4 Real Life Examples of the IoT Being Hacked

Cyber Attack, Internet of things, IOT, Security, Security Threats, ,
09
Jan 2018

It’s easy to talk about the IoT (Internet of Things) security issues in theory, but what actually happens when the IoT gets hacked?

Understanding exactly what happens when IoT devices get hacked and how they get hacked is crucial in helping to protect your organization. Knowledge, of course, isn’t a cast iron guarantee you will avoid be hacked, but it certainly puts you in a much stronger position.

Let’s take a look at four real life examples of the IoT being hacked.

Unsecured University IoT

Verizon’s Data Breach Digest 2017 report details the example of an unnamed university where the network was flooded with Domain Name Service (DNS) requests for seafood restaurants. Whilst it sounds like a student prank, it was actually an outside attack by hackers which used 5,000 IoT devices such as vending machines and lighting systems. The hack was achieved through a brute force attack which took advantage of weak passwords so that malware could be deployed and bring the university’s network to a standstill.

IoT Cameras Hacked

The popular IoT security camera range – NeoCoolCam – has been found to contain a major security flaw which means that they can easily be hacked from outside the network they’re on. Given the security nature of the devices, these cameras can easily be compromised for unauthorized surveillance or even as a stepping stone to get even deeper into a network. Researchers at Bitdefender have found that all it takes is for the easily accessible login screen to be manipulated in order to take control of any of the 100,000+ cameras currently in use.

The Mirai Botnet

Poor password management is one of the biggest flaws in data security and the Mirai botnet certainly takes advantage of this. A piece of malware which infects network devices running on Linux, Mirai instructs these devices to constantly search the internet for vulnerable IoT devices. The fatal flaw contained within these IoT devices is that their factory set default username and passwords have not been changed. As Mirai is loaded with a list of these default details, it’s able to quickly take control of these devices and Mirai was even involved with an attack on Liberia’s internet infrastructure.

Hacking a Jeep

Perhaps the most disturbing and dangerous example of IoT devices being hacked is the case of a Jeep Cherokee 4×4 vehicle being compromised. Security researchers Charlie Miller and Chris Valasek were able to identify a zero day exploit which allowed them to send instructions to the vehicle through its entertainment system. Not only did this provide them with the opportunity to remotely change the in-car temperature, they could also influence the vehicle’s steering and braking systems. All it required was knowledge of the individual vehicle’s IP address to take control.

All four of these examples demonstrate just how far behind that IoT device manufacturers are when it comes to the security of their devices. Naturally, the manufacturers have a lot to do to ensure that their devices are safe from the moment they’re installed, but the owners of these devices also need to be mindful of good password practices.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Importance of a Business IT Continuity Plan

IT Continuity, IT Plan, Security, Services, , , , ,
07
Nov 2017

 

PDCA_Cycle.svg

A backup plan for your IT system in the case of a sudden disaster is crucial to ensure your business continues operating whilst that disaster is rectified.

Many businesses, however, don’t have a contingency plan in place that will allow their IT operations to continue in the case of an emergency. And this lack of preparation can lead to your business having to cease operations and, therefore, hit you hard financially. Naturally, no one can forecast an emergency or a disaster, so it’s important to get something established sooner rather than later.

To understand, in a little more detail, why a business IT continuity plan is so important, we’re going to take a closer look at what it can bring to your business and how to implement it.

The Main Benefits of Business IT Continuity

Say, for example, your business suffers a huge malware attack, this could seriously compromise all the PCs on your network and render them redundant. And how are you going to process orders or bring up customer records then? Exactly – you aren’t! However, with an IT continuity plan in place, you can put this into action whilst your IT team work at eradicating the malware attack – this allows you to continue serving your customers and helps your organization minimize the downtime.

It’s also quite possible that your business premises could be put out of action due to disasters such as fire or even natural disasters which could visit in the form of hurricanes. With your office, for example, out of bounds, it could appear that there’s no option but to down tools. If, though, you’ve planned for occasions such as this, you could execute remote working accessibility for your staff to work from home or alternate premises. Again, this helps to keep your organization afloat and operating.

IT Services are aligned to the customers needs. Dynamic Lifecycle approach to service. Interconnections between processes. Quality of Service. Reduced cost to serve because of use of standard process. ITIL is NOT… A methodology. A complete set of predefined low level processes – only the framework with which to build them.

