Tag Archives: IoT

Top 5 Cyber Attacks You Should be Aware for Your Business

Posted on June 10, 2019 | Leave a comment

DSA Technologies works with a wide range of businesses, that face many of the same security challenges over and over. Most of these issues are preventable or can at least be mitigated with the right care and awareness. Here’s what the resident expert Michael Reese at DSA Technologies shared with being the most common problems that you should keep an eye out for.

  1. Phishing Schemes
    Phishing is the crime of deceiving people into sharing sensitive information like passwords and credit card numbers. Nearly all successful cyber-attacks begin with a phishing scheme. These attacks are responsible for over $12 billion losses globally! Usually the attack is delivered in the form of an email and will demand that the victim go to a website and take immediate action. If the user clicks the link, they are sent to a fake website that imitates a real website. From here, they are asked to login. The criminal now has your information to cause more damage.
  2. Cloud Cyber Security Threats
    Cloud computing, or the use of an internet source to store information, has grown significantly. Most people assume that cloud storage is safe, but this isn’t necessarily the case. If your provider offers minimal security your sensitive data could be easily accessible to hackers. The amount of security your cloud server offers is usually in the terms and conditions. These can be muddy waters. Don’t be afraid to talk to an expert on how to navigate these threats.
  3. Ransomware/Malware Ransomware
    is like malware in that they are both criminal software used to take control of your computer and/or your information stored. Ransomware attacks are on the rise. Companies like DSA Technologies can help you build your line of defense through software against this type of attack. It’s estimated that an organization will fall victim to ransomware every 14 seconds in 2019. A single attack could leave you out of business for a week or more. Could you afford to be out of business that long?
  4. IoT (Internet of Things) What I call “Internet of Threats”
    IoT devices include internet enabled devices (i.e. iPhones, Amazon Alexa, Printers). There will be more than 20 billion IoT devices by 2020. How are the increasing amounts of data being secured? In most cases it’s not. There are manufacturers who have no security on their IoT devices, meaning anyone can access them. With so many devices being used, businesses should be aware of the security in place on IoT devices. Each device represents a different access point for attacks. With the rise of internet enabled devices the rise of attacks is inevitable. Ensure that your devices for your business are secure to protect sensitive data.
  5. Single Factor Passwords
    Single factor passwords are when you use a username and a passcode to log in. This is traditional and the method most websites maintain. Unfortunately, most passwords can be cracked in a matter of minutes. A second line of defense can help you and your business protect your data. An added defense line is the use of multi-step or two-step authentication passwords. This means that to log into your account, you can enter your password, but then a second step will require you to enter additional information, like a unique code sent to your cell phone. Having at least two steps make hacking your account more difficult in turn making your data less of an appealing target.

    DSA Technologies’ resident Cyber Security Expert, Michael Reese is there to assist businesses tighten their security.
    Visit DSA Technologies to learn more about how they can assist your business.

Leave a comment

Posted in Cyber Security, Security, Uncategorized

Tagged , , , , , ,

Ring Security Flaw Lets Unauthorized Parties Control Doorbell App

Posted on May 16, 2018 | Leave a comment

 

A security flaw founded in Ring’s video doorbell can let others access camera footage even if homeowners have changed their passwords, according to media sources.

This can happen after a Ring device owner gives access to the Ring app to someone else. If it is given to an ex-partner, for example, after the relationship turned sour, the partner may still monitor the activity outside the front door using the camera, and download the video and control the doorbell from the phone as an administrator.

It doesn’t matter how many times Ring device owners have changed the password, the Ring app will never ask users to sign in again after the password is changed.

Ring was notified of the issue in early January and claimed to have removed users who were no longer authorized. However, in the test carried out by media outlet The Information’s staff, these ex-users could still access the app for several hours.

Jamie Siminoff, CEO of Ring, has acknowledged the issue and responded that kicking users off the platform apparently slows down the Ring app.

After the issue was reported, Ring made another statement, suggesting that Ring customers should never share their usernames or passwords. The company recommended that other family members or partners sign in via Ring’s “Shared Users” feature.

