, cyber criminals turned a massive number of compromised IoT devices into a botnet called Mirai that they then leveraged to mount multiple record-setting distributed denial-of-service (DDoS) attacks. The SonicWall GRID Threat Network found that at the height of the Mirai botnet usage in November 2016, the United States was by far the most targeted, with 70 percent of DDoS attacks aimed at the region, followed by Brazil (14 percent) and India (10 percent). The root cause leading to the Mirai attacks was unquestionably the lax security standards rampant in IoT device manufacturing today. Specifically, these devices do not prompt their owners to change their passwords, which makes them uncommonly vulnerable.

Combatting the New Cyber Threats

It’s worth noting that the technology already exists today to solve many of the new challenges cyber criminals threw at victims in 2016.  SSL/TLS traffic can be inspected for encrypted malware by NGFWs with high-performance SSL/TLS DPI capabilities.  For any type of new advanced threat like ransomware, it’s important to understand that traditional sandboxing solutions will only detect potential threats, but not prevent them. In order to prevent potential breaches, any network sandbox should block traffic until it reaches a verdict before it passes potential malware through to its intended target.  SonicWall’s family of NGFWs with SSL/DPI inspection coupled with the SonicWall Capture multi-engine cloud sandbox service is one approach to provide real-time breach prevention for new threats that emerge in the cybersecurity arms race.

If you’re reading this blog, you’re already taking an important first step toward prevention, as knowledge has always been one of the greatest weapons in the cybersecurity arms race. Take that knowledge and share it by training every team member in your organization on security best practices for email and online usage. Implement the technology you need to protect your network. And most importantly, stay up-to-date on the latest threats and cybersecurity innovations shaping the landscape. If you know where your enemy has been, you have a much better shot of guessing where he’s going.

iPower Technologies Arrests Hidden Malware from Body Cameras with SonicWall Firewalls

Note: This is a guest blog by Jarrett Pavao CEO iPower Technologies Inc., a Premier Partner for SonicWall Security, in South Florida.

Every day viruses, malware and trojans infect IT infrastructure through a growing number of mobile devices. With the growth of Internet of Things (IoT), this threat is rapidly increasing. We are faced with viruses potentially infiltrating almost every connected device – even brand-new law enforcement body cameras.

That’s right, even the people sworn to protect are exposed to these threats. Here at iPower Technologies, we never ceased to be amazed at the lengths that the bad guys will go to break into networks. That’s why it’s important that organizations have comprehensive network security that protects their associates whether they are working in the field, at home or in the office. As more of our everyday devices become “smart” and “connected”, they bring great convenience to our private and professional lives, but also provide an access point to infect entire networks and wreak havoc. This potential threat may even come from new equipment straight out of the box.

As the CEO of iPower Technologies, my team based in Boca Raton recently discovered malware on the body cameras used by one of our law enforcement clients. As a SonicWall Security Premium Partner, we follow strict protocols and we regularly audit and scan our clients’ IT infrastructure and endpoint devices, including body cameras used by our law enforcement customers. With SonicWall next-generation firewalls, we were able to detect the virus before it infected the entire network and potentially put critical data at risk. These cameras leverage geolocation/GPS capabilities, meaning that the malware could be used to track law enforcement locations.

Discovery: Conficker Worm

We discovered the malware during testing of body camera equipment for one of our law-enforcement clients. iPower engineers connected the USB camera to one of our computers. When he did that, multiple security systems on our test environment were alerted to a new threat. It turned out to be a variant of the pervasive Conficker worm and we immediately quarantined it. A second camera was connected to a virtual lab PC with no antivirus. The SonicWall next-generation firewall immediately notified iPower of the virus’ attempt to spread on the LAN and blocked the virus’ from communicating with command-and-control servers on the public internet.

Prevention

Like body armor that peace officers wear, taking precautions and preventive measures is the best defense to stopping and limiting damage from attacks. Fortunately for our clients, my iPower team has the expertise to recognize active threats along with the support of the  SonicWall Threat Research team to prevent successful attacks. In this specific case, the threat was stopped before it could do any damage and an alert for the Confiker worm was issued.

Any network with a properly deployed  SonicWall next-gen firewall would have contained the attack to a local device, such as the USB port, and not to the entire network.

Sonicwall Next Generation firewalls have multiple security features including the ability to inspect encrypted traffic, and leverage deep packet inspection (DPI) technology. See the diagram below for an example of how to prevent a virus or worm like Conficker from spreading from a PC to your servers:

Examine Smart Devices before Deploying

It’s a matter of policy for us at iPower to test all equipment before we install on a client’s network. If you don’t have a test environment – or have access to one – I strongly suggest that you make the investment. It can pay for itself in preventing embarrassing events at the client site, as well as increase internal staff knowledge that can then be applied in the real world. So do test every device you plan to install or connect to your client’s network.

Make that sure testing is a matter of policy by having a strict written policy regarding the implementation of any new hardware or software. Test any new systems being added to your corporate network in a sandbox environment prior to deployment. We don’t know for sure how the malware got onto the body cameras. It could have happened in any number of the manufacture, assembly and – ironically – QA testing stages. I think the most likely reason is due to lack of manufacture controls and outsourced equipment production. It seems innocuous enough. It’s just a camera, but the potential of the worm could have devastating, even tragic, ramifications if it had been able to gain remote code execution inside a network. Attackers could then harvest police database for Personal Identifiable Information (PII). This can be used to forge fake identities, etc.

This threat is real and growing. When you extrapolate this threat out to common smart devices, such as connected refrigerators and thermostats and the general lack of security knowledge in the home and SMB markets, you have a potentially massive challenge. So again, any device that will be placed on the same network as servers, databases, or could potentially access a corporate network need to be checked out and properly aligned with security best practices.The best way to do this is careful network design, including intra-VLAN inspection on SonicWall next-generation firewalls is a great way to protect critical infrastructure from high risk PCs and IoT devices.