According to the Redmond, Wash. tech giant, Defender for IoT helps organizations manage assets, track emerging threats and control risks across enterprise and mission-critical networks in both connected and air-gapped environments.

In a blog, Microsoft says cloud-powered IoT and OT security solutions offer advantages over traditional solutions, including discovery of assets-end-to-end, detecting and responding to threats in real-time, defending against known and unknown threats, compliance reports, and workflows and integrations that leverage the cloud.

The solution also helps organizations solve OT security issues faster by unifying the security operations center (SOC) for both IT and OT assets, the company says.

“With Microsoft Defender for IoT, you can achieve faster time-to-value, improve agility and scalability, increase visibility, and strengthen the resiliency of your network and infrastructure without making significant changes,” Microsoft IoT and OT security experts write in a blog. “The Defender for IoT cloud is designed to augment your on-premises processing power while providing a source of centralized management for global security teams—raising the bar for OT defense.”

The company gives one scenario showing how Defender for IoT works in which a new vulnerability is published with information that could impact an organization’s OT devices, and threat actors are currently trying to exploit the bug.

“With Microsoft Threat Intelligence, the new CVE is ingested automatically and shared across our cloud-based security services, including Defender for IoT,” the company says.

Organizations can use the Microsoft Azure Portal to monitor for the new vulnerability across all devices and sites, resulting in a faster response time to secure IoT and OT environment.

Other scenarios where security professionals can benefit from Defender for IoT include OT security and compliance audits, attack surface reduction consulting and tabletop exercises, the company says.

The Defender for IoT solution also includes a new device inventory feature that allows SOCs to manage OT devices through the Microsoft Azure Portal. The feature supports unlimited data sources, including manufacturer, type, serial number, firmware, and more, helping organizations gain a complete picture of their IoT and OT assets to address any vulnerabilities.

In addition, Defender for IoT integrates with Microsoft Sentinel to provide security information event management for both OT and IT environments, and the solution also shares threat data with Microsoft 365 Defender, Microsoft Defender for Cloud and other products like Splunk, IBM QRadar and ServiceNow, Microsoft says.

The post Microsoft Launches Defender for IoT Cloud-Managed Platform appeared first on My TechDecisions.

Much of the report focuses on the ongoing Russian war against Ukraine—which Microsoft attributes as a main cause of a spike in cyberattacks targeting critical infrastructure—while other sections touch on ransomware, devices and infrastructure, cyber influence campaigns, and protections.

The nation-state threat landscape

According to the Redmond, Wash.-based tech giant, cyberattacks targeting critical infrastructure jumped from comprising 20% of all nation-state attacks to 40%, due in large part to Russia targeting Ukraine’s infrastructure and its espionage of Ukraine’s allies.

In addition, Microsoft says nation states such as Russia are also accelerating attempts to compromise IT firms to disrupt or gain intelligence from those firms’ government customers in NATO member countries.

According to Microsoft, 90% of Russia’s attacks over the past year targeted NATO Member states, and 48% of these attacks targeted IT providers based in those countries.

The trend represents a new strategy on the geopolitical stage in which cyberattacks are carried out in before or in conjunction with physical attacks. Microsoft says Russian cyber actors carried out destructive cyberattacks against its neighbor’s government, tech and financial sectors before launching a physical military campaign.

However, other U.S. adversaries are also engaging in similar behavior, such as Iran, North Korea and China, all of which Microsoft says have carried out cyberattacks designed to benefit the respective countries.

Cybercrime sophistication continues to grow

While nation-state attacks get most of the attention as they are national security threats, profit-fueled cyberattacks are also on the rise, as the cybercrime economy continues to lower the skill barrier to entry.

According to Microsoft, the number of estimated password attacks per second increased in the last year by 74%, with many leading to ransomware attacks which are asking for higher and higher ransoms. The company says the average ransom demands have more than doubled.

The cybersecurity industry is improving and is blocking many attacks, but cybercriminals are also adapting their techniques and increasing the complexity of how and where they host campaign operation infrastructure, according to the report.

