Hackers Will Target Small Business Through the Internet of Things in 2018, New Report Says

A new report finds hackers are poised to target small businesses that use Internet of Things (IoT) technology to gain access to data from larger global firms in 2018. The  2018 Cybersecurity Predictions by Aon’s Cyber Solutions predicts a small business Internet of Things (IoT) breach will create a domino effect that damages a larger company.

2018 Cybersecurity Predictions

The report also found that while  55 percent of small businesses were breached between 2015 and 2016,  only a small minority see cybersecurity as a critical issue. This is despite the fact that the overall money spent on cybersecurity in 2017 was $86.4 billion, an increase of 7 percent over 2016.

New Threat

The Internet of Things (IoT) is at heart of this new threat.  It’s loosely defined as all software enabled devices we use (from appliances to smartphone sand computers) that can exchange data.

Criminals hijacked hundreds of thousands of Internet of Things (IoT) devices worldwide in 2017. They’ve even fine tuned  social engineering and spear-phishing tactics according to the report.

Jason J. Hogg, CEO of Aon Cyber Solutions explains the looming threat as small businesses use this technology.

“IoT is notoriously unsecured: manufacturers often lack necessary security expertise, constant product innovation creates vulnerabilities, and companies frequently overlook proper patch management programs. Hackers exploit this reality, targeting IoT as a pivot point to enter systems and take control of physical operations.”

Botnets

The report found that hackers favored botnets like “Hajime” and “IoT_reaper” last year. The growing trend caused concerns about DDoS attacks and other issues. DDoS attacks occur when hackers flood servers with bogus data and websites and networks get shut down.

High Cost

Any attack can really harm a small businesses’ operations as well as a larger organization.  There’s always a high cost to having your business shut down for any amount of time. What’s more, there’s lasting reputational damage because these smaller firms are working more and more with big organizations that have a large reach.

Hogg also says there are some other reasons why small businesses are ripe for this new Internet of Things (IoT) cybersecurity threat.

“Small businesses, lacking resources and/or awareness to effectively secure their systems, are particularly vulnerable to cyber attacks on IoT,” he says. “The breach will serve as a wake-up call for small and midsized businesses to implement better security measures so as not to risk losing business.”

Passwords

The report also predicts passwords will continue to be hacked. Multifactor authentication will become critical as hackers learn to get around biometrics.  Larger businesses will adopt standalone cyber insurance policies and chief risk officers will play a larger role.

The report also sees the spotlight on regulation strengthening and widening as calls for a harmonized approach to cyber security get more intense.  It points to the EU’s attempt to set  a universal standard for consumer data privacy and Global Data Protection Regulation (GDPR), that oversees companies collecting data from EU citizens.

Criminals will also target transactions that use points as currency like retailers who use rewards, gift and loyalty programs.  The use of cryptocurrencies will encourage an increase in ransomware attacks in 2018 like the WannaCry ransomware that affected 200,000 computers in 150 countries in 2017.

Source: https://smallbiztrends.com/2018/01/2018-cybersecurity-predictions.html

Stay vigilant — cyber threats not over yet

Local companies should remain alert and continue to constantly update their cyber security measures as more “innovative” hacking activities are expected this year.

LGMS Services Sdn Bhd CEO Fong Choong Fook said the public and local corporations should be vigilant, as new variants of ransomware could penetrate Malaysia, resulting in various attacks as ransomware services are becoming easier to be accessed.

“Users should always stay updated with system and anti-virus developments, as well as avoid downloading or installing pirated softwares,” he said.

As hacking of Internet of Things devices are also expected to increase, the cyber security analyst urged industry players to perform regular risk assessments to evaluate their risks of cyber threats.

“They should also perform penetration testing in a proactive way and fix any loopholes before hackers take advantage of it,” he said.

Preemptive measures are vital, Fong said, as hackers are more innovative and creative in upgrading their skills and knowledge each day.

In retrospect, Fong said 2017 was the year where Malaysians were “awakened” by the threats of cyber attacks, beginning with a ransomware pandemic of WannaCry in May.

Malaysia has also faced the highly coordinated Distributed Denial of Service (DDoS) attack, followed by what was described as the biggest data leak incident in October.

CyberSecurity Malaysia CEO Datuk Dr Amirudin Abdul Wahab (picture) was reported as saying that, as Malaysians are still unaware of the existence of ransomware, they are advised to equip themselves with cyber security knowledge, as well as to use technology prudently and ethically.

