Network Monitoring News – Dec 2016

IP Cameras – Update Camera Firmware now.

In a blog post published today, Austrian security firm SEC Consult said it found two apparent backdoor accounts in Sony IPELA Engine IP Cameras — devices mainly used by enterprises and authorities. According to SEC Consult, the two previously undocumented user accounts — named “primana” and “debug” — could be used by remote attackers to commandeer the Web server built into these devices, and then to enable “telnet” on them.

“We believe that this backdoor was introduced by Sony developers on purpose (maybe as a way to debug the device during development or factory functional testing) and not an ‘unauthorized third party’ like in other cases (e.g. the Juniper ScreenOS Backdoor, CVE-2015-7755),” SEC Consult wrote.

If you have any Sony IP cameras, you should make sure you do a firmware update to the latest revision. The backdoor accounts are disabled in the latest firmware.

Social Engineering Red Flags

Tell tale signs something is not right.

Sender Email Address

• You do not recognize the sender.
• The sender is not part of your organization and its not job related.
• The sender is an employee, customer, vendor or partner and is very unusual or out of character.
• The senders email address is from a suspicious domain like microsoft-support.com.
• You do not have a business relationship nor any past communications with this sender.
• The email has a hyperlink or an attachment from someone that you have not communicated with recently.

TO: Email address

• You were CC’d on an email to one or more people, but do not recognize or personally know them.
• You received a message that was also sent to an unusual mix or people. For example, a seemingly random group of employees whose last names start with the same letter.

Subject

• Is this email a reply to something you never sent or requested?
• Is the subject of the email irrelevant or does not match the message content?

Email Body/Content

• Is the sender asking you to click a link or open an attachment to avoid a negative consequence?
• Does the message appear odd, or does it have bad grammar or spelling errors?
• Is the sender asking you to click a link or open an attachment that seems illogical?
• Is the email asking you to look at an embarrassing picture of yourself or someone you know?

Date

• Was this email recieved at an unusual time like 2AM?

Attachments

• Does the attachment make no sense in relation to the email message?
• Is the attachment unexpected? is it a dangerous file type?

Hyperlinks

• If you hover over the link with your mouse, do the links match? If they are different this is a big RED flag.
• Does the email only have a link? Is the link very long?
• Is the link a misspelling of a well known website? Example www.bankofanerica.com Notice the n.