Human-operated ransomware is becoming particularly alarming, as one-third of targets are successfully compromised by criminals using these attacks, and 5% of those are ransomed.

The Internet of Threats (IoT)

Microsoft’s report also touches on threats posed to the growing list of internet-facing devices and the Internet of Things (IoT), which are becoming a favorite target of hackers due to the lack of built-in security controls.

According to the report, attacks against remote management devices have increased steadily since June 2021, and web attacks against IoT and operational technology (OT) devices have largely ebbed and flowed over the last year, with a large spike in the September 2021.

In the past year, Microsoft says it observed attacks against common IoT protocols—such as Telnet— drop significantly, in some cases as much as 60 percent. At the same time, botnets were repurposed by cybercrime groups and nation state actors. The report says the persistence of malware, such as Mirai, highlights the modularity of these attacks and the adaptability of existing threats.

According to Microsoft’s Digital Defense Report, Mirai—which has been redesigned several times to adapt to different architectures—has evolved to infect a wide range of IoT devices including internet protocol cameras, security camera digital video recorders, and routers. The attack vector bypassed legacy security controls and poses a risk for endpoints within the network by exploiting additional vulnerabilities and moving laterally.

Cyber resilience

Microsoft calls on organizations to adopt good cybersecurity practices and hygiene, which many recommendations already established best practices. For example, Microsoft urges customers to pay attention to the basics, such as multi-factor authentication, patching, and deploying modern security solutions.

The company says 80% of security incidents can be traced to “ a few missing elements” that could be addressed through modern security approaches, and 90% of compromised accounts were not protected with strong authentication. This comes as Microsoft says it is defending against 900 password attacks per second.

In addition, Microsoft says organizations should apply Zero Trust security principles.

In a blog, Tom Burt, corporate vice president of customer security and trust at Microsoft says the average enterprise has 3,500 connected devices that are not protected, and organizations are struggling to detect attacks in time.

Finally, as this year’s report explores, we can’t ignore the human aspect,” Burt writes. “We have a shortage of security professionals – a problem that needs to be addressed by the private sector and governments alike – and organizations need to make security a part of their culture.”

The post Microsoft Sounds the Alarm on Nation-state Attacks, Cybercriminals and IoT Threats appeared first on My TechDecisions.

The winners of the commercial category are as follows:

• Access Control: Genetec — Genetec Enclosure Management powered Cloud Link Roadrunner
• AV Collaboration: Biamp — Parlé VBC 2500 all-in-one conferencing bar
• Fire/Intrusion: Alula — BAT-Fire
• Video Surveillance: Axis Communications — AXIS M4308-PLE Panoramic Camera
• Miscellaneous: IPVideo — HALO IoT Smart Sensor 3C

Knott also announced the IoT/Connected Product Awards winners in the resident category. They are as follows:

• Home Enhancement: Crestron — Crestron Home
• Lighting: Crestron — Crestron LED Light Fixtures
• Network Communication: Google Nest — Nest Wi-Fi Pro
• Physical Security/Access Control: Doorbird — A1121
• Physical Security/Surveillance: Nest Doorbell (Second Generation)

Total Tech Summit co-locates CE Pro Summit, Commercial Integrator Summit and Security Sales & Integration Summit, all sister brands of TechDecisions. The event thus drives noteworthy progress in the custom, commercial and security integration industries.

Total Tech Summit 2022 is ongoing from October 26 to October 28, 2022 in Orlando, Fla. For more updates on this event, follow Twitter updates from Dan Ferrisi (@DanFerrisiEdit) and Commercial Integrator (@commintegrator), and check out the hashtag #TotalTech22!

This article originally appeared in our sister publication Commercial Integrator. 

The post IoT/Connected Product Awards 2022 Announced appeared first on My TechDecisions.

As organizations look to pledge greater decarbonization goals and align themselves with both new industry standards and recent government legislation (the Inflation Reduction Act, for example), the answer to achieving these goals rests in the IT of the architecture in question. The next era of healthy buildings underscores the importance of IoT devices to collect all kinds of information in the building, as well as the software in the cloud that helps drive a quality Building Management System (BMS) for the best analytics and adjustments in the infrastructure.

