Corporate Brass digital devices are ripe for hacker attacks

The digital devices and home networks of corporate executives, board members and high-value employees with access to financial, confidential and proprietary information are ripe targets for malicious actors, according to research released Tuesday. by a cybersecurity services company.

The connected home is a prime target for cybercriminals, but few security executives or teams realize the significance of this emerging threat, notes the study based on an analysis of data from more than 1,000 C-suites, board members and senior executives from more than 55 US states. -Fortune 1000 based companies that use BlackCloak’s Executive Protection Platform.

“BlackCloak’s study is exceptional,” said Darren Guccione, CEO of Keeper Security, a password management and online storage company.

“It helps illuminate the pervasive issues and vulnerabilities caused by millions of businesses migrating to distributed and remote work while transacting with websites, applications and enterprise systems from unconnected home networks. secure,” he told TechNewsWorld.

BlackCloak researchers found that almost a quarter of executives (23%) have open ports on their home networks, which is highly unusual.

BlackCloak CISO Daniel Floyd assigned some of these open ports to third-party installers. “This is an AV or IT company that, because they don’t want to send a truck out when things break, is going to set up port forwarding on the firewall,” he said. told TechNewsWorld.

“It allows them to connect to the network remotely to troubleshoot issues,” he continued. “Unfortunately, they’re configured incorrectly with default credentials or vulnerabilities that haven’t been patched in four or five years.”

Exposed Security Cameras

An open port is like an open door, explained Taylor Ellis, client threat analyst at Horizon3, an automated penetration testing services company in San Francisco. “You wouldn’t leave your door unlocked 24/7 these days, and it’s the same with an open port on a home network,” he told TechNewsWorld.

“For a business leader,” he continued, “the threat of break-in escalates when you have an open port that provides access to sensitive data.”

“A port acts as a communication gateway for a specific service hosted on a network,” he said. “An attacker can easily open a backdoor into one of these services and manipulate it into doing their bidding.”

Of the open ports on business leaders’ home networks, the report notes, 20% were connected to open security cameras, which can also pose a risk to an executive or board member.

“Security cameras have often been used by threat actors both to plant and distribute malware, but perhaps more importantly to monitor patterns and habits – and if the resolution is good enough , to view entered passwords and other credentials,” noted Bud Broomhead. , CEO of Viakoo, a developer of cybersecurity and physical security software solutions in Mountain View, California.

“Many IP cameras have default passwords and outdated firmware which makes them ideal targets for breaching and once breached it is easier for threat actors to move laterally within the network domestic,” he told TechNewsWorld.

Data leaks

BlackCloak researchers also found that business owners’ personal devices were just as, if not more, insecure than their home networks. More than a quarter of executives (27%) had malware on their devices, and more than three-quarters of their devices (76%) were leaking data.

Data leaks from smartphones take place in particular through applications. “Many apps will ask for sensitive permissions that they don’t need,” Floyd explained. “People will open the app for the first time and just click on settings without realizing that they are giving the app access to their location data. Then the app will sell that location data to a third.

“It’s not just executives and their personal devices, it’s everyone’s personal devices,” Chris Hills, chief security strategist at BeyondTrust, maker of privileged account management and vulnerability management solutions, added to Carlsbad, California.

“The amount of data, PII, even PHI, that the common smartphone contains these days is mind-boggling,” he told TechNewsWorld. “We don’t realize how vulnerable we can be when we don’t think about security when it comes to our smartphones.”

Personal device security doesn’t seem to be a priority for many executives. The study found that almost nine out of 10 (87%) have no security installed on their devices.

Mobile operating system security flaw

“Many devices come with no security software installed, and even if they do, it may not be enough,” Broomhead noted. “For example, Samsung Android devices come with Knox security, which previously had security vulnerabilities.”

“The device manufacturer may try to make trade-offs between security and usability that may favor usability,” he added.

Hills argued that most people are comfortable and content knowing that their smartphone’s underlying operating system contains the necessary security measures to keep bad guys out.

“For the ordinary person, that’s probably enough,” he said. “For the business executive who has more to lose given their role in a business or enterprise, the underlying operating system’s security coverage is simply not good enough.”

“Unfortunately, in most cases,” he continued, “there are so many things that we try to protect as individuals, sometimes some of the most common ones get overlooked, like our smartphones.”

Lack of privacy protection

Another finding from BlackCloak researchers is that most executives’ personal accounts, such as email, e-commerce and apps, lack basic privacy protections.

Additionally, they discovered that executives’ security credentials – such as banking and social media passwords – are readily available on the dark web, making them vulnerable to social engineering attacks. identity theft and fraud.

Nearly nine in 10 executives (87%) currently leak passwords on the dark web, the researchers noted, and more than half (53%) don’t use a secure password manager. Meanwhile, only 8% have enabled multi-factor authentication across the majority of apps and devices.

“While measures like multi-factor authentication aren’t perfect, these basic best practices are critical, especially for the board/C suite who often waive the requirement out of convenience,” Melissa Bischoping, An endpoint security research specialist at Tanium, maker of an endpoint management and security platform in Kirkland, Washington, told TechNewsWorld.

“Tackling personal digital lives could be a new risk for businesses to consider,” the researchers wrote, “but it’s a risk that requires immediate attention.” Adversaries have determined that home frames are a path of least resistance, and they will compromise that attack vector as long as it is safe, transparent, and lucrative for them to do so.


Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.
Back to top button