In this way, device owners have control over who has access and can immediately remove users if they want.

“Our team is taking additional steps to further improve the password change experience,” said Ring in a statement.

Ring was acquired by Amazon for US$1 billion at the beginning of this year. Amazon operates in-home delivery service, the Amazon Key, relying on security devices at the front door such as smart doorbells, door locks and security cameras.

Any security flaws like the one found in Ring will make it difficult for the e-commerce giant to convince people that it’s safe for Amazon’s delivery people to enter their houses when nobody’s home.

Please make sure to secure all of your IoT devices as we know most of them are wide open to attacks.

Leave a comment

Posted in Cyber Security, Encryption, Hacking, Security, Technology

Tagged , ,

Real Estate Industry Has A ‘False Sense Of Security’ When It Comes To Cyber Safety

Posted on March 1, 2018 | Leave a comment

Last December, government services in Mecklenburg, North Carolina, ground to a halt. What began as a malicious email attachment sent to a county employee turned into a crippling cyberattack that held 48 of the county’s 500 data servers hostage.

The attack prevented services ranging from intakes at the county jail to processing applications for marriage licenses. Contractors were among those hit the hardest. Unable to schedule inspections or receive approval to pour foundations or complete electrical work, contractors had to put development projects on hold during the multiday recovery process.

The Mecklenburg County attack, and an increasing number of high-profile hacks in the past year, have brought to light a sobering reality: The real estate industry is unprepared for cyberattacks.

“Real estate firms have been generally lucky where they have not experienced the type of breaches that you see in other industry sectors, and that has probably given many people a false sense of security,” Baker Tilly Cybersecurity and IT Risk Senior Manager Mike Cullen said. “As other businesses get better at security, criminals are looking for easy targets. Construction and real estate could be such targets because they have historically not always taken the necessary precautions.”

Cullen works with Baker Tilly clients to lead and execute IT risk assessments, IT process audits and information security assessments, among other cybersecurity initiatives. Historically, real estate companies were at lower risk because they maintained less personal information and intellectual property than financial or healthcare businesses. More recently, attackers have been drawn to the select pool of wealthy investors real estate ventures attract, Cullen said.

Data like personal information, blueprints and schematics, access to building technology systems and financial information can be sold or used to gain a competitive advantage. Money can be skimmed from tenant and vendor accounts or credit cards and extorted directly thanks to ransomware. Last June, property management firm BNP Paribas Real Estate reported a ransomware attack that took down most of its global systems.

The rise of the Internet of Things, which I call Internet of Threats has brought the threat of cyberattacks more directly into tangible property. Building managers have started to embrace more systems that allow them to manage security infrastructure, HVAC, lighting controls and utilities remotely. This gives hackers another point of entry for attacking systems and stealing data, Cullen said.

In the past, building management systems were more proprietary and offline, creating a higher barrier to entry for hackers. Newer building systems are more standardized, using software obtained from vendors. These programs, like all software, come with vulnerabilities that hackers can exploit. Many companies may also have insufficient password protection or outdated antivirus programs that contribute to heightened cyberrisk.

More than directly sabotage the systems themselves, hackers can pull personal data from “smart” or intelligent building infrastructure. In November 2013, hackers infiltrated Target Corp.’s HVAC contractor’s systems to steal the payment card records and other personal information of nearly 110 million customers. The company reported a gross financial loss of $252M by the end of Q4 2014 as a result of the cyberattack.

Risk will continue to rise as intelligent buildings gain popularity. According to Faculty Executive, an estimated 95% of building systems connected to the internet have insecure connections, and 65% of vendors have remote access to building systems.

Talking to vendors about potential cyberthreats and hiring a dedicated person in charge of cybersecurity are the first steps real estate companies should take in arming themselves against the growing risk, Cullen said. Companies must have an employee who spends at least 50% of their time on the job dealing with cybersecurity.

Once key personnel are put in place, creating a security program that is specific to the type of real estate business and adaptable to new threats will ensure a strong defense against future attacks.

“It is impossible to prevent 100% of every attack,” Cullen said. “Your security program needs to include how you react to an incident so that you can respond in a timely and thoughtful way instead of a fire drill, figure-it-out-as-you-go strategy.”

