Do you know how to protect your webcam from being hacked? Would you know if a cybercriminal was using your printer to carry out cyberattacks? While most of us are aware of the dangers that cybercriminals can pose to our computers and mobile phones and take steps to protect them, we seldom consider how these threats can affect the growing number of Internet vc connected devices we use in our daily lives. The ‘Internet of Things’ All devices which can connect to the Internet – collectively called the ‘Internet of Things’ or IoT – are potentially at risk of a cyberattack. Everyday personal items like video cameras, refrigerators and televisions can be used by cybercriminals for malicious means. Cyberattacks targeting or using IoT devices have increased significantly in the past two years, according to several reports from the private cybersecurity industry. An example was the Mirai botnet, which in 2016 infected tens of thousands of devices, mostly Internet routers, with weak password security. These were then used in coordinated distributed denial of service (DDoS) attacks against websites worldwide including a university and several media sites. In the world of cybercrime, the number of IoT devices a criminal has access to is seen as a sign of their status. Although police around the world are developing the skills necessary to forensically examine computers and mobile phones, they are often not aware of how to collect evidence from other connected devices. The latest edition of the INTERPOL Digital Security Challenge tackled this threat, with 43 cybercrime investigators and digital forensics experts from 23 countries investigating a simulated cyberattack on a bank launched through an IoT device. “Cybercrime investigations are becoming more and more complex and operational exercises such as the Digital Security Challenge, which simulate some of the hurdles that investigators face every day, are vital for the development of our capacities,” said Peter Goldgruber, Secretary General of the Austrian Ministry of the Interior. Meeting the challenge I n the scenario, cybercriminals attacked a bank in an attempt to steal large sums of money. The investigators analysed the bank’s computers to identify the date, time and files where the malware installed by the criminals. Through this digital forensic examination, the teams discovered the malware was contained in an e-mail attachment sent via a webcam which had been hacked, and not directly from a computer. This is an emerging modus operandi, as it is more difficult to identify the source of the attack. Once the teams accessed the digital data held by the compromised webcam, they identified the command and control server being used to remotely control the device to conduct the cyberattack. Further evidence led to the identification of a second command and control server, and the investigators identified technical vulnerabilities of the servers which could be used to prevent further attacks. Noboru Nakatani, Executive Director of the INTERPOL Global Complex for Innovation said the scenario provided a learning experience on how to conduct real-world investigations more effectively. “The ever-changing world of cybercrime is constantly presenting new challenges for law enforcement, but we cannot successfully counter them by working in isolation. “A multi-stakeholder approach which engages the expertise of the private sector is essential for anticipating new threats and ensuring police have access to the technology and knowledge necessary to detect and investigate cyberattacks,” said Mr Nakatani.   Tips for safeguarding IoT devices: Change the factory default passwords – these can be the same for hundreds or thousands of devices, making it easy for criminals to hack; Regularly update all software; Disable features which allow the device to be accessed remotely; Take extra care when buying used devices – you don’t know what the previous owner installed on the device.   Sharing expertise Conducted annually, INTERPOL’s Digital Security Challenge helps police worldwide develop the skills necessary to tackle the latest cybercrime threats. The first two events in 2016 and 2017 simulated cyber blackmail involving bitcoin and a ransomware attack. This year’s three-day (19-21 February) event was organized in close I n the Americas, hurricanes, tornadoes and earthquakes are occurring more frequently, so unimpeded mass communication during these events is critical. MNS software is often employed so companies can communicate with their employees, federal agencies, university students and the general public. More channels of communication available in these types of events, means more people can reach safety faster and more lives can be saved. In Western Europe, the second-largest market for MNS software, weather-related incidents occur less often, How Catastrophic Events are Changing Mass-Notification System Market By Robert Brooks – Analyst, Security and Building Technologies, IHS Markit cooperation with the INTERPOL National Central Bureau in Vienna and private sector partners NEC Corporation and Cyber Defense Institute. “NEC has contributed as a strategic partner to INTERPOL’s commitment to improve the cybersecurity skills of investigators throughout the world. For the third year, NEC is honored to have helped develop the Digital Security Challenge by providing our expertise at this cutting-edge event,” said Kozo Matsuo, Vice President of NEC Corporation’s Cyber Security Strategy Division.’ Training sessions to develop participants’ practical knowledge on IoT device analysis and the latest trends in malware-related crime were delivered by specialists from NEC Corporation, InfoSec, Meiya Pico, SECOM, Kaspersky Lab and Trendso the need for MNS software is lower than in the Americas. While individual countries might deal with specific weather threats – like blizzards and freezes in Sweden and flooding in the UK – in 2017 the United States alone experienced four major hurricanes. Mass-notification system (MNS) software used in emergency communication, the primary segment used during a catastrophic event, is expected to grow in the Americas at a compound annual growth rate (CAGR) of 6.8 percent from 2017 to 2021, reaching $293.1 million in 2021. Micro. Support was also provided by the UN Office on Drugs and Crime (UNODC). Kenji Hironaka, President of Cyber Defense Institute said, “We are proud to have provided forensic content and technical support during all three INTERPOL Digital Security Challenge events. We will…

With Cybersecurity becoming an increasingly important factor in designing modern Ethernet networks, ComNet have launched an industry first edge security feature that is both simple, secure and easy to configure and use. The ComNet exclusive Port Guardian feature has the capability to physically disable a port if unauthorized access is detected. The value in Port Guardian comes in situations where network intrusion is attempted by disconnecting an IP addressable device at the edge to connect to the network. When Port Guardian senses this disconnect, an SNMP notification is sent to the head end and the affected port is physically locked out, preventing access. The network administrator can re-enable the port once the threat is eliminated. This feature also thwarts access through ‘Spoofing’ by disabling the port as soon as an interruption is sensed. Layer 2 managed switches can typically implement port security which consists of checking incoming packets for a matching MAC address. If a packet with a valid MAC address is received on a particular port then the switch will allow that packet to pass through the switching fabric of the switch as normal. If a packet with an invalid MAC source address is received on the switch port then that packet is dropped by the switch and is not allowed to proceed any further and therefore, this provides a basic level of security as only traffic from the user defined MAC address is allowed on that port. With this method it is therefore possible to easily implement basic port security against a potential intruder from removing the original device and replacing it with a device designed for network intrusion or from cutting the cable that went to the original device and connecting this cable to their own network intrusion device to gain access to the network. This level of protection is common amongst most layer 2 managed switches on the market today and indeed all ComNet managed switches support this capability as standard. This feature is referred to by many names including (but not limited to) the following: Port locking. MAC locking. Port security. MAC filtering. What’s wrong with traditional switch port security? The issue with the traditional Layer 2 MAC filtering/ locking as previously described is that it can be defeated with relative ease in a matter of minutes by using readily available software which can artificially alter the MAC address of the sender to match whatever the potential intruder wants. In the example below the intruder will alter the MAC address of their laptop to use the same MAC address of the authorised camera and gain access to the network. How would the intruder know what MAC to spoof? So how would a potential intruder know the MAC address of the camera (in this example) in order to be able to spoof that address from their laptop and gain network access? This could be done in several ways but one simple way could be to use a low cost network tap device so the camera is briefly unplugged and then connected to the tap and then quickly re-connected to the network again. The operator would see video loss for some seconds but would unlikely put this down to a potential intruder if it was even noticed at all. How does port guardian prevent such intrusions? At the basic level Port Guardian works as a layer 1 protection system so the actual data being sent on the port is not important and the switch does not need to know anything about it. Port Guardian constantly monitors the enabled ports and as soon as it detects that a cable has been unplugged or there is a link down event that port will be immediately disabled and the network administrator notified via an SNMP alert (and optionally by a local contact relay if supported on the particular switch model) to the potential intrusion. What happens after Port Guardian locks out a port? Once Port Guardian has been triggered on a certain port then that port is in a permanent lock out condition and will appear to be dead to the potential intruder (no LEDs or anything will work on that port). The port will remain in this lock out condition even if the original legitimate device is re-connected. The lock out state can only be cleared by the network administrator through one of 4 possible methods as outlined below SNMP reset command issued. Reset via Web GUI. Port Guardian reset command issued from the local USB serial port CLI. A contact input is closed (only available on models that have contact inputs). The contact input method is user configurable and is not enabled by default. What about cycling power to the switch? This is another user configurable option. The port lock out states can be set to clear on a power cycle or they can be set to go into lock out condition in the event of a power cycle (this would be the most secure option). So how can Port Guardian be used in networks? There are really two distinct ways to use the Port Guardian feature and the correct implementation depends on how secure the location is where your remote ComNet edge switch (with Port Guardian feature) is located. An outline description and visual example of both scenarios follows. Edge switch in secure location scenario I f the ComNet edge field switch is installed within a secure location then there is no concern about an intruder gaining access to the physical switch itself so one could enable Port Guardian just on the ports where he has edge devices connected that are physically located outside of the secure location and not enable Port Guardian on the uplink port(s) which are part of the secure network. In this scenario one could also set the option to have a power cycle clear any locked out ports as again he would not be as concerned with a potential intruder being able to power cycle the switch itself. Edge switch in…