IT in buildings — More than just technological support

IT in healthy buildings functions as one of the main driving forces in the building’s functionality, compatibility with other systems, and data utilized for real-time architectural analysis of energy efficiency and expenditures.

In order to support the infrastructure of the building, IoT devices using sensitive data collecting instruments like room sensors, occupancy monitors, air quality sensors and thermostats are essential to the management and monitoring of building health. IoT technology has made it possible to capture and create machine-understandable, real-world environmental data for use and interpretation.

Related: 5 Hybrid Work Trends Shaping the Future of Offices

These intelligent and connected devices feed information into cloud-based, SaaS applications connected to the BMS and can either be used to update conditions in the building by a facility manager, or reconfigured in real-time by advanced AI. Automatic updates are most useful when predictable energy-saving changes can be made without manual intervention, such as when lighting and HVAC energy usage can be scaled down in a vacated conference room.

Various building certifications are also very useful for maximizing the scope, scalability and performance of your IT system in your building. The WELL Building Standard, for example, “is a performance-based system for measuring, certifying, and monitoring features of the built environment that impact human health and well-being, through air, water, nourishment, light, fitness, comfort and mind.” This certification can help facility managers understand from a third-party perspective how effective the features of their equipment that monitors building health and can provide insight into whether an upgrade or change is necessary.

How Healthy Buildings are Managed

IT teams need to work with software development teams, building engineers and the facility manager to ensure communication is sound and that the installed devices are working well with the organization’s SaaS applications and physical hardware. Without an alignment in productivity and communication, projects can be delayed, or data can be inaccurately collected, defeating the purpose of the technology to make the building healthier.

What helps IT teams the most is a guided approach to project next steps, informed by in-depth data collected from a past IT project or analytics on the functions of the building. If updates need to be made to the systems that manage energy usage for water in the building, for example, data on which instruments are falling behind in productivity can help prioritize the instruments that need attention first. Additionally, the data could paint a different picture that may signal an issue with the software in place instead of the device, saving the IT team time and resources replacing a functional IoT device.

Disparate systems and diffused building sites can also make it difficult to move data from various buildings into one location for analysis. Integrated building systems and communication across teams in different locations, in tandem with the data collected and localized by IoT devices, creates a stronger internal operation that meets compliance and connects data points seamlessly.

The Next Generation of Healthy Buildings

IT provides the technological backbone that enables healthy buildings to function in their most optimal state. IoT and sensor devices, as well as the maintenance of the systems that keep them online, are key to ensuring a streamlined flow of quality information on the building that, with a comprehensive BMS, allows the organization to make effective energy management and quality-of-life decisions in the building.

The next generation of healthy buildings will be ones that adopt both extensive IT systems to power building efficacy and the IT teams to provide the necessary support and additional necessary installations for the architecture. These resources give buildings the foundation they need to adjust renewable energy generation, energy usage, property maintenance and issue identification in real-time.

The post Next Gen Healthy Buildings Must Rely on IoT and Cloud Integration appeared first on My TechDecisions.

Now, the question is how to choose a cloud IoT service platform to make the most of it? Choosing an ideal one for your business for cloud development services is vital because it provides reliable installations, and excellent customer services that are responsive to your business needs.

What is a Cloud IoT Platform?

Several technologies fit within the definition of an IoT platform. Primarily, it refers to hardware, software, web services and gateway devices. However, an IoT cloud platform refers to the cloud components of a system, which interact with, manage, update and perform other maintenance and administrative operations on IoT devices.

Speaking of the IoT cloud’s features, it embraces flexibility, a scalable model for delivering infrastructure, and services, which need to power IoT devices and applications with limited resources.

In addition, the IoT cloud offers an on-demand, affordable hyper-scale so that companies can benefit from. It also embraces a few of important features such as underlying infrastructure, servers and storage, which are required for real-time operations and processing.

If we’re talking about IoT cloud platforms, they are generally known for bringing IoT devices and cloud computing capabilities delivered as an end-to-end service. Hence, it is also referred to as the Cloud Service IoT platform.

