Tag: Hardware | SpinSafe

A Wake-Up Call for Securing Remote Employees’ Hardware

February 9, 2024/in Internet Security

Update: Multiple U.S. and international government agencies released an advisory Feb. 7 detailing the Volt Typhoon attacks. The threat actors targeted and compromised the IT environments of U.S. communications, energy, transportation and water infrastructure in the continental U.S. as well as non-continental areas and territories, such as Guam.

Original article: State-sponsored hackers affiliated with China have targeted small office/home office routers in the U.S. in a wide-ranging botnet attack, Federal Bureau of Investigation Director Christopher Wray announced on Wednesday, Jan. 31. Most of the affected routers were manufactured by Cisco and NetGear and had reached end-of-life status.

Department of Justice investigators said on Jan. 31, 2024, that the malware has been deleted from affected routers. The investigators also cut the routers off from other devices used in the botnet.

IT teams need to know how to reduce cybersecurity risks that could stem from remote workers using outdated technology.

What is the Volt Typhoon botnet attack?

The cybersecurity threat in this case is a botnet created by Volt Typhoon, a group of attackers sponsored by the Chinese government.

Starting in May 2023, the FBI looked into a cyberattack campaign against critical infrastructure organizations. On Jan. 31, 2024, the FBI revealed that an investigation into the same group of threat actors in December 2023 showed attackers sponsored by the government of China had created a botnet using hundreds of privately-owned routers across the U.S.

The attack was an attempt to create inroads into “communications, energy, transportation, and water sectors” in order to disrupt critical U.S. functions in the event of conflict between the countries, said Wray in the press release.

SEE: Multiple security companies and U.S. agencies have their eyes on Androxgh0st, a botnet targeting cloud credentials. (TechRepublic)

The attackers used a “living off the land” technique to blend in with the normal operation of the affected devices.

The FBI is contacting anyone whose equipment was affected by this specific attack. It hasn’t been confirmed whether…

Source…

Hardware Security Modules Market to grow by USD 982.86 million between 2021 – 2026 | Growth Driven by Rising use of Internet banking and digital payments

September 18, 2023/in Internet Security

NEW YORK, Sept. 17, 2023 /PRNewswire/ — The Hardware Security Modules Market report has been added to Technavio’s offering. With ISO 9001:2015 certification, Technavio has proudly partnered with more than 100 Fortune 500 companies for over 16 years. The potential growth difference for the hardware security modules market between 2021 and 2026 is USD 982.86 million. The rising use of Internet banking and digital payments drives the hardware security modules market. Consumers use smartphones to make online transactions at any time. Digital wallets are becoming the most popular mode of payment due to various features. The features include easy registration and login, robust merchant and consumer payment processing capability, and a user-friendly dashboard. Factors such as the growing need for faster checkouts at retail outlets, the high adoption of EMV cards, effective information management among retailers, and the increased focus on secure payments contribute to the growth of the global hardware security market. Hence, such factors drive the growth of the hardware security modules market during the forecast period. Get deeper insights into the market size, current market scenario, future growth opportunities, major growth driving factors, the latest trends, and much more. Buy the full report here

Technavio has announced its latest market research report titled Global Hardware Security Modules Market

Market Challenge – The high preliminary acquisition cost challenges the growth of the hardware security modules market. Generally, hardware security modules developed with older generations of expertise pose significant barriers to adoption. High prices for hardware security modules are led by features such as secure cryptographic processing, a tamper-proof environment for key protection and management, and certification requirements to meet compliance standards. In addition, features such as secure cryptographic processing, a tamper-proof environment for key protection and management, and certification requirements lead to high prices for hardware security modules. This is required as organizations need to meet the quality standards. As the cost…

Source…

The Week in Security: Researchers hack ‘unbreakable’ card-shuffling hardware, Discord.io shut after breach

August 18, 2023/in Computer Security

deckmate2-shuffling-hack

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security. This week: Researchers kick it Ocean’s Eleven style with an attack on card shuffling machines. Also: A software vulnerability could be behind a breach that shut down Discord’s invite system.

This Week’s Top Story

Hackers Rig Casino Card-Shuffling Machines for ‘Full Control’ Cheating

History has shown us that there are few better ways of getting a piece of technology hacked than to declare it secure and “un-hackable.” The latest case in point: the Deckmate 2, an automated card shuffling machine used in casinos around the world. After an investigation into an alleged incident of cheating in a high stakes poker tournament prompted an official investigation that declared the Deckmate shuffling machine one that “is secure and cannot be compromised,” three IOActive researchers took up the implicit challenge. Spoiler alert: the Deckmate was, in fact, hackable.

At a presentation at DEF CON, researchers Joseph Tartaro, Enrique Nissim and Ethan Shackelford of IOActive presented the results of a months-long investigation into the Deckmate. As reported by Wired, the three found attackers could employ a simple USB-enabled minicomputer to gain total control over the machine, potentially allowing a poker player to know exactly what cards the dealer and other players hold and, thus, become unstoppable at the table.

Tartaro and his fellow researchers were able to alter the shuffler’s code to hijack the machine, and tamper the shuffling process. They also were able to access an internal camera on the Deckmate, giving them the ability to know exactly which cards were being dealt and to whom. However, as of yet the IOActive researchers have not been able to engineer a technique that allows for them to choose the exact order of cards via this remote access. Light & Wonder, the makers of Deckmate, said in emails to the researchers that they are in the process of patching the issues discovered by the researchers. The company denies the compromises have been used against machines deployed on a casino floor. So if…

Source…