Cyber Attacks – What Happened In 2017 and What’s In Store For Us This Year?

Cyberattacks

 

2017 was quite a year for cyber attacks. According to Hackmageddon.com, every month saw dozens of serious cyber attacks affecting the personal information of billions of internet users worldwide.

Shocked? We were too.

We were too.

BullGuard outlined some of the biggest ones in a recent blog post.

WannaCry

The WannaCry ransomware spread through 150 countries affecting more than 300,000 computers including the UK’s National Health Service, FedEx, rail stations, universities, car manufacturers and a national telco.

It spread rapidly because of a worm-like component expedited by a large number of organisations using unpatched XP operating systems.

It was considered among the worst breaches of all time because of the amount of sensitive information that was taken.

Yahoo

Yahoo dropped a bombshell in August 2017 announcing that every one of its three billion accounts was hacked in 2013.

This was three times what was first thought to be the case. According to the former Yahoo CEO Marissa Mayer, the company only found out about the breach in 2016 when it reported that 1 billion accounts were hacked.

The company still doesn’t know who was responsible.

National Security Agency

The National Security Agency (NSA) is responsible for spying on other countries and mass surveillance of its citizens.

As you would expect, it has an arsenal of cyber tools for hacking into foreign banks, infrastructure, government departments, etc. However, a group of hackers called Shadow Brokers leaked a suite of hacking tools widely believed to belong to the NSA, which were then used in some of the year’s most significant global cyber attacks, including Wanna Cry.

How embarrassing!

Uber

Back in 2016, hackers stole the data of 57 million Uber customers. The company paid the hackers $100,000 to cover it up. The breach was only made public in November 2017 by the new Uber CEO Dara Khosrowshahi.

It also turns out that Uber was also playing on the other side of the fence too. A former member of Uber’s security team recently revealed details about a secretive unit within Uber dedicated to stealing trade secrets, spying on competitors, using self-destructing messages and dodging government regulators.

What can we expect in 2018?

It doesn’t take a rocket scientist to work out that a prime target of the hackers is going to be the Internet of Things.

Smart devices face the same cybersecurity challenges as your desktop PC, laptop and smartphone. The only difference being that smart devices are attached to real things in the real world.

As BullGuard reports:

“When someone hacks a PC, personal data is at risk. But when someone hacks a robotic manufacturing arm that entire manufacturing line is at risk, if someone hacks a medical monitor a patient is at risk, if some hacks a smart lighting system that smart home is at risk.”

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: BullGuard

Smart Protection: Security of Things

Internet of Things

 

It is the age of IoT (the Internet of Things).

More and more IoT devices are being launched, which on the face of it should be a good thing but think again.

The rise of IoT means there are millions of unsecured routers, webcams, IP cameras, baby monitors, etc., out there ready and waiting for a botnet to come along and cause mayhem. This problem will get bigger as smart connected devices become commonplace.

The good news is that security vendors have recognised the need for smart device protection. However, many of these products are reworked versions of existing security suites that are designed to protect computers so not particularly useful.
Effective smart device protection needs a more robust defence. For example, Dojo by BullGuard is a smart home protection technology that features five protective layers, as Forbes magazine said:

[Recently,] personal security company BullGuard announced it had acquired Israel’s Dojo-Labs, [which] has been working on a product that provides security across devices to the Smart and connected home. Some have called this SoT, the Security of Things, the logical next step in the development of IoT; the much better-known Internet of Things.

“In stealth mode since the winter of 2014, the Israeli startup had been early to realise that a smart home will be wide open to hackers because of the proliferation of devices and the huge challenges of ensuring they are secure.”

This security platform uses artificial intelligence and machine learning to provide the most cutting-edge IoT security available today. It’s also incredibly simple to use.

It is hoped that technologies like this will help redress the balance and provide the much-needed protection that smart device users need as the IoT revolution rolls forward.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: BullGuard

2017 Will See More Advanced Cyber Attacks Says Panda Security

Cyber attacks

 

Cyber attacks are getting more sophisticated. Hardly a month goes by without another report such as the one that recently hit the NHS.

Companies are being warned to be more and more vigilant as the cyber criminals find new ways of infecting their increasingly connected worlds.

To look at this further and identify the potential weak spots that could be targeted in 2017 and beyond, Panda Security has ranked the most popular attacks of the year and analysed their evolution.

Cybercrime

Cybercriminals focus their efforts on those attacks which can rake in the most profit, using more effective tactics and professionalising their operations in a way that allows them to make quick and easy money in an efficient manner.

Ransomware

This Trojan Horse will take centre stage with regard to cybersecurity and will cannibalise other more traditional attacks that are based on data theft. The pursuit of profit is the primary motivation of cybercriminals, and ransomware is the simplest and most effective way to achieve this. Some things never change: victims of this hijacking malware will have to decide whether to pay, or not, to recover their data. Of course, paying the ransom does not guarantee the total recovery of stolen data.