Here’re some essential features that a cloud IoT platform offers:

• Connectivity & network management
• Device acquisition
• Device management
• Application enablement
• Integration & storage
• Processing analysis & visualization

Check out some popular IoT cloud platforms:

• Amazon Web Services IoT
• Microsoft Azure IoT Hub
• Google Cloud IoT
• IBM Watson IoT Platform
• Oracle Integrated Cloud for IoT
• Salesforce IoT
• Xively
• Carriots
• Cisco Jasper Control Center
• PTC ThingWorx Industrial IoT Platform

Here’s 5  Essential Tips to Choose an IoT Platform

There are different types of IoT platforms: edge-to-cloud platform, IoT connectivity, cloud management, data analytics, and artificial intelligence. If you are already familiar with IoT, you’ve probably known that there is no simple answer to choose the ideal cloud IoT platform for your business. Mostly, it majorly depends on various factors such as business model, resources, and the type of device.

So, when choosing the best IoT cloud platform for your project, you should ask some questions regarding the project’s requirements and directions. Ask yourself the following questions about the needs of the project:

• Requirements: What’re the requirements we have for cloud platform communication? Are there hardware limitations, usage requirements, or any specific protocols?
• Security: How to secure devices? What will be the potential security risks?
• Management & Troubleshooting: How do we manage and troubleshoot our apps? What about remote device administrators, on-site maintenance technicians, and the tools to maintain the devices?

Now, here’s some tips for choosing a cloud IoT platform for your organization:

1. Choose a Future-Proof IoT platform

IoT is considered the new market, constantly evolving and improving the way technologies solve problems. First, you need to choose an IoT platform that should be able to grow with the market. Plus, it needs to be effective even though new standards and protocols have been introduced. Therefore, no matter if such shifts are based on the system, network, cloud environment, security stack, chip/module, or end-point apps.

2. Know the importance of time-to-value

You only need to pick a vendor who can digitize in a few days or weeks to get the most out of cloud IoT platforms. Vendors can offer services at a higher speed by putting in minimal effort.

In short, you need to choose the platform that can give results in days or weeks and not in the months and years.

Pro Tip: Do not choose only one platform for proof of concept (PoC). It’s better to pick an end-to-end platform, which takes users from PoC to deployment.

3. Make sure IoT data must be application agnostic

The term “hardware agnosticism” means keeping the software independent of any hardware or specific platform. The hardware-agnostic system components do not require any particular hardware adaptations. Without suffering compatibility issues, you can work with a diverse range of systems.

IoT is all about unfastening latent data to enable users to make better decisions. This way, it’s possible to get better products. It is assumed that there will be millions of dollars of assets, which can be digitized in the future.

Therefore, an ideal IoT platform must be able to move data quickly to the apps, which are best suited for consuming and producing value from the data regardless of the primary resources.

4. Choosing a platform should be reusable over other products

If your company does not have multiple ERP systems, then there are chances not to have scalable and efficient investments in technology. Choose an IoT platform that can scale your entire business.

Suppose, if you run a big-sized business, it is better to use a single platform. It helps to manage any product or asset, e.g. trucks, pallets or any factory equipment.

For example, Carto, a Software-as-a-Service cloud computing platform, provides web mapping, GIS (Geographic Information System) mapping, and spatial data science tools. In addition, its location intelligence platform helps companies with useful features, such as location data. It helps to make decisions based on  conditions such as public transportation and storm damage.

Furthermore, the platform has to seamlessly integrate IoT data into existing or new applications.

5. Don’t rely on one compute scenario

One of the essential points to keep in mind is not to depend only on one scenario. Meanwhile, there are mainly three types of compute scenarios:

1). IaaS (Infrastructure as a Service),

2). PaaS (Platform as a Service), and

3). SaaS (Software as a Service).

The cloud is a powerful force; however, it cannot solve all the requirements one company has. Organizations also look for performance and cost considerations. In other scenarios, the user has to run the workload in a specific cloud infrastructure.

In order to reach higher potential, IoT simply requires flexibility and management of workloads. Well, there are several other considerations while selecting IoT vendors, such as repeat customers, ecosystem partners, trust, cost-effectiveness, and proven experience.