In the incident, over 200,000 systems from 150 countries all over the world were hit by hackers charging US$300 (RM1,221) for their files to be decrypted.

On DDoS attack, it was reported that three linked stock brokerages and one bank were involved in the incident.

In order to ensure the success of DDoS attacks, hackers just need to leverage on computer connections and flood any targeted system with high traffic, or sending information that triggers a crash to the victim’s system.

The attack is capable to shut down a machine or network, causing the user to be blocked from accessing it.

“Company should subscribe cloud traffic scrubbing services such as ‘Cloudflare’, as well as having alternative Internet line on standby (as back up, should the attack happen),” Fong said.

He said the incident should be treated as a learning curve to the public and industry.

“We will learn to be wiser and become more proactive to prepare ourselves for volumetric DDoS attacks,” he said.

On the case of data leaks, Fong said the silver lining of it would be that the consumers have begun to realise the importance of data protection.

“The public are now starting to question the data custodians’ accountability on data privacy, which can be considered as a positive note of the entire data leak chaos,” he noted.

Source: https://themalaysianreserve.com/2018/01/04/stay-vigilant-cyber-threats-not-yet/

Be Sure To Ask Tough Questions Of Your DDoS Mitigation Solution

Every time I read another report about distributed denial of service (DDoS), I find myself either cringing or smiling. That’s the easiest way to boil down my reactions. Much in the same vein of “each data breach cost one bajillion dollars!” while making my best Dr. Evil face. The scoring, or the methodology used, in general usually causes me to pause if it isn’t immediately clear how the scores were arrived upon. Then there are reports where the ledes can get buried. The juicy pieces that might not seem immediately clear.

Last week the Forrester research team released their Forrester Wave report as it pertained to DDoS Mitigation Solutions. It made for an interesting read. Kudos to all of the companies that scored well in the report. Naturally, each company released their respective “we’re number one” press releases, my own company included. It makes perfect sense that they would all do this as they all have that to be proud of. Beyond that, what jumped out me as I read the report was that 1) appliances don’t scale, 2) the ability to react and respond is paramount and 3) the ability to scale is key.

I was at a conference earlier this year where I had some time to walk the vendor floor. There were two prevalent themes that I took away from this stroll. There were dozens of ransomware protection related startups that were vying for customers attention. But, more relevant to my interests was the swath of ‘DDoS mitigation’ companies that were there. One in particular, who was not on the Wave report, trumpeted that they could afford their customers 1.5 GB of protection from DDoS attacks…with their appliance.

Let that soak in for a moment. This was a company that was using the idea of holding up gauze in front of a semi-truck and hoping it would offer some sort of protection (Hat tip to the late great Robin Williams). When we take into account that there have been documented DDoS attacks in excess of 600 Gbps this seems cold comfort.

A couple years ago I was speaking with a customer that had an appliance-based solution in place. I asked them how they would deal with an attack that exceeded their stated capacity and the response was “we’d buy more boxes.” This ranks right up there with having a line in your disaster recovery report that says you will go to Best Buy to purchase laptops in the event of a calamity.

The Wave report had this passage, “Akamai received favorable feedback on its ability to detect new attack types while yielding few false positives. Reference customers remarked on the company’s responsiveness, expertise, and ability to immediately stop attacks.” A wonderful endorsement from Akamai’s customers. This is important when you have a company that is service based. You can’t just get a signed P.O., drop the product off, and ride off into the sunset. This happened to me back in the 90s when I deployed a security system and I made the naive inquiry as to how we could update the software and how often the updates would be made available. This was met with a slack jawed look from the sales representative. You need to live in the shoes of your customer.

As a customer, you need to be an advocate for your company. You need to be able to ask the tough questions. How will the product scale? How are updates handled? What sort of bench strength does your company have to support my organization? Does the vendor have an acceptable use policy? You don’t want to have the uncomfortable realization that you might be sharing a platform or service with criminal hackers.

A DDoS mitigation solution should be a partner. This isn’t a line item on a budgeting spreadsheet after staplers and coffee creamer. No matter what sort of industry report you might be reading be sure to peel back the layers. You need to advocate for your company and ensure you are getting the best of breed service and support – and are not playing the catcher position on the javelin team!

