Network Optix News

Cybersecurity Threats in 2021 and Onward - How Nx Remains Secure - Network Optix

Written by Network Optix | Jun 13, 2022 9:43:45 PM

Cyber Attacks are not new – cyber attacks and cyber crimes have existed since the dawn of the internet and become more commonplace each year. The COVID-19 pandemic and the resulting migration of business dealings to online also saw a major uptick in cyber crimes. According to ABC News, cyber attacks and phishing incidents increased 600 percent in May of 2020 following the pandemic’s onset and continue to grow. 

According to Check Point Software Technologies, ransomware and related activity increased by 93 percent in the first half of 2021 alone and the World Economic Forum’s 2020 Global Risk Report expects IoT cyber attacks to double by 2025 (Embroker, Dec 2021).

Cybersecurity Threats 2021 Recap

Riding on the coattails of 2020’s covid-related cyber attacks, 2021 saw some of its own major cybersecurity breaches that have had devastating effects on individuals and organizations all over the world.

Colonial Pipeline Hack

In May of 2021, Colonial Pipeline – the largest fuel pipeline in the United States – was hacked using compromised employee credentials. Once in the system, hackers used malware to access sensitive data and compromise Colonial’s billing system. In an effort to contain the attack, Colonial shutdown its servers and, ultimately, its business which caused a huge oil shortage that ended up halting business operations for many companies.

In the end, Colonial paid a $4.4 million ransom to gain back control of their billing system and compromised data. 

CNA Financial

Similar to the Colonial Pipeline Hack, CNA Financial – one of the largest commercial insurance companies in the United States – suffered a ransomware attack which resulted in the exposure of 75,000 people’s personal information and data. CNA Financial paid $40 million to regain control of their accounts – one of the largest ransomware payoffs to date.

Log4J Zero-Day Vulnerability

Most recently, a critical vulnerability in the open source Apache Framework‘s widely-used logging tool Log4j has left many, many online services and java-based web servers – like Twitter, Amazon, Microsoft, Apple, IBM, Oracle, Cisco, and Google – at risk for ‘remote code execution’. (RCE) attacks. RCE attacks allow hackers to run commands and code remotely without the physical device. Essentially, the vulnerability could allow a hacker to take control of a system, causing disastrous effects for those reliant on them.

You can learn more about the Log4J vulnerability here. Rest assured, Nx Witness VMS and other Powered by Nx products are not affected by the zero-day exploit.

2021's Most Frequent Cyber Attacks

Beyond the major attacks seen in 2021, individuals and organizations encountered cyber attacks of a varying scale everyday this past year. 2021’s most frequent cyber attacks, according to a study conducted by IBM, are as follows:

  • Compromised Credentials – 20%
  • Phishing – 17%
  • Cloud Misconfiguration – 15%
  • 3rd Party Vulnerability – 14%
  • Physical Security Compromise – 9%
  • Malicious Insider – 8%
  • Accidental Data Loss/Lost Device – 6%
  • System Error – 5%
  • Business Email Compromise – 4%
  • Social Engineering – 2%

Compromised Credentials / Password-Cracking

In password-based attacks, hackers use software and brute force attacks to access secure accounts.

  • Nx has minimum password standards, an invalid login timeout, and a secure password reset / recovery method for Nx Cloud connected Systems. Users may also enable two-factor authentication for an added layer of security.

Phishing

Phishing is a method of sending fraudulent communications – usually email –  which mimic a reputable source in order to obtain login credentials.

  • Phishing attacks could cause Nx System users to inadvertently give their login credentials to nefarious actors. Nx’ Secure Password Reset functionality ensures passwords are able to be reset / recovered quickly in such an instance.

Cloud Misconfiguration

Cloud Misconfiguration occurs when gaps or weak points in a cloud’s configuration leaves it at risk for attacks.

  • Nx Cloud securely proxies remote connections to systems, removing the need to open or forward ports on secure networks.
  • Nx has minimum password standards, an invalid login timeout, and a secure password reset / recovery method for Nx Cloud connected Systems.