Global spending on cybersecurity will exceed $1 trillion over the next five years, from 2017 to 2021, with 1.5 million cybersecurity job openings by 2019. While the industry is growing, real estate might not be able to attract the same top talent as the finance or healthcare sectors.

“Other industries have more money to attract top talent and CRE has not been willing to spend as much on cybersecurity, which means they are not getting the best resources,” Cullen said. “To be prepared for what is ahead, real estate companies will need to invest more in cybersecurity.”

Leave a comment

Posted in Cyber Security, Data Breach, Security

Tagged ,

Crime Does Not Pay!!

Posted on December 20, 2017 | Leave a comment


The U.S. federal officials have arrested three hackers who have pleaded guilty to computer-crimes charges for creating and distributing Mirai botnet that crippled some of the world’s biggest and most popular websites by launching the massive DDoS attacks last year.

According to the federal court documents unsealed Tuesday, Paras Jha (21-year-old from New Jersey), Josiah White (20-year-old Washington) and Dalton Norman (21-year-old from Louisiana) were indicted by an Alaska court last week on multiple charges for their role in massive cyber attacks conducted using Mirai botnet.

Mirai is a piece of nasty IoT malware that scans for insecure routers, cameras, DVRs, and other Internet of Things devices which are still using their default passwords and then add them into a botnet network, which is then used to launch DDoS attacks on websites and Internet infrastructure.

According to his plea agreement, Jha “conspired to conduct DDoS attacks against websites and web hosting companies located in the United States and abroad” by ensnaring over 300,000 IoT devices. He also demanded payment “in exchange for halting the attack.

Between September and October 2016, Jha advertised Mirai botnet on multiple dark web forums using the online monikers “Anna Senpai.” He also admitted to securely wiping off the virtual machine used to run Mirai on his device and then posting the source code of Mirai online for free.

Since then, other cybercriminals have used the open-source code of the botnet to create their own Mirai variants in a variety of different cyber attacks against their targets.

Paras Jha (a.k.a Anna Senpai) and his business partner Josiah White (a.k.a Lightspeed and thegenius) are the same people who were outed by blogger Brian Krebs earlier this year after his blog was also knocked offline by a massive 620 Gbps of DDoS attack using Mirai botnet.

Paras-Jha-Mirai-botnet

According to Jha’s LinkedIn profile, he is a 21-year-old passionate programmer from Fanwood, U.S., who knows how to code in multiple programming languages and is positioned as president of a DDoS mitigation firm, ProTraf Solutions.

White admitted to creating the Mirai botnet’s scanner to identify and hijack vulnerable internet-connected devices to enlist in the botnet, while Norman (a.k.a Drake) admitted to identifying private zero-day vulnerabilities and exploits to build into the massive botnet.

From December 2016 to February 2017, the trio successfully infected more than 100,000 computing devices to form another powerful botnet, called Clickfraud, which was designed to scam online ad networks by simulating clicks on ads for the purpose of artificially generating revenue.

A week after the massive DDoS attack, the source code of Mirai was released on the widely used hacker chat forum Hackforums by Jha who, under the name Anna-senpai, wrote he had “made their money…so it’s time to GTFO.”

“So today, I have an amazing release for you,” he wrote. “With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.”

Once Mirai source code was out, various cyber criminals started exploiting the IoT malware to launch powerful DDoS attacks against websites and Internet infrastructure, one of which was the popular DNS provider Dyn, which was DDoSed by a botnet of an around 100,000 Mirai malware-infected devices.

The defendants’ involvement with the original Mirai variant ended in the fall of 2016, when Jha posted the source code for Mirai on a criminal forum. Since then, other criminal actors have used Mirai variants in a variety of other attacks.” DOJ said.

The trio faces a sentence of up to five years in prison.
Crime does not pay, it will eventually catch up to you !!!

Leave a comment

Posted in Cyber Security, Hacking, Security

Tagged , ,

How Hackable Are Our Apartments?