Source: https://www.forbes.com/sites/davelewis/2017/12/11/be-sure-to-ask-tough-questions-of-your-ddos-mitigation-solution/#377ee5d13f53

Christmas revenues at risk from DDoS and POS-vulnerabilities

An increase in attacks where DDoS and POS systems were the main vectors is making the situation even worse.

According to the Kaspersky Lab IT Security Economics Report, over 77 per cent of companies have suffered from some kind of attack during the last 12 months. An increase in attacks where DDoS and POS systems were the main vectors is making the situation even worse – especially during the Christmas sale season, when there are more shoppers in store than usual, and the boost in sales is making retailer revenues an attractive target for cybercriminals.

The research shows that over the past year there has been an explosion (up to 16 per cent) in both attacks involving DDoS attacks, and attacks in which vulnerabilities in point-of- sale systems (POS-terminals) have been used. These figures indicate that whatever heists cybercriminals are planning this season, they are likely to start with, or include, DDoS or the exploitation of vulnerabilities in retailer POS systems.

In particular, 2017 has seen a series of high-profile cybersecurity breaches reported in the payment systems of major brands: from Chipotle to Hyatt Hotels and recently, Forever 21. Kaspersky Lab also registered a considerable increase and geographic spread in botnet DDoS attacks in the third quarter of 2017, with targets in 98 countries (compared to 82 in Q2), according to the latest DDoS Intelligence Report.

This situation is going to be extremely relevant to retail and e-commerce organizations during the intense period of sales around Christmas. As shoppers look to bag their bargains, retailers can expect increased revenues. This in turn makes retailers a lucrative prize, if cybercriminals can stage successful DDoS attacks against them for a ransom, or for dirty competition, use POS systems as an entry point for targeted attacks, or steal customer credentials and money.

“Given this year’s apparent increase in these types of attacks, we recommend businesses – retailers in particular – to stay alert during the Christmas season, when there are more risks of cybercriminals cashing-out, through the exploitation of payment systems or attacks that use DDoS. These can involve cybercriminals demanding a ransom, or simply preventing an organization from trading, making them lose income and clients as a result. But apart from the obvious risks, this is also a good opportunity for businesses to think about their protection in general, by developing their cybersecurity culture and investing in the right technologies.” – said Alessio Aceti, Head of Enterprise Business Division, Kaspersky Lab.

To avoid ruining their revenues in the upcoming high sales season, retailers and e-commerce organizations can protect themselves with a range of solutions dedicated to meeting their specific requirements. Kaspersky Lab strongly recommends that retailers:

– Keep e-commerce platforms up-to- date because every new update may contain critical patches to make the system less vulnerable to cybercriminals.

– If possible, make sure that the POS terminals in use run the latest version of software and change the default passwords.

– Use a tailored security solution, like Kaspersky Embedded Systems Security, to protect point of sales terminals from malware attacks.

– Prepare for DDoS attacks by choosing a reliable service provider that is a cybersecurity expert and can protect against powerful and sophisticated DDoS attacks. This is not always possible using in-house resources or Internet providers. To learn about the specialist Kaspersky DDoS Protection offering for SMBs and enterprises, please visit our website.

– Educate customers about the possible cyberthreats they may encounter while shopping online and offline, as well as steps about how to minimize the risks.

Source: http://www.deccanchronicle.com/technology/in-other-news/071217/christmas-revenues-at-risk-from-ddos-and-pos-vulnerabilities.html

Increased dark web interest in hacking the leisure and gaming industries.

Given the volumes of cash swashing around, it’s no surprise that leisure and gaming industries have become a target for cyber-crime; new reports suggest there is growing interest on the Dark Web in attacks on the gaming industry.

Given the volumes of cash swashing around, it’s not a surprise that leisure and gaming industries have become a particular target for cyber-crime and a new report suggests there is growing interest on the Dark Web when it comes to attacks on the gaming industry.

The extent and methods used are described by security provider IntSights in its Gaming and Leisure Cyber Security Benchmarking Report, which outlines the results of a six-month research project anonymously searching the clear and dark webs for threat intelligence on 30 leading gambling resorts.

Attacks include the usual DDoS and phishing, to sector specific hacks on slot machines and casino chips.

Threats from the Dark Web over the last six months specifically targeting the gaming and leisure sector  have included 19 DDoS attacks on resorts, 29 on gambling affiliates, 30 on free coins generators, 52 validates’ accounts for sale, 55 casino chips for sale, 61 scam guides on gambling resorts, 63 POS hacking tools, 69 VPN scams, 70 Stolen CC for cashout, 86 hacking slot machines, 90 hacking tools, 95 hacking tutorials, 141 logins with money balance for sale, 289 cash out methods, 345 carding.