Companies

The number of attacks directed at corporations will increase, as these attacks become more and more advanced. Companies are already the prime target of cybercriminals, as their information is more valuable than that of private users.

Internet of Things (IoT)

The next cybersecurity nightmare. The technological revolution has ushered in the complete integration of smaller devices into the grid, which can be converted into entryways into corporate networks.

DDoS Attacks

The final months of 2016 witnessed the most powerful DDoS (Distributed Denial of Service) attacks in history. These attacks were carried out by bot networks that relied on thousands of affected IoT devices (IP cameras, routers, etc.). 2017 will see an increase in this kind of attack, which is typically used to blackmail companies or to harm their business (by blocking web access, online shopping, etc.).

Mobile Phones

Focusing on one single OS makes it easier for cybercriminals to fix a target with maximal dissemination and profitability. Android users will get the worst of it in the next 12 months.

Cyberwar

The precarious situation with regard to international relations can have huge — and serious — consequences in the field of cybersecurity. Governments will want access to still more information (at a time when encryption is becoming more popular), and intelligence agencies will become still more interested in obtaining information that could benefit industry in their countries. A global situation of this kind could hamper data sharing initiatives in the next year.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: Panda Security

Meet Mirai – One of The World’s Biggest Botnets

Mirai

 

Botnets are everywhere, or at least that’s how it appears.

Barely a month goes by without news of yet another malware attack.

In this post, we want to look at one in particular – the Mirai malware.

This little blighter is causing mayhem at the moment. It is so effective and prevalent; this malicious program is infecting a number of internet-connected devices that come under the IoT (Internet of Things) umbrella.

Mirai’s goal is simple: to collect and control enough IoT devices to perform DDoS (Distributed Denial of Service) attacks.

The problem is, defeating the Mirai malware is proving difficult.

It forces infected devices to disclose default Wi-Fi passwords and Service Set Identifier (SSID) codes. This means cyber criminals could both re-infect routers and devices and use an infected device’s SSID for targeted cyber attacks.

It highlights how default passwords are enabling cybercriminals to infect and recruit connected devices for illicit, and disruptive, means.

Most recently, a modified version of Mirai managed to infect about 100,000 TalkTalk customers in the UK, and 900,000 Deutsche Telekom customers in Germany. A BBC report said that many of these infected devices might have given up their default passwords to the attacker. Much of the success of Mirai comes down to its publicly available source code, allowing any cyber criminal to create their version of the malware.

This is just another example of why it’s so important to change default passwords on routers and other IoT devices.

 

 MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

The Internet of Things is Insecure

Internet of Things

Internets of Things (IoT) devices are becoming increasingly commonplace and yet many are widely acknowledged to be insecure.

If that’s the case, why isn’t anything being done about it?

Before you start throwing our your IoT devices it’s worth remembering that they aren’t all insecure. However, many security issues arise during the manufacturing process because the companies that make your IoT devices aren’t security vendors and so end up making fundamental mistakes, such as:

  • Passwords are hard coded into device firmware meaning they can’t be changed
  • Web consoles used to control IoT devices don’t encrypt data
  • Back doors are left open by the manufacturer’s developers when they are creating the software for IoT devices
  • Pre-set default passwords are often very easy to detect and crack such as ‘admin’
  • It’s not easy to apply updates to IoT devices to patch against vulnerabilities
  • Security that does exist is often too complex for average users to manage

If that’s the case why aren’t manufacturers doing anything about it?

Well, there are steps they can take to increase security. These include:

  • Enabling automatic device updates
  • Designing devices with security in mind
  • Providing lifetime support
  • Incorporating best security practice
  • Giving users the option to disable specific functionality such as peer-to-peer communications
  • Incorporating IOT devices into regular security assessments

The reason why they aren’t taking these ostensibly simple steps is that it would mean having to adopt new business models, which would incur additional costs. Most operate on low margins and need to sell lots of devices to be profitable and to adopt the points outlined above would require a lot of investment.

Perhaps the answer is for the government to impose regulations as in other industries. The problem is if a government were to do that it could:

  • Drive manufacturers to operate in rival territories
  • Create conflict with other nations
  • Cause economic conflicts

Above all, it’s seen as an industry issue rather than a government one.

All of this paints a pretty bleak picture, so what can be done?

Change will come down to one thing: large technology companies and organisations coming together to create a working body and set down security standards for IoT devices.

The result will be the adoption of standards, with those companies refusing to comply losing market share. Of course, all of this will take time.

Is there anything you can do now?

If you don’t want to wait for the manufacturers to take action, there is something you can do.

Despite the widespread vulnerabilities of IoT devices, BullGuard is offering consumers the option of protecting their smart devices and home networks with innovative protection.

The Dojo is a smart network device that plugs into a Wi-Fi router and it generates a view of all connected devices on a home network via a device called the Dojo pebble:

  • All internet traffic on the home network is routed via Dojo, allowing it to secure the home network against cyber-attacks and protect the user from privacy breaches.

  • Dojo discovers devices connected to the network, secures them and constantly analyses their network activity.

  • A cloud platform is constantly updated with this behavioural information and with cyber security- related knowledge.

  • When malicious activity or privacy breach is detected, Dojo notifies its owner through a mobile app, and in most cases automatically emits mitigates the risk.

  • The Dojo pebble also provides simple colour -based safety indication using green, orange, and red lights.

IoT devices are here to stay and will continue to dominate our lives. With growing fears about security, BullGuard’s solution will offer you peace of mind.

 MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Soure: BullGuard

Panda Security Warns of More Advanced Cyber Attacks in 2017

Cyber Ransomware

 

Cyber security continues to be a hot topic, and 2017 is unlikely to be any different.

Panda Security has done an interesting piece of work. They have looked at the most popular cyber attacks of last year and analysed their evolution to see what could be in store in 2017.

Here’s what they found.

Cybercrime

Cyber criminals are interested in one thing – finding the attacks that rake in the most profit and exploiting them to the max. Their increasingly effective tactics and professionalisation of their operations is what is allowing them to make quick and easy money in an efficient manner.

Ransomware

As mentioned, profit is the driving force behind cyber crime, which is why ransomware is a firm favourite. It is the simplest and most efficient way to achieve this. Victims of this hijacking malware face a decision; should they pay or not, to recover their data. Of course, it’s important to bear in mind that paying the ransom does not guarantee the total recovery of stolen data.

Companies

Attacks on large corporations are set to increase. The information stored by businesses is far more valuable to cyber criminals than that of private users, so it’s vital that companies remain vigilant.

Internet of Things (IoT)

Greater connectivity is a Godsend for cyber criminals. This technological revolution has led to the complete integration of smaller devices into the grid, which are converted into entryways into corporate networks.

DDoS Attacks

At the end of 2016, we saw the most powerful DDoS (Distributed Denial of Service) attacks in history. Carried out by bot networks, they relied on thousands of affected IoT devices (IP cameras, routers, etc.). This type of attack is likely to increase in 2017, which is typically used to blackmail companies or to harm their business (by blocking web access, online shopping, etc.).

Mobile Phones

Focusing on one single OS makes it easier for cybercriminals to fix a target with maximal dissemination and profitability. Android users will get the worst of it in the next 12 months.

Cyberwar

The precarious situation about international relations can have enormous consequences in the field of cyber security. Governments will want access to more information (at a time when encryption is becoming more popular), and intelligence agencies will become more interested in obtaining information that could benefit industry in their countries. A global situation of this kind could hamper data sharing initiatives in the next year.

If you think this paints a bleak future, you could be right, but only if you fail to take precautions to protect your data. To put your mind at ease, get in touch, and we’ll talk you through your options to make sure you have a trouble free future.

 MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: Panda Security

 

The Future’s Smart – Part 2

Internet of Things

 

Last week we looked at the Internet of Things and how it’s changing our lives, both at home and in our cars.

Now, we’ll take a look at how IoT will impact the buildings in which we work and the wider environment.

Intelligent buildings

When it comes to buildings, much of the IoT technology focuses on energy conservation such as lights and heating that detect our presence and adjust themselves accordingly.

But that said it would also be used in infrastructure maintenance. For instance:

  • Intelligent sensors will detect pressure variation along pipes and communicate this information to avert water leaks
  • Structural health monitoring will be undertaken via analysis of vibrations and material conditions within the structure
  • IoT will also extend to the outside environment such as alerts to let you know about parking spaces as you approach the building
  • Sensor networks will ramp up security by using a combination of audio, video, and vibration detection devices to detect unauthorised entering restricted areas
  • IoT systems will also track the whereabouts of various items in a building through geo-location

Smart cities

What is a smart city?

It’s a broad concept that can include many different things from streetlights and traffic signals managed wirelessly to reduce energy costs, to sensors that monitor water mains for leaks to reduce repair costs.

Other potential possibilities include:

  • Monitoring air quality for high pollution levels, helpful for asthma sufferers
  • Police can use video sensors to manage crowds or spot crimes
  • Sensors can determine when a car park is full triggering messages to direct drivers to other car parking places
  • Public transport systems will be interconnected, enabling different public transports to be coordinated and to provide information in real time
  • Road systems will inform drivers about which route is best at any given time and automatically manage traffic lights to reduce congestion to the minimum taking into account the traffic volume at certain times of the day
  • Smart grids will provide the correct amount of electricity depending on demand so power efficiency will be maximised
  • Citizens will be able to notify local authorities of damage to the urban environment via their smartphones, enabling quicker repairs

It can also be used to turbocharge marketing by tailoring each urban advert to each citizen. Plus, advertising will provide services where people are able to buy, for example, concert tickets via an electronic ad billboard.