Creating an Effective Plan

A good business IT continuity plan is one which has been carefully planned and designed by a team which incorporates all areas of your business. Whilst it may seem sensible to have an IT bias towards leading the project, they won’t necessarily understand which data and which applications are most important for different departments. And this is why we would always recommend a team comprising of individuals who can cover all aspects of the business’ needs.

Once this team is in place, you’ll find that the prioritization of IT resources allows you to get a better understanding of what’s required from your business IT continuity plan. Naturally, these plans are never perfect as they’re relying on a situation which hasn’t happened yet. Therefore, to get the best out of your IT continuity plans you need to put them in to practice to discover how effective they are for keeping your organization in business.

As we pointed out earlier, no one can predict when your business is going to be hit by a disaster be it through hacking, natural disasters or even just plain old equipment malfunction. However, what we can predict is that a business IT continuity plan is going to minimize the impact of such a disaster on your business and should be a prerequisite of any forward thinking organization.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

US Banks Targeted by Trickbot Malware

Cyber Attack, Hacking, malware, Security, trickbot, ,
03
Oct 2017

Necurs

Personal financial information is always highly private, so if this is compromised it’s a real invasion of privacy. Sadly, US banks are now under attack from malware.

Driven by the infamous Necurs hacking botnet, Trickbot is a form of malware that is currently carrying out sustained spam campaigns against US banks. It’s a cyber-attack which has been targeting financial organizations for around a year now, but it’s only recently that these attacks have been focusing on US banks.

Now, the majority of adults in the US use online banking services, so this is the kind of attack which needs to be brought to the attention of the masses. And, not only is there a security lesson for consumers to be found within this attack, but there’s also plenty for organizations to learn about good security practices.

TRICKBOT-BSS-IMAGE-

Tricky Trickbot

Trickbot utilizes, as its name suggests, trickery to achieve its nefarious needs and, in particular, it embraces a redirection scheme. Usually, when you’re transferred from one webpage to another then you can clearly see that the URL changes in your browser to demonstrate where you’re heading to. However, when being redirected by malware, the victim is first sent to an alternate website on a completely different server. As a live connection is kept with the intended website – in this instance an online banking service – this remains displayed with the user’s browser.

And lurking on these alternate websites is the malware’s malicious payload. In the case of Trickbot, these websites use webinjection to infect the victims with JavaScript and HTML coding which go on to steal login details and financial coding from affected users. Naturally, with this sort of sensitive data, hackers can go on to cause widespread damage to individuals finances, but how do people fall foul of these malware scams?

According to the security experts at Flashpoint, Trickbot is spreading its reach through the use of huge spam email campaigns. An example of this was seen in a spam email which claimed to be a bill from an Australian telecommunications organization, but actually contained JavaScript code which activated the Trickbot loader and compromised browsers in what is known as a man-in-the-browser attack.

Trickbot, however, is not a new, unique threat and Flashpoint believes that Trickbot is related to the Dyre banking Trojan which was last active in 2015. The build of both Trickbot and Dyre, so it would appear that either source code is being recycled or members of the same team are involved.

2302145_orig

How to Beat Trickbot

The key to beating Trickbot and not falling victim to its trickery is by simply verifying the emails in your inbox. And the most important checks to make are:

  • Do you recognize the sender of the email? If it’s an unusual or unknown sender name then just ignore it and, if it comes complete with an attachment, definitely ignore it.
  • What is the email asking for? Financial organizations, for example, will never email you to request sensitive data or to head online and enter this data into websites.
  • Are there any links in the email? If they have an unusual address you don’t recognize then don’t click on them as they could be sending you anywhere. And, even if the link reads as a genuine URL, this could still be disguising an alternate URL – hover over the link with your mouse to reveal the true direction of the link.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Petya Cyber Attack Goes Global with Ransomware

Cyber Attack, Petya, Ransomware, Security, , , ,
05
Sep 2017

2017_Petya_cyberattack_screenshot

A major cyber attack has swept across the globe and, once again, it’s taken the form of ransomware to shut down computers and demand Bitcoin ransoms.

Known as Petya – the Russian word for stone – has managed to halt operations at a chocolate factory in Australia and even one of Russia’s biggest oil companies, so the scale and sophistication of its attack is clear to see. Following the recent WannaCry ransomware attack, Petya has made headlines in a security landscape where safety appears to be far from guaranteed.

As this is such a widespread attack – and the fact that new ransomware attacks are appearing weekly – it seems like the perfect time to look at Petya and reinforce what you can do to protect yourself.