An example of attacks include detailing how a hacker suggests an affiliation partnership to scam gambling companies: “I need someone who is in New Jersey and who wants to help me out and make some money at the same time. Here is the skinny…

I have found a way to use some of the bank logs that I manage to accrue using the personal information I have on various people with both …. poker and ….. I am able to use the instant bank transfer ACH to deposit funds onto my accounts and have two different accounts with pretty large balances in the wallet. Unfortunately, these sites do not let you play if you are not in the state of New Jersey. They are pretty damn good about it too and I have tried a multitude of proxy services and virtual machines to no avail. The only thing left I can think of and have heard from two others that it is successful, is to remote into a computer of someone who lives in New Jersey, and run the client from their computer with my account.

I would need you to get Teamviewer or some other remote access software, and let me remote in and do some gambling. I can then cash out and pay you, or better yet, give you login info of one of my accounts and let you have your own fun. Please let me know if you are interested and available to do this because if it actually does function, we are looking at a fucking GOLDMINE!”

There were some 29 affiliation suggestions for scams found in the past six months.  This includes people using free coin generators and sharing them on hacking forums as a way to access and hack into other accounts and computers. In the past six months 30 free coin generators have been offered. Branded poker chips are being sold on the black market and in the past six months 55 have been offered for sale on the black market.

In its research IntSights conducted scanning via the IntSights cloud infrastructure looking for indicators of compromise such as: Stolen credentials that may be used to infiltrate a company’s systems; Company employees on target lists posted by malicious actors. These lists can be used by the threat actor or others to launch a phishing or spam attack against the company; Dark Web attack indicators that suggest the intentions of malicious actors to hack, scam or damage company assets, employees or customers. Also, where a company’s internal login page has been exposed and can be used by threat actors to infiltrate the company’s network and harvest sensitive data, plus where a suspicious fake or phishing domain has been detected which can be used for malicious activity against a company or
its employees.

Source: https://www.scmagazineuk.com/increased-dark-web-interest-in-hacking-the-leisure-and-gaming-industries/article/711679/

Bitcoin industry enters top 10 DDoS targets

The bitcoin industry has become one of the top 10 industries most targeted by distributed denial of service attacks, a report has revealed

A spike in the number of bitcoin-related sites targeted by distributed denial of service (DDoS) attacks coincided with a spike in the value of the cryptocurrency of $4,672 in the third quarter, according to Imperva’s latest global DDoS report.

The report is based on data from 3,920 network layer and 1,755 application layer DDoS attacks on websites using Imperva Incapsula services between 1 July and 30 September 2017.

The data shows that 73.9% of all bitcoin exchanges and related sites on the Imperva Incapsula service were attacked during the quarter, ahead of the cryptocurrency’s meteoric rise to more than $11,600 in the first week of December.

As a result of the third-quarter spike, the relatively small and young bitcoin industry made it into the top 10 most attacked industries during the three-month period, taking eighth spot above the transport and telecoms sectors.

The most-attacked sector was gambling (34.5%), followed by gaming (14.4%) and internet services (10.8%).

Igal Zeifman, director at Imperva Incapsula, said the large number of attacks on bitcoin exchange sites is a clear example of DDoS attackers following the money.

“As a rule, extortionists and other cyber criminals are commonly drawn to successful online industries, especially emerging ones that are less likely to be well-protected,” he said.

“Specifically for bitcoin, the DDoS attacks we mitigated could also have been attempts to manipulate the price of bitcoin and other cryptocurrency, something we know offenders have tried in the past.”

According to the report, organisations targeted by DDoS campaigns in the third quarter spent an average of 12 hours under attack, half of network layer targets were hit at least twice, and almost 30% were attacked more than 10 times.

Nearly one-third of DDoS targets in the third quarter were attacked 10 or more times, with an interval of at least an hour between assaults.

Hong Kong topped Imperva’s list of the most targeted countries for network layer assaults during the quarter, mainly because of a persistent attack on a local hosting service that was hit hundreds of times in the quarter.

The largest application layer assault targeted a financial services company headquartered in Europe, which was hit multiple times with attacks above 100,000 requests per second.