Posted on November 28, 2017 | Leave a comment


The Internet of Things is poised to revolutionize apartment home systems and appliances, but it also increases the security and privacy threats to apartment firms. At the 2017 NMHC OPTECH Conference & Exposition, a panel of leading security experts shared best practices for ensuring that apartment firms are mindful of the new threats as they integrate smart home devices into their communities.

The panel’s moderator, Mike Smith, vice president at White Space Building Technology Advisors, advised that as apartment firms add IoT devices to their communities, they need to look for products that are specifically designed for multifamily, noting, “if you buy a product at Home Depot, it is probably not designed for the complex nature of multifamily security needs.”

Panelist Michael Reese, Chief Information Officer for USA Properties Fund, agreed, saying that he views “IoT as Internet of Threats, not Internet of Things,” and recommended this view as apartment firms evaluate smart home technology. Kevin Gerber, project manager at Forest City Enterprises, noted that it is critical to educate staff on the new technologies and maintaining strong security protocols, and highlighted the need for a strong support structure.

Panelists agreed in the importance of segregating networks as a critical step in good cyber hygiene. Yousef Abdelilah, innovation and product management leader at American Tower, stressed the importance of implementing different layers of security to protect systems. Hackers don’t want to spend a significant amount of time trying to hack a system and will move on to systems that have fewer layers and are, therefore, easier to access.

Bill Fisher, security engineer at the National Cybersecurity Center of Excellence, part of the National Institute of Standards and Technology (NIST), commented that “IoT threat mitigation is not that different from past cyber DSC_2153threats. Best practices for strong cyber hygiene aren’t new. Right now, the onus is on the end-user to ask right questions and educate him or herself until market correction forces vendors pushes vendors to address security.” NIST provides best practices and a customizable approach to managing cyber risk through the NIST Cybersecurity Framework.

Panelists recommended evaluating the ROI on current IoT technology. Fisher commented that installing IoT is a risk decision. Firms need to weigh the convenience of devices versus the risk of security and legal ramifications if a system is hacked.

Reese reminded the audience that ensuring strong information security policy is a senior executive issue, not simply an IT issue, that needs to be implemented throughout the company

NMHC provides a resources on cybersecurity, including a cybersecurity white paper and a cyber threat alert system. More information can be found at nmhc.org/data-security.

Leave a comment

Posted in Cyber Security, Security, Technology

Tagged ,

Internet of Things (IOT), Big Data, Business Intelligence, Data Science, Digital Transformation: Hype or Reality? Facts and Figures

Posted on November 28, 2016 | Leave a comment

analytics

The Internet of things (IoT) is the internetworking of physical devices, vehicles, connected devices and smart devises, buildings and other items, embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data without requiring human-to-human or human-to-computer interaction.

The worldwide IOT market spend will grow from $592 billion in 2014 to $1.3 trillion in 2019 according to IDC, while the installed base of IoT endpoints will grow from 9.7 billion in 2014 to 30 billion in 2020 where 40% of all data in the world will be data resulting from machines to machines communication (M2M).

Gartner survey shows that 43 % of Organizations are using or plan to implement the Internet of things in 2016. Gartner predicts $2.5M per minute in IoT spending and 1M new IoT devices sold every hour by 2021.

Industrial IOT (Internet of Things) market is estimated at $60 trillion by 2030.

By 2020, IoT will save consumers and businesses $1 trillion a year in maintenance, services and consumables.

By 2022, a blockchain-based business will be worth $10B, Blockchain being a digital platform that records and verifies transactions in a tamper and revision-proof way that is public to all.

By 2018, Cloud Computing infrastructure and platforms are predicted to grow 30% annually. Many enterprises have failed to achieve success with cloud computing, because they failed to develop a cloud strategy linked to business outcomes. Many companies are unsure how to initiate their cloud projects. The key success factors for Cloud projects are the good design of the Business Processes, the focus on the Services delivered and a good design of the transition from “As Is” to “To Be” Applications Architecture.

By 2019, Global Business Intelligence market will exceed $ 23 billion and Global Predictive Analytics market will reach $ 3.6 billion by 2020, driven by the growing need to replace uncertainty in business forