Russian PIR Bank lost $1,000,000 thanks to a compromised router that gave hackers access into their local network.
This malicious IoT hacking incident is not surprising, considering that by 2020, the IoT is expected to reach a staggering amount of 20.4 Bn devices. More and more homes and enterprises who are using outdated cyber security solutions are in danger because of the non-stop IoT expansion, that puts networks in danger.
Generic networking devices like routers and a variety of IoT gadgets are usually left unprotected.
This improper handling exposed them to a wide variety of cyber threats that transforms them in entry points to consumer homes, small & medium business or even big corporate networks.
In the hack attempt against Russian PIR Bank, a hacker group called MoneyTaker have stolen roughly $1,000,000. This highlights the fact that even huge companies who spend millions on security each year do not have enough control and capabilities to manage those vulnerable entry points within their networks.
Once a hacker enters into a network, he can move laterally without using any type of malicious software or advanced malware.
In order to stay away from any threats like this, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running.
If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
This is why layered cybersecurity is a must for your network. Always remember that generic networking equipment and IoT devices are the weak links; leaving them alone without proper supervision is the biggest mistake you can make. In order to protect them, companies need to move away from traditional security approaches to the next generation solutions, especially security controls that are driven by artificial intelligence.
This is the top 5 business cybersecurity tips:
In order to build a strong cybersecurity, a foundation is crucial. It can be built by this cybersecurity practices:
• Define the exact boundaries of an interconnected enterprise network. That includes all the wireless and remote connections, from branches and access points in the remote areas to cloud computing, and potentially externally accessible S3 buckets. • Enable precise and real-time asset management. You have to know all of the devices that are connected to an enterprise network. The Russian PIR Bank case works as a perfect example of what can go wrong if your company doesn’t know all about its network. Watch out for Installed-and-forgotten devices, such as routers because they can cause a significant amount of damage to your company, assets, and brand.
• Properly configure and update all your existing devices in a clear process. This way, you can introduce a streamlined and automated patch management strategy that easily protect your legacy licensed software components.
• Use an Identity and Access Management (IAM) program. This means that you must know who is accessing your infrastructure and when.
• Use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.
It’s also imperative to mention that a company should not always rely on the default firmware of the routers, because not all of them are designed whit a strong cybersecurity. To ensure a strong cybersecurity your Security Teams must configure them properly. Only in this way, you will reach Network-security-wise, that makes a network very difficult to penetrate.