The quarter also saw high packet rate attacks, in which the packet forwarding rate escalates above 50 million packets per second (Mpps), becomes more common, with 5% of all network layer assaults above 50 Mpps, and the largest attack peaking at 238 Mpps.

This is a cause for concern, the report said, because many mitigation systems are ill-equipped to process packets at such a high rate.

In November 2017, Harshil Parikh, director of security at software-as-a-service platform firm Medallia, told the IsacaCSX Europe 2017 conference in London that any business dependent on the internet should use tried and tested ways of detecting and mitigating DDoS.

He said it is important that such organisations take time and effort to build their DDoS defence capabilities because DDoS attacks are fairly easy and cheap for attackers to carry out.

“With the advent of botnet-based DDoS attack services that will be effective against most companies, anyone can target an organisation for just a few bitcoins,” said Parikh.

source: http://www.computerweekly.com/news/450431318/Bitcoin-industry-enters-top-10-DDoS-targets

3 Key Questions You Should Be Aware Of When Fighting Off Cyber Crime

Fighting cyber crime is an ongoing task that has only been getting harder and harder to accomplish. DDoS attacks against networks have been getting larger and more complex so it is important to know the right questions to ask when one such attack happens. Of course there are obvious questions like ‘Who is doing the attack?’ ‘How are they doing it?’ ‘Why are they doing it?’ and ‘Where from is the attack coming?’ but here are three other questions you need to have at the front of your mind when preparing for a  cyber-attack.     

1. How Do You Protect Your Networks & Applications Against Modern, Sophisticated DDoS Attacks?

According to a recent report, DDoS attacks of greater than 50Gbps have more than quadrupled and companies experiencing between six and 25 attacks per year has ballooned by more than four times since 2015. Defending against this deluge of DDoS is imperative. To do this you need to make sure to utilise three key weapons, detection, mitigation and analytics, when fighting in this war against modern multi-vector DDoS attacks.

Powerful DDoS detection and mitigation software is a must as an effective one will help to discover encrypted and harmful traffic, then dispose of it. The best way of doing this is by analysing the common traffic trends during peace time and then running those findings to help eliminate anomalous changes. This will prevent any potentially harmful traffic from entering your network.

2. How Do You Eliminate The SSL/TLS Blind Spot?

Recent studies show that roughly 70 percent of all traffic is encrypted. That means if your company is not decrypting and inspecting encrypted traffic, there’s no way of knowing what kind of nefarious files or threats are flowing through unnoticed. It seems what you don’t know really can hurt you!

However, by offloading CPU-intensive SSL decryption and encryption functions from third-party security devices, while ensuring compliance with privacy standards, it is possible to eliminate these blind spots completely. There are some great programs out there that can handle this, just make sure you find one that can decrypt traffic because many do not.

3. How Can You Manage Application Delivery Across Hybrid Clouds & On-Premise?

You’re either already running applications in the cloud, or you plan to in the near future. But the move to the cloud introduces a new set of challenges, one of which is: how do you easily manage your on-premise applications and your cloud applications in a centralised fashion?

Well, the best way is to use a cloud-based controller that can connect to and manage all of your applications. These programs can configure and manage policies for other applications as well as collect performance data and other analytics. Some can even be self-managed and automate the set-up process of new applications you install, improving efficiency and saving precious time.

Those are just three of the questions to be had about cyber-security in the workplace. No doubt there will be many more. Thankfully many of these fixes can be implemented almost immediately with very little assembly required. So if you are worried about how secure your network really is then just answer these three questions. Ask them to your IT team and see if they can give you an answer. It is important that everyone knows what to do so that you can keep your network safe from any kind of nefarious attacker.

Source: http://www.businesscomputingworld.co.uk/3-key-questions-you-should-be-aware-of-when-fighting-off-cyber-crime/

DDoS attacks increasing once again

Major cyber assaults are seeing on the rise again, Kaspersky Lab report claims.

DDoS attacks are on the rise again as criminals turn to brute force attacks once more, new research has claimed.

The latest DDoS Intelligence report from Kaspersky Lab, covering the third quarter of 2017, says there has been an increase in the number of countries where resources have been targeted.

The number of attacks against gaming and new financial services has also grown.

Kaspersky Lab says resources in 98 countries were DDoSed this quarter, up from 86 the quarter before. Looking at the top ten countries in terms of number of targets, Russia is up from seventh to fourth place, while France and Germany pushed Australia and Italy out of the list.

The top 10 most popular host countries for botnet command servers include Italy and the UK, moving Canada and Germany out of the picture.