Vulnerability in 3rd Party Software

A potential threat to an organization’s data, internal information, etc. caused by a vulnerability in a 3rd party’s supply chain or other outside parties.

  • Nx monitors market news regularly and updates our customers about vulnerabilities as they emerge, are documented, and are addressed.

Physical Security Compromise

Physical Security Compromises occur when sensitive data or files have been breached due to the theft or unauthorized access of physical hardware. 

  • Accidental Data Loss / Lost Device: Similar to a physical security compromise, accidental data loss is a breach in security due to weaknesses brought about by human error.
    • A physical security compromise and/or accidental data loss could give bad actors access to and the ability to control Nx systems. 
    • Nx has minimum password standards, an invalid login timeout, and a secure password reset / recovery method for Nx Cloud connected Systems. 

Malicious Insider

A security risk that originates from within the targeted organization – via a current or former employee or business associate who misuses their access to sensitive information or privileged accounts.

  • Nx allows for fast reset / recovery of passwords.

System Error

A breach in security due to weaknesses brought about by a system error or misconfiguration.

  • Nx uses HTTP and SSL to communicate with all System servers for secure, encrypted communications.

Social Engineering 

The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

  • Business Email Compromise: A type of Social Engineering, business email compromises occur when an attacker manipulates employees inside an organization to divulge confidential information or perform unauthorized transactions by posing as someone the recipient trusts—typically a colleague, boss, or vendor. 
    • Nx allows for fast reset / recovery of passwords.

Other popular Security Threats include:

Malware
Malicious software that installs on computers through a vulnerability in an operating system or a piece of software. 

  • Malware could potentially be used to intercept user credentials and video streams, or cause the user’s Nx System to function poorly due to interruption in system or network resources caused by the Malware.

Man-in-the-Middle Attack

This type of attack occurs when the attackers insert themselves into the middle of communications between two parties in order to intercept sensitive data. Typically this is accomplished by monitoring network traffic or through the use of Malware.

  • Nx secure communications capabilities – including OpenSSL connections, HTTPS communications, and encrypted video traffic – were engineered to address this type of attack.

Distributed Denial of Service Attack (DDOS)

This type of attack is designed to flood systems, servers, or networks with traffic to exhaust resources, effectively killing the system’s ability to perform normally.

  • Nx’ secure communications (SSL, HTTPS, Cloud Proxy, Secure Connections, and Encrypted Video) help to prevent DDOS attacks and server health monitoring provides the ability for operators to diagnose DDOS attacks in real-time.. 

SQL Injection

SQL injection occurs when a malicious actor inserts code into a server running an SQL database that forces the server to reveal information. 

  • Nx utilizes the OWASP standard for prevention of SQL injection attacks and employs additional obfuscation techniques.

Zero-Day Exploit

A zero-day exploit hits after a network vulnerability is announced but before a patch or solution is implemented.

  • Nx monitors market news regularly and updates our customers about Zero Day vulnerabilities as they emerge, are documented, and are addressed.

Cybersecurity Threats in 2022 and Beyond

As new advancements in tech continue cybercriminals also continue to develop new tactics and strategies to target organizations. Although the forecast looks a little bleak, it’s important to be aware of where the cybercrime / cybersecurity landscape is headed in order to identify threats early on and ensure your organization is prepared with the best defenses possible.

Some cybercrime trends to look out for in 2022 and onward include:

Ransomware Copycats

Within the first six months of 2021, ransomware-related payouts totaled around $590 million – $200 million more than in the entirety of 2020 . These success stories are likely to incite many copycat ransomware attacks in the years to come. 

On top of that, the increasing popularity and advancement of Ransomware as a Service (RaaS) in the cybercrime realm is expected to allow cybercriminals to launch ransomware attacks more effortlessly and more frequently. 