The Story behind Petya

Although it’s difficult to confirm, it’s believed that the Petya attack originated in the Ukraine. Reports suggest that the ransomware was spread through the update server for MeDoc which is a popular brand of Ukrainian accounting software. Consumers believed they were simply downloading a new update for their software, but it was actually a powerful slice of malware which then spread like wildfire.

Petya.Random

This latest variant of Petya, however, is even more powerful than its original incarnation. It’s believed that Petya now comes loaded with a tool named LSADump which harvests data and passwords from all the PCs located on that network. Petya also appears to be encrypting every single file on the infected PCs through the master boot record – this helps your PC boot up Windows at startup.

Most disturbingly, though, it’s being reported that Petya may not even be ransomware and may, instead, simply wipe everything from a PC with no chance of recovery. While the thought of having to pay a small ransom to retrieve data is troubling enough, the idea that your data may never be retrieved brings a whole new level of concern to Petya.

Defending Against Petya

Regardless of whether Petya encrypts or destroys files, it remains a highly sophisticated strain of malware that no PC user wants to find on their system. Kaspersky and Symantec have assured consumers that their anti-virus software will actively identify and protect against Petya, but for many users this may be too late.

cyber-security-2296269_960_720

Unfortunately, despite the spate of attacks taking advantage of Windows vulnerabilities, many PC users are still incredibly lax when it comes to installing security updates and patches. The main reason for this procrastination is an issue of time, but what’s five to ten minutes of installing updates and rebooting compared to having all the files on your entire network encrypted or even deleted?

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Malware Upgrades to 64-Bit

hardware, Office IT
29
Aug 2017

64-bannellr1-600x330 (1)

Modern operating systems run on 64-bit systems, but they’re still capable of running 32-bit code and this is what hackers have always coded in. Until now.

Guy Propper – security expert at Deep Instinct – has revealed that whilst malware coded in 32-bit code is still as popular as ever, there’s been an increase in the number of 64-bit variants. This is somewhat of a game changer in terms of the cyber security landscape due to the unchartered territory that 64-bit malware operates in.

You’re probably well aware that out-dated legacy systems can provide an unsecured route into your systems, but you would think that a new, up to date system would provide you with a secure defense. Unfortunately, as 64-bit malware is so new, the amount of available knowledge on combatting it is scarce, so it’s a very real threat to contemporary computing.

And that’s why you need to learn the ins and outs of this new threat before your systems fall victim.

32-Bit vs 64-Bit Systems

32-bit-vs-64-bit-main_thumb800

Windows 95 ushered in the era of 32-bit systems and this allowed applications to use up to 4GB of memory to complete their tasks. That was more than enough for applications of the time but, as applications have become more and more advanced, they can now demand more than 4GB of memory. And this is where 64-bit systems come in due to their ability to allocate huge areas of memory over to applications.

The Threat of 64-Bit Malware

It’s only recently that 64-bit systems have begun outselling 32-bit systems, so they’re finally becoming the dominant system; as a result, hackers have started adapting their malware to suit this new frontier. Of note, the ransomware installer Zeus and the computer virus Shamoon – capable of leaving your PC unable to boot up – have been discovered to have 64-bit partners in crime alongside their 32-bit malware code.

The main problem with 64-bit malware is that it’s more difficult to detect than 32-bit malware and this is because most antivirus signatures only search for 32-bit malware. This means that they’re looking for specific pieces of code and system activity, but these are not associated with the 64-bit malware variants as they constructed in a completely different manner. Therefore, they can remain undetected on your system and remain relatively free to carry out their malicious activities.

How Do You Combat 64-Bit Malware?

how-to-choose-a-network-monitoring-software

As more and more consumers adopt 64-bit systems, there’s going to be an ever increasing number of 64-bit malware variants. Naturally, as time goes by, security experts are going to be able to recognize and defend against such threats in a more efficient manner. Unfortunately, that doesn’t really help people in the here and now.

However, the good news is that 64-bit malware is transmitted and executed in much the same as 32-bit malware. And this means that the traditional methods for combatting malware are just as effective, so make sure that you’re actively doing the following:

  • Treat all suspicious email attachments as exactly that – suspicious! If there’s even the slightest doubt about an email then don’t open any attachments, get it checked out by your IT team.
  • You should already be monitoring the network activity of your applications to identify any unusual behavior, but it’s worth setting up a separate monitor to keep a check on 64-bit applications. This may be the only way, at present, that you can identify an infection
  • Finally, educate your staff on the dangers of malware. This can take place during IT induction processes, but also regular refresher courses to keep the information fresh and relevant in your employees’ minds.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 20 21 22 23 24 29