Digital devices and home networks of corporate executives, board members and high-value employees with access to financial, confidential and proprietary information are ripe targets for malicious actors, according to a study released Tuesday by a cybersecurity services firm.
Connected homes are a prime target for cybercriminals, but few officials or security teams realize the prominence of this emerging threat, analyzing data from more than 1,000 C-suite, board members and more than 55 high-profile US officials. Based on that mentioned in the study. -based Fortune 1000 companies that are using BlackClock’s executive security platform.
“BlackClock’s study is exceptional,” said Darren Guccione, CEO of Keeper Security, a password management and online storage company.
“It helps to uncover the broader issues and vulnerabilities that cause millions of businesses to transact with distributed, remote work as well as corporate websites, applications and systems from unsecured home networks,” he told TechNewsWorld. are.”
Blackcloak researchers found that nearly a quarter of executives (23%) have open ports on their home networks, which is highly unusual.
BlackCloak CISO Daniel Floyd attributed some of those open ports to third-party installers. “They don’t want to send a truck out because they’re an audio-visual or IT company, when things break down, they’ll install port-forwarding on the firewall,” he told TechNewsWorld.
“It allows them to connect remotely to the network to solve problems,” he continued. “Unfortunately, they are being installed improperly with default credentials or vulnerabilities that haven’t been patched for four or five years.”
exposed security cameras
An open port resembles an open door, Taylor Ellis, a customer threat analyst with Horizon 3 AI, told an automated penetration test as a service company in San Francisco. “You wouldn’t leave your door open 24/7 in this day and age, and it’s like on a home network with an open port,” he told TechNewsWorld.
“For a business leader,” he continued, “when you have an open port that provides access to sensitive data, the risk of breaches and penetration increases.”
“A port acts like a communication gateway for a specific service hosted on a network,” he said. “An attacker can easily open backdoors into one of these services and manipulate them to do their bidding.”
The report noted that of the open ports on Corporate Brass’ home network, 20% were linked to open security cameras, which could pose a risk to an executive or even a board member.
advertisement
Bud Broomhead said, “Security cameras are often used by threat actors to spot and distribute malware, but perhaps more important is to provide surveillance on patterns and habits – and if resolution is sufficient, passwords and Other credentials are being entered.” , CEO of Viaku, a developer of cyber and physical security software solutions in Mountain View, Calif.
He told TechNewsWorld, “Many IP cameras have default passwords and outdated firmware, making them ideal targets for breaches and once breached, for threat actors to later migrate to home networks.” It gets easier.”
data leak
Blackcloak researchers also discovered that corporate brass’s personal devices were equally, if not more, vulnerable than their home networks. More than a quarter of execs (27%) had malware on their devices, and more than three-quarters of their devices (76%) were leaking data.
One way data leaks from smartphones is through applications. “A lot of apps will ask for sensitive permissions they don’t need,” Floyd explained. “People will open the app for the first time and click through settings, not realizing they are giving the app access to their location data. The app will then sell that location data to a third party.”
“It’s not just officers and their personal tools, it’s everyone’s personal tools,” said Chris Hills, chief security strategist at BeyondTrust, a maker of privileged account management and vulnerability management solutions in Carlsbad, Calif.
“The amount of data, PII, even PHI, in a common smartphone these days is astonishing,” he told TechNewsWorld. “We don’t know how vulnerable we can be when we don’t think about security as it pertains to our smartphones.”
Personal device security doesn’t seem to be top of mind for many executives. The study found that nine out of 10 of them (87%) have no protection installed on their devices.
lack of mobile OS security
“Many devices ship without security software, and even if they do, it may not be enough,” Broomhead said. “For example, Samsung Android devices ship with Knox security, which has previously been found to have security holes.”
“The device manufacturer may try to make a tradeoff between security and usability which may favor usability,” he said.
Hills said most people are comfortable and satisfied with the idea that their smartphone’s built-in operating system has the necessary security measures in place to keep the bad guys out.
advertisement
“For the layman, that’s probably enough,” he said. “For the business executive who is more than likely to lose his or her role in a business or company, the security blanket of the underlying operating system simply isn’t enough.”
“Unfortunately, in most cases,” he continued, “we focus so much on trying to protect as individuals, sometimes some of the most common are overlooked, such as our smartphones.”
lack of privacy protection
Another finding by Blackcloak researchers was that most personal accounts of executives, such as email, e-commerce, and applications, lack basic privacy protections.
In addition, they discovered the authorities’ security credentials – such as bank and social media passwords – are readily available on the dark web, making them susceptible to social engineering attacks, identity theft and fraud.
The researchers noted that the passwords of nine out of 10 executives (87%) are currently leaked on the dark web, and more than half (53%) are not using a secure password manager. Meanwhile, only 8% have enabled active multifactor authentication across most applications and devices.
Melissa Bishopping, endpoint security research specialist, said, “While measures such as multifactor authentication are not perfect, these basic best practices are essential, especially for boards/c-suites, which are often left out of necessity in terms of convenience. ” Tanium, creator of the endpoint management and security platform in Kirkland, Wash., told TechNewsWorld.
“Invading personal digital lives may be a new risk for enterprises to consider,” wrote the researchers, “but it is a risk that needs immediate attention. Opponents have determined that officials at home are the path of least resistance, and they will compromise this attack vector as long as it is safe, seamless and attractive to them.