5G Vulnerabilities

With the upcoming 5G rollout comes a faster, more reliable network with a larger capacity for devices. Although 5G’s enhanced interconnectivity will serve as a huge benefit, it also has the potential to increase the public’s vulnerability to cyber attacks. 

The less centralized and more virtualized nature of the 5G network will likely make managing and maintaining cybersecurity more difficult, leaving it open to new points of attack. Additionally, 5G will lead to more and more vital infrastructure moving online, giving hackers the potential to pull off bigger, more devastating attacks in the future. 

IoT Cyber Attacks

The world’s ever-increasing number of connected devices – accelerated by the 5G rollout –  provides cyber criminals with countless access points and mediums for which to aim their attacks. In fact, the World Economic Forum’s 2020 Global Risk Report expects IoT cyber attacks to double by 2025 (Embroker, Dec 2021). 

How Nx Remains Secure

  • Although the cybersecurity threats listed above are important to be aware of, Powered by Nx product users and resellers can rest assured that Nx video management software was engineered to be secure. Nx VMS is continually improved to address cyber security threats by using a combination of secure technology and process measures outlined below.

     

    User Rights Management

    Nx has advanced User Rights capabilities that allow Administrators to implement strict controls over what operators are able to accomplish in the system and which resources they are allowed to configure and interact with.

    User Rights

    • Single System Owner with Super User rights
    • Customizable User Rights & Roles

    Audit Trail

    • All user actions are logged for review by system administrators

    Password Protections
    Nx requires a minimum level of security when creating passwords.

    Password Security

    • Minimum password strength during account creation
    • Secure password reset via Nx Cloud
    • Complex Multi-Level Salted/Hash password storage

     User Enumeration Detection

    • Nx Server and Cloud applications detect and prevent user enumeration (brute force attacks, guess and confirm attacks) through the use of timeouts.

    Integration with LDAP

    • Integration with LDAP enables centralized management / reset of IT credentials by IT administrators.

    Data Integrity Checks

    Nx also includes key technologies to ensure the integrity of information within and produced by a system. These include:

     Archive Integrity Check

    • Nx notifies operators when archived video has been modified indirectly (e.g. deleted / replaced files).

     Watermarking for Chain of Custody

    • Nx has built-in watermarking, allowing operators or viewers to check the authenticity of a video exported from a system and preventing the manipulation of evidentiary video.

    Secure System Communications

    Nx includes many protections for system communications over both secure (e.g. LAN/WAN/VPN) and unsecure (e.g. Internet) networks.

     OpenSSL for Network Connections

    By default, we disable deprecated and insecure protocols and use only TLS v1+. The Transport Layer Security protocol aims primarily to provide privacy and data integrity between two communicating computer applications.

  • Server -> Client (Mobile, Desktop, Web) Communications – HTTPS
    HTTPS is used by default for all connections.

  • Email – TLS / SSL
    TLS is the default option for the Email Server. 

    Encrypted Client-Server Communications

    • System administrators can choose to encrypt VMS communications with the “allow only secure connections” option in System Administration settings.

Encrypted Video Traffic

  • System administrators can choose to encrypt all video traffic between Clients and Servers with the “encrypt video traffic” option. 

 Custom SSL Certificates

  • Nx supports the use of Custom SSL certificates.

 Cloud Connection Proxy

  • Nx Cloud securely proxies remote connections to systems, removing the need to open or forward ports on secure networks.

Risk Prevention Methods

Network Optix also institutes processes to ensure threat assessment and resolution is part of our core culture. These steps include:

 Extensive Quality Assurance Testing

  • Nx software undergoes rigorous Quality Assurance testing prior to release to identify and remedy vulnerabilities.

 External Security Auditing

  • Nx VMS undergoes regular external security testing and auditing.

 Online Support Portal

  • Network Optix maintains a global support presence with an active support portal and community forum at http://support.networkoptix.com. Customers and partners are encouraged to report issues and work with proactive support team members who are able to remotely assist customers with any issue.

 Regular Patches
View full post