Wrapping Up

When selecting IoT vendors for cloud-native development services, there are several considerations, such as proven experience, cost-effectiveness, repeat customers, ecosystem partners and trust. The technology leaders and CIOs must consider their technology decisions carefully to make the most out of the IoT for the long-term rather than be disrupted in the short-run.

The post 5 Tips for Choosing a Cloud IoT platform appeared first on My TechDecisions.

According to Microsoft, these new security features extend Defender’s coverage to IoT devices such as digital signage, conference room systems and operational technology (OT) devices that have been prone to software vulnerabilities and attacks from cybercriminals. The company first announced the public preview of these capabilities last year during its annual Ignite conference.

“With this new addition, Defender for IoT now delivers comprehensive security for all endpoint types, applications, identities, and operating systems,” Microsoft IoT and security executives say in a new blog. “The new capabilities allow organizations to get the visibility and insights they need to address complex multi-stage attacks that specifically take advantage of IoT and OT devices to achieve their goals.”

This brings the same type of vulnerability management, threat detection, response and other capabilities for enterprise IoT devices previously only available for managed endpoint and OT devices, the executives write in the blog.

In addition, Microsoft is introducing a dedicated native integration for Microsoft 365 Defender customers designed to make enterprise IoT security more accessible, helping customers discover and secure IoT devices within Microsoft 365 Defender environments.

According to the blog, attackers have been observed scanning for unsecure, unmanaged IoT devices with default login credentials, gaining access to a network-connected camera, identifying other devices with exploitable vulnerabilities, harvesting network credentials, and moving laterally to leak documents, exfiltrate data or deploy malware.

The new capabilities in Defender for IoT will allow IT to use the existing Defender for Endpoint clients to gain visibility into devices deployed on the network without additional deployment or configuration via a deployable network sensor that can collect all network data it needs for discovery, behavioral analytics and machine learning, according to Microsoft.

With an understanding of the IoT devices in their environment, admins can use Defender for IoT to stay on top of misconfigured and unpatched devices. Defender for IoT will assess all of an enterprise’s IoT devices and offer recommendations in the Microsoft 365 console on how to fix any issues. Identification and risk assessments will run continuously as new IoT devices are added to the network.

Defender for IoT will apply the company’s machine learning and threat intelligence obtained from trillions of signals collected across the Microsoft ecosystem to help reduce the alert signal to noise ratio by prioritizing incidents that render end-to-end attacks in complete context rather than providing a long list of uncorrelated attacks, the company says.

The company says Defender for IoT remains a major component of its SIEM and XDR solutions.

“Through native integration with Microsoft Defender and Microsoft Sentinel, we can provide customers with the automation and visualization tools they need to address attacks crossing IT and OT network boundaries. These integrations also empower analysts to perform incident response holistically rather than as separate disconnected attacks that require extensive manual investigations to bring together. With these efficiency gains, organizations can stop attacks and bring their environments back to a pre-breach state far more quickly,” Microsoft executives wrote in the blog.

The post Microsoft Officially Unveils Protection for Unmanaged IoT Devices appeared first on My TechDecisions.

According to Microsoft, Edge Secured-core is a certification in the Azure Certified Device program for IoT devices that certifies that devices meet certain enterprise security standards, including hardware-based device identity, system integrity enforcement, remote manageability for device updates, data-at-rest encryption, data-in-transit encryption and built-in security agent and hardening.

Microsoft says data shows that Secured-core PCs are 60% more resilient to malware than PCs that don’t meet those specifications, so the company is bringing those learnings to define the requirements for Edge secured-core IoT devices.

To that end, the company announced the availability of its Windows IoT Edge Secured-core devices in the Azure Certified Device Catalog, which currently includes four devices from AAEON, ASUS, Lenovo and Intel.

Citing a recent study, the company says IoT device security is a top priority when implementing IoT for 65% of organizations deploying IoT solutions.

“Attacks targeting IoT devices put businesses at risk. Impacted devices can be bricked, held for ransom, employed as launch points for further network attacks, or used for malicious purposes,” the company says in a blog. “Among many consequences, we often see intellectual property (IP) and data theft and compromised regulatory status, all of which can have brand and financial implications on the business.”

Microsoft says it is also investing with semiconductor partners to build IoT-connected industry-certified microcontroller-based devices that align with the company’s security standards.

The post Microsoft Aims to Boost IoT Security With Secured-core Certification appeared first on My TechDecisions.

The announcement is centered around the Cisco Catalyst IW9167 Series, a new series of Wi-Fi access points for outdoor and industrial spaces, with flexible hardware that can operate in two modes: a Wi-Fi 6/6E Ready Access Point or Cisco Ultra-Reliable Wireless Backhaul.

When used as an access point, the Catalyst IW9167 doubles the available bandwidth for outdoor and industrial deployments by accessing 2.4GHz, 5GHz and the new 6GHz bands. When used as a wireless backhaul, the technology can deliver the added benefits of Cisco’s built-in security where zero-packet loss and fiber-like performance is required, according to Cisco.

The company says it also added new capabilities to the Cisco IoT Operations Dashboard that help enable remote operations and uncover more digital bling spots with new industrial sensors and simplified network management.

According to Cisco, the new Catalyst IW9167 Series expands the company’s industrial wireless portfolio with added flexibility, combining two wireless options into one hardware product to give organizations more choice to deploy wireless technology where they need it while future-proofing their deployments by being able to switch between the two technologies as needs change.

The Wi-Fi access point mode is managed by Cisco DNA Center via the Catalyst 9800 Wireless Lan Controllers, so IT can use the same tools to manage their entire network across their organization’s footprint. The Wi-Fi mode can be used to connect workers’ devices in common areas, while the backhaul mode can be used to expand coverage and enable seamless handoffs, such as when autonomous vehicles or equipment moves from one coverage zone to another.

To help IT be more efficient, enhancements to the IoT Operations Dashboard includes the ability to remotely manage connected assets and applications connected to Cisco’s industrial routers and gateways. Role-based access limits employee or third-party access to only what they need.

Since the dashboard is part of the Cisco Platform Suite, IT can use the same Cisco single sign-on credentials to log in. Network management has also been expanded to include support for the new series in backhaul mode for a holistic view of the network.

Improvements also feature new sensors for deeper insights into industrial assets and facilities.

The IoT Operations Dashboard secure equipment access capability is available today, and the new sensors will be available in July. The Cisco Catalyst IW9167 Series will be orderable in mid-2022.

In a blog, Cisco included insight from Energybox, an IoT automation company that uses the IoT Operations Dashboard and its secure equipment access to support its customer sites without increasing costs. Those customers include Wendy’s, which was looking for a remote site energy management solution to help automate operations and reduce costs.

“We wanted to reduce reliance on manual labor and to be able to support thousands of sites remotely,” said Tony Carrella, Energybox president. “With Cisco Catalyst IR1100 Routers and the Cisco IoT Operations Dashboard’s secure equipment access, we can save our customers thousands of dollars per site by providing actionable insights to reduce their energy usage and their equipment downtime, while cutting site visits. At the same time, we have reduced our costs through remote operations, and are saving over $1 million per software upgrade.”

The post Cisco Announces Cisco Catalyst IW9167 Series for Industrial, Outdoor Spaces appeared first on My TechDecisions.

According to the Richmond, Va.-based group’s detailed blog on the newly discovered threat actor, Mandiant says the highly sophisticated hackers are able to achieve a dwell time long past the average of 21 days due to their ability to install backdoors on unsecure IoT appliances such as IP cameras and re-compromise a victim immediately after access is removed.

Although Mandiant shared a detailed analysis of the group’s activities once inside a victim’s environment, the means of initial access is currently unknown. Once inside, the group – which Mandiant is calling UNC3524, deploys their novel backdoor which the company calls QUIETEXIT.

For long-haul remote access, that backdoor is deployed on “opaque network appliances” within the target’s environment such as SAN arrays, load balancers and wireless accent point controllers. Those kinds of devices don’t support antivirus or endpoint detection and response tools, leaving the underlying operating systems to vendors to manage, Mandiant researchers wrote in a blog.

