The RSocks Botnet Highlights the Security Risks for IoT Devices

a blue background with an image of a padlock

There are a lot of ways hackers and cybercriminals can attack personal, business, and government networks and servers. A botnet is one way hackers can lead massive hacking campaigns by infiltrating connected devices worldwide and operated by a single person. These attacks are used to disrupt services, steal crucial information, and gain access to critical systems. A botnet’s strength is in its numbers. Recently, a Russian Botnet known as RSocks consisting of millions of Internet of Things or IoT devices was thwarted by a combined effort of the United States Department of Justice, United Kingdom, Netherlands, and Germany. The attack targeted IoT devices, raising awareness of the vulnerability of such devices. 

The Take Down of RSocks

The RSocks botnet hacked into millions of devices worldwide since 2016, when the RSocks Botnet was first detected. The botnet targeted IoT devices such as industrial control systems, routers, smart appliances, audio or video streaming devices, and more. Computers and Android devices soon fell to the botnet as RSocks grew larger. 

The botnet was advertised as a proxy service that specialized in residential nodes. Instead of selling legitimate IP addresses through an internet service provider, RSocks sold IP addresses of the devices that had been hacked. Because the IP addresses were residential, it made it difficult for authorities to track the hackers’ location. 

The investigation into RSocks began in 2017 with the FBI mapping the infrastructure by purchasing many proxies. The United States Department of Justice reported that the cost for accessing RSocks proxy pools ranged from $30 a day for 2,000 proxies to $200 a day for 90,000 proxies. 

Investigators found 325,000 compromised devices, many of which were located within the United States. With the consent of three major botnet victims, the FBI replaced compromised devices with government-controlled computers allowing them to thoroughly map out and shut down the botnet. 

How to Protect Your IoT Devices from Botnets

While RSocks has been seized and is no longer in operation, cybercriminals are still building botnets around the globe. Understanding the security shortcomings of IoT devices is essential to protect your devices from malicious attacks. IoT devices are becoming a more common device chosen in hacker attacks as they are often unsecured and are easy targets. 

If your business uses IoT devices, you must implement basic security measures to prevent your devices from being used for malicious activities. Recommended security measures include:

  • Disconnecting IoT devices when not in use
  • Changing default configuration settings such as renaming the hardware
  • Choose a strong password
  • Keep software and firmware updated
  • Set up an alternative network specifically for IoT devices

Protecting your business’s IoT devices might seem complex, but experts are available to help you with your security needs. 4 Corner IT can create a strong security network allowing you to have peace of mind and focus on other business needs. To learn more, call us at 954.474.2204.

Contact Us Today!

What is The Threat Landscape and How to Navigate It

a man in a suit is touching the word cyber threat

Cybersecurity threats have become a regular part of business, and navigating the threat landscape can be challenging. Cybercrime and breaches are a significant problem on the rise for companies. They are an even more serious problem for businesses without security measures to protect them. 

As a business, you can’t afford to leave your data unprotected. Cybercrimes can cause operational issues, financial losses, and the loss of sensitive customer data. This results in fines and damages to your business’ reputation. What is the threat landscape, and what can you do to navigate it?

What is the Threat Landscape?

The threat landscape is a scope of potential and recognized security threats that can affect organizations and industries. It encompasses the malware, groups of attackers, vulnerabilities, and the techniques used to infiltrate systems and networks to obtain information that may be valuable to attackers. 

The threat landscape changes over time as attackers and systems evolve, and events can help transform the landscape. New cyber threats emerge daily, and the landscape evolves. This means businesses and their security measures need to be ready to evolve with the threat landscape to stay protected. 

Common Threats in the Threat Landscape

There are countless ways attackers try to gain access to your data, disrupt operations, or damage information. It’s essential to know the common threats you can encounter in the threat landscape to protect your business better. 

Phishing – Phishing is a common tactic where attackers send a message through email, social media, text messages, or phone calls to trick people into following the instructions and providing sensitive information. Many attacks begin with phishing, and while they have signs of corruption, they have become harder to spot and have made their way through network security systems. 

Ransomware – Ransomware locks down files on your system and doesn’t allow you to have access until you agree to pay a ransom. Attackers will often threaten to release the information, which can cause damage to the business’s reputation and major financial losses. 