The share of Linux botnets is growing, and they are now accounting for 70 per cent of all attacks in Q3, up from 51 per cent in Q2.

The report also says cybercriminals are moving to more sophisticated attacks. It gives an example of the WireX botnet that spread via legitimate Android apps, or the Pulse Wave tech that increases the power of DDoS attacks through vulnearibilities in hybrid and cloud tech.

Kaspersky has also observed an increase in variety of targets.

“Entertainment and financial services – businesses that are critically dependent on their continuous availability to users – have always been a favourite target for DDoS attacks. For them, the downtime caused by an attack can result not only in significant financial losses but also reputational risks that could result in an exodus of customers to competitors,” says Kirill Ilganaev, Head of Kaspersky DDoS Protection at Kaspersky Lab.

“It’s not surprising that gaming services with multi-million turnovers attract the attention of criminals and that new types of financial sites have come under attack. What is surprising, however, is that many companies still don’t pay enough attention to professional protection against DDoS attacks. The recommended approach for these companies is to delegate protection from DDoS attacks to a reliable supplier with deep knowledge of cyberthreats and the methods of combating them, and to reassign the IT resources that are freed up to the development of the business.”

Source: https://www.itproportal.com/news/ddos-attacks-increasing-once-again/

From botnets to ransoms – the rapid rise of IoT attacks

Paul Lipman, CEO of consumer cyber security company BullGuard, believes the Reaper botnet is just the beginning of IoT-based attacks. With a near 400 million vulnerable smart devices* the situation will get much worse before it gets better.

The Mirai botnet was the start. Reaper nudges things along with a significant step up in hacking techniques, but Internet of Things (IoT) hacks are going to get worse. This is only the beginning.

Mirai enslaved over an estimated two million IoT devices while Reaper is believed to have a million plus devices in tow with just as many queuing up to become part of the botnet.

The difference between the two signals an evolution of IoT hacks but also how these attacks are going to become more deadly and dangerous.

Mirai used a table of more than 60 common factory default usernames and passwords to enslave millions of internet connected cameras, routers and other devices.

Advanced hacking techniques

Reaper is much more advanced in its techniques. It quietly targets and exploits known vulnerabilities to inject malicious code and hijack the device. Each time a device is infected, it spreads the malware to other vulnerable devices just like a worm.

From a historical perspective, cyber-attacks on traditional IT systems have followed a clear pattern. IoT hacks are following suit but with much more serious implications.

Just under 20 years ago, worms and viruses to one side, wide scale cyber-attacks tended to be characterised by distributed denial of service (DDoS) attacks launched from botnets and aimed at specific targets.

Mayhem and mischief

Around the year 2000, many businesses, financial institutions and government agencies were brought down as hackers flexed their coding muscles, either black mailed businesses or simply caused mayhem and mischief. One DDoS attack in particular was aimed at 13 of the internet’s root domain name service (DNS) servers.

Cyber miscreants then discovered the lucrative opportunities available from stealing personal or financial information, ranging from credit card numbers and bank account details to medical records and sensitive company data. Today, we have a thriving cyber underground trading in all manner of stolen information.

And over the last few years there has been a notable and steadily building trend towards attacking power stations and water treatment plants, or in other words, different types of critical national infrastructure.

Of course these stages of cyber-attacks are not sharply delineated, for instance there has been resurgence in DDoS attacks and ransomware is the number one choice of malware for cyber crooks today.

Enormous target for cyber villains

Today, according to most estimates there are something like two billion PCs in the world and a similar number of smartphones. This is nothing compared to IoT.

Gartner predicts over 20 billion IoT devices in play by 2020 and this is a conservative estimate. Some claim 50 billion. What a massive target for cyber miscreants of all shades.

And be sure these attacks are coming. Mirai signalled the onset with its attack on the Dyn domain name system service which took down a raft of online services such as Twitter, Netflix and Facebook.

For many people this was perhaps little more than an irritant but not for Dyn. It lost an estimated 8 per cent of business in the aftermath of the attack, something like 14,500 web domains that went west at rapid speed.

And we’ve already seen an endless stream of mischievous hacks on heating and lighting systems, baby cams and other assorted ‘smart’ connected devices, illustrating just how vulnerable many IoT devices are.

378 million vulnerable devices

According to our research at BullGuard some 378 million IoT devices are vulnerable to hacking. This figure is based on the percentage of vulnerable devices discovered when using our IoT scanner which identifies easily hacked devices.

Reaper is arming and it could be capable of creating significantly more DDoS traffic than Mirai. But as yet no one knows what it’s for or who is behind it. In this sense it’s similar to another IoT botnet first discovered late last year. Dubbed the mysterious Hajime botnet it consisted of 300,000 devices but to date has never been utilised.

But what is being done about IoT security? It’s not impossible that Reaper and Hajime have been created by some kind of anonymous white hat vigilantes who understand that IoT security is often so appallingly lacking it needs to be addressed by unconventional means.

Gone to sleep?

That said it seems that in some senses the security industry has gone to sleep. Of course, there is lots of talk and plenty of warnings, all of which are valid. But what is happening on the ground?

We’re doing our bit in the consumer space with a platform that incorporates machine learning, artificial intelligence and cloud-based security to provide a user friendly device that locks down home networks, identifies and stops attacks and flags up potential points of entry.

Consumer protection is important given the number of smart devices making their way into homes but just as pressing are safeguards in industry and important infrastructure?

Aging control systems

IoT is now found in numerous networks including industrial control systems, building management systems, hospitals, traffic management, urban infrastructure, power systems and telecoms infrastructure. And there are serious issues that will be exploited if not addressed.

Many industrial control systems were designed to work independently on closed networks, so they were installed without secure defences against cyberattack. IoT systems, comprising networks of sensors often overlay and connect with these control system networks.

For instance in a classic example of using IoT to leverage the value of connectivity, power companies are hooking up systems to the web and improving efficiency by letting data flow freely between back end systems and the remote substations.

The burgeoning use of smart meters is also amplifying the issue. Connected to grids over the internet they create a spider’s web of network connectivity with each connection a potential point of entry for smart hackers to work their way through to the actual control systems.

Too little, too late

Advertisement

And this is being replicated across many areas of civic and industrial infrastructure. Added to this is the tendency to rely on wireless sensor networks which only increases the risks.

Government, which could have a more involved regulatory role in enforcing minimum security standards appears to be standing back, leaving it to the security industry and vendors to hammer out policies and standards.

But such is the rapid rate of IoT adoption it may be too little too late. It took almost 20 years for cyber-attacks to evolve from large scale DDoS attacks to today’s situation in which critical national infrastructure is persistently and cleverly being probed for weaknesses.

However, with IoT the time difference between IoT-powered DDoS attacks and critical national infrastructure attacks is negligible. How long before we see ransom IoT attacks in which organisations are held hostage? It won’t be that long.

Source: https://www.itproportal.com/features/from-botnets-to-ransoms-the-rapid-rise-of-iot-attacks/

Anonymous Attacks Spanish Government Sites

Hacktivist group Anonymous has been firing up its DDoS cannon again, this time aiming it at Spanish government websites, in support of Catalan independence.

The group claimed to have taken offline the website of the constitutional court, which ruled the Catalonian referendum illegal last week.

It also defaced the website of the Spanish Ministry of Public Works and Transport with a “Free Catalonia” message.

A statement from the group had the following:

“In the name of all the Catalan independence and democracy, Anonymous Catalonia asks all the Anons of the world who are in favour of the freedom of expression […] and peaceful dialogue to persist in the #FreeCatalonia operation until 29 October 2017.”

Various accounts associated with the disparate group have been tweeting messages with #opCatalunya and #FreeCatalonia, claiming “big attacks are coming”, although the government sites in question appear to be back to normal now.

“We wish to state that the Catalan people’s desire to express their will via a referendum is the majority view and cuts across all strata of society and is in keeping with the civic, peaceful and democratic determination expressed in the multitudinous demonstrations held by organised society in favour of its right to decide,” noted another Anonymous branded video.

Stephanie Weagle, VP at Corero Network Security, argued that DDoS attacks continue to function as an effective disrupter of businesses and in some cases help to distract IT teams while information is stolen.

“In order to effectively protect their networks, prevent disruptions to customer operations, and better protect against service outages, downtime and potential data theft, companies need real-time visibility and mitigation of all DDoS attack traffic targeting their networks, regardless of size or duration,” she added.

“Traditional security infrastructure will not stand up to these service interrupting attacks—a dedicated layer of DDoS mitigation is required to eliminate the DDoS threat.

Source: https://www.infosecurity-magazine.com/news/anonymous-attacks-spanish/