“These appliances are often running older versions of BSD or CentOS and would require considerable planning to compile functional malware for them,” researchers wrote. “By targeting trusted systems within victim environments that do not support any type of security tooling, UNC3524 was able to remain undetected in victim environments for at least 18 months.”

It’s that persistence and ability to remain undetected that sets this group apart, with Mandiant saying only “a small number of threat actors” demonstrate those same abilities. Once firmly established in a victim environment, the threat actor demonstrated a very low malware footprint and relied on built-in Windows protocols. Most access was traced back to a victim appliance infected with QUIETEXIT, which supports full functionality of SSH and was used to establish a SOCKS tunnel into the victim environments.

The group operated from devices within the victim environment’s blind spots, including servers “running uncommon versions of Linux and network appliances running opaque OSes.” Those devices included primarily legacy conference room camera systems sold by LifeSize, a provider of videoconferencing hardware and software. In one case, Mandiant identified the use of a D-Link IP camera.

Those systems were exposed to the internet and may have been running older firmware. It is suspected that default credentials were used to compromise the devices and form the IoT botnet.

“Similar to the use of embedded network devices, UNC3524 can avoid detection by operating from compromised infrastructure connected directly to the public Internet such as IP cameras where typical antivirus and security monitoring may be absent,” Mandiant says.

“By standing up a SOCKS tunnel, the threat actor effectively plugs in their machine to an ethernet jack within the victim’s network. By tunneling over SOCKS, the threat actor can execute tools to steal data from their own computer, leaving no traces of the tooling itself on victim computers,” according to researchers.

From there, the group performs lateral movement to systems of interest via a customized version of Impacket’s WMIEXEC and heavily targets emails of employees involved in mergers and acquisitions via Microsoft Exchange or Microsoft 365 Exchange Online. In addition to executives and teams involved in M&A activity, the group targets IT security staff to determine if their activity has been detected.

While similar to methods used by Russian hacking groups, Mandiant stopped short of attributing this activity to any known group or nation state.

Read Mandiant’s full blog for more information, including on remediation and hardening techniques for Microsoft hardening recommendations.

The post This Hacking Group Uses Unsecure IP Camera Systems to Hide From IT appeared first on My TechDecisions.

This capability comes after Microsoft recently announced Defender for IoT sensor, version 22.1, that features Azure portal to scale large environments and control the security components from a single pane of glass.

According to Microsoft, Defender for IoT’s integrated on-device security solution is a managed, on-premises solution for device manufacturers and solution operators that includes the ability to incorporate security from the earliest stages of development. This is designed to enable builders to reduce their devices’ exposure to IoT risks before they ship devices to customers.

The company says Defender for IoT automatically recommends hardening strategies and helps protect the supply chain technologies added to devices. Once devices are deployed, customers and operators using the platform can leverage advanced run-time protection to detect and respond to threats.

In the public preview, Microsoft is introducing a micro agent for Edge that supports simplified automatic identity provisioning and authentication for Edge, enabling device builders to manage IoT Edge as part of its Azure IoT solutions.

The new release, Version 4.1.2, also features the ability to detect more threats, including malware, ransomware, device hijacking, brute force attacks and more. The solution also supports monitoring process events on Linux operating systems, network collection events on Azure RTOS devise and Linux devices, as well as a Login collector, Microsoft says.

The micro agent also supports benchmark checks from the Center for Internet Security (CIS), and users can use Defender for IoT to view recommendations based on CIS Distribution Independent Linux Benchmarks version 2.0.0.

The supported device list is also growing, expanded to Debian 11 and supported architectures in Ubuntu 18.04 and Ubuntu 20.04. The agent-based solution is also aligned with the standard Linux installation directory structure, Microsoft says.

Device manufacturers building devices with the existing Microsoft Defender for IoT micro agent are urged to upgrade to the new version. Read this Tech Community blog for more information.

The post New Microsoft Defender for IoT Capabilities Helps Create Secure-By-Design Devices appeared first on My TechDecisions.