It’s not all good news

Bullguard‘s article goes on to issue a warning.

Many smart devices have fundamental security flaws. For instance, in healthcare patient monitoring systems that enable continuous tracking can be hacked providing a route into hospital networks.

There are many examples of smart connected cars being hacked leading to the recall of a huge number of vehicles while botnets based largely on hacked webcams have recently been discovered.

And analysis of data from BullGuard’s free IOT scanner reveals that in the UK alone, millions of households are potentially vulnerable to hacking.

IoT is a new wave of technology that promises to silently revolutionise ways in which we live our lives much like the web and smartphones have done. But if its potential is to be realised, IoT technology must be sufficiently developed to enable safe interconnectivity.

Currently, this is not the case. The reality is that in the commercial rush to market security has not been a priority for IoT device manufacturers.

Furthermore, there is currently no consensus on how to implement security in IoT on the device which leads to patchwork approach to security. Some devices may have easy to crack default passwords, many do, while others may send unencrypted data to other devices.

IoT devices often don’t have enough physical resources to deal with powerful security features and manufacturers don’t care because there’s nobody that can sanction them. There are no official guidelines to follow, users aren’t educated, and there’s too much diversity to fix IoT security overnight. Not many manufacturers will tell you- but it’s a real problem.

As you can see IoT is fraught with problems. If tackled correctly it should revolutionise our lives, but it’s essential that our security isn’t compromised just for the sake of new technology.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

The Future’s Smart – Part 1

Internet of Things

 

Things are changing. The Internet of Things is here.

It wasn’t that long ago that smartphones, the Internet and social media all seemed very futuristic. Now, it’s hard to imagine life without them.

With that in mind, the arrival of connected devices and the Internet of Things (IoT) shouldn’t seem so far fetched.

A recent article published by BullGuard takes a candid look at what the IoT means to our lives and how it will manifest itself in the future.

This post will take a look at its impact on the home and travel; next week we’ll look at its impact on a larger scale and the potential issues surrounding it.

IoT is already taking shape with billions of smart devices becoming part of the globally connected network thanks to embedded connectivity in consumer electronic devices, home appliances and cars.

But this is only the first tranche; predictions vary, but there seems to be a consensus that by 2020 there will be in the region of 20 billion connected devices in place, ranging from home electronics to vehicles, industrial machines, infrastructure such as water and power, and wearables.

Let’s take a look at how IoT is predicted to play out practically across a range of common areas. But first keep in mind that a lot of these IoT devices have already moved from the drawing board into production, and it’s just a matter of time before they become mainstream.

IoT in the home

The home is going to be one of the most visible areas where we will see embedded IoT.

It can be used virtually anywhere, and what follows is a taster of how it could impact (or is already impacting) your life:

  • Smart thermostats will learn about how you use energy in the home allowing you to control appliances from your phone potentially making savings of up to 20% on energy bills
  • Sofas will be touch adjusted for temperature, firmness and angle based on your specifications
  • Personalised TV recommendations using voice commands and fingerprint touch identification
  • Sinks that will be operated by voice commands that adjust water temperatures for specific tasks, save water by tracking usage, with wastewater being recycled for use in the home
  • Ovens will be able to set themselves and monitor temperatures while fridges will includes inventory control and temperature gauges
  • Sound systems will play different music in different rooms depending on the person in the room and also know what volume levels to set
  • Beds will track movement and through integration with a thermostat adjust temperatures for the best sleep
  • Lights will be on timers that dim and get brighter depending on the time of day. You will be able to control the lights through your phone or voice, and the lighting will help you gently wake up in the morning

Smart connected cars

Autonomous self-driving cars are already on their way, although it’s early days. But we already have ‘driver assistance’ technologies that can improve or take over the actual performance of the car, such as systems that automatically park a car in tight spots, autonomously steer the car, brake for obstructions, and speed up and slow-down in traffic jams.

That all sounds quite scary, so a raft of safety technologies will be incorporated including external danger warnings for drivers such as severe weather and hazardous road conditions ahead. There will also be electronic windshields that automatically adjust to shield the sun’s glare.

A prominent feature will be in-car displays that stream messages and news and automatically interrupt when someone calls you, displaying an image of that person.

Concierge features will also alert drivers about the time to leave and arrival time. This same feature will send text message alerts to friends or business associates to let them know your arrival time.

Reading this as I write, it all sounds so far fetched and yet it will probably all happen within a few years.

Our world is changing and we are going to have to adapt and embrace these changes if we are to keep up.

Next week, it’s the turn of our buildings and cities as we explore how IoT will affect them.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.