Distributed Denial of Service (DDoS) Attack – A DDoS attack takes down websites by flooding a computer or network with a botnet that halts operations and prevents the business from responding to requests. Botnets use millions of malware-infected systems operated by hackers, can be in different geological locations, and are difficult to trace.

 

How to Navigate The Threat Landscape

The threat landscape is continuously evolving and changing with attackers becoming more creative in obtaining and infiltrating systems. You need to be able to protect your business from common attacks and potential threats in the future. Here are a few tips you can implement to protect your business data and network.  

  • Educate Employees on Cyber Threats – You want your employees to understand the risks of cyber threats in the threat landscape so they can do their part in protecting your business. Provide regular training to make your employees aware of what to look for, the importance of secure passwords, and avoiding unfamiliar links and attachments.
  • Keep Systems and Software Updated – Hackers will try to find vulnerabilities in your software and operating systems to carry out their attacks. Having your systems consistently updated removes vulnerabilities and ensures you have the best defense against cyber threats.
  • Backup Files and Data – When you lose data to cybercrimes, it can be catastrophic to your business. To avoid big losses, ensure you regularly back up your data using cloud storage and a designated server location.
  • Test Your Network Security Regularly – The threat landscape continuously evolves. To ensure your security systems are ready to take on security threats, you want to have professional testing to see the vulnerabilities in your systems you may not have been aware of. You can get a full report and be able to implement security measures to protect you further. 

 

Understanding the threat landscape is essential to identifying any potential security problems your company may face. Call 4 Corner IT today at 954.474.2204 to learn more about how to best secure your network.  

Contact Us Today!

How Prevent Your Network from Being Sold By Hackers

Locked computer ransomware with hands holding money and key flat vector illustration. Network Sold by Hackers

Believe it or not, your organization’s network can be sold by hackers under the right circumstances. This is the unfortunate reality that we live in. Thus, the commoditization of data and network access has become a real problem. According to a study from KELA, hackers can sell access to compromised networks for a pittance compared to the amount of work you have invested in building your business. If you have your business’s network sold by hackers, it could create a snowball effect. This includes events that can lead to your business’s downfall. Therefore, you must do everything in your power to protect your network and prevent this from happening.

This report from KELA followed Initial Access Brokers. This term is used to describe threats that sell access to compromised network infrastructures. Additionally, these threats are big players in the world of cybercrime. They can effectively facilitate some of the most devastating threats out there, including ransomware and remote access threats. The report examined one full year of listings by Initial Access Brokers to discover how much value can be assigned to this type of network access.

It is quite shocking to see just how little value is associated with access to your network. Out of the 1,000 listings, KELA found that the average price of network access credentials was about $5,400. The median price being around $1,000. Other trends examined included the average price of credentials, as well as information on industries affected and countries affected. The top countries affected were the United States, France, the United Kingdom, Australia, and Canada. Additionally, top industries affected included manufacturing, education, IT, banking/financial, government, and healthcare.

Just take a moment to imagine how much chaos someone could inject into your business simply by purchasing access to your infrastructure. All it takes is a small investment and access to a VPN for someone to start causing some real trouble for your business. There are quite a few ways that you can minimize the damage done through these methods, including the following:

  • Implement comprehensive security measures

    In terms of sheer security, we recommend unified threat management, or UTM, to handle most of the threats your business could face. This all-in-one solution includes security measures such as a firewall, antivirus, content filter, and spam blocker to minimize exposure to threats.

  • Monitor your network traffic

    If you keep track of who logs onto your network, when, and where they are logging in from, you’ll have a greater chance of identifying suspicious traffic patterns.

  • Implement multi-factor authentication

    Password security is still important, but not nearly as important as having additional measures in place. Multi-factor authentication can help make sure that people logging into your network are who they say they are.

  • Take regular backups of your infrastructure

    You never want to use your data backup, but having it never hurts, and it will give you a nuclear option in the event that someone does manage to gain unauthorized access to your network.

If you have your business’s network sold by hackers, it can damage your business’s entire operations. To learn more about how you can protect your business, reach out to us at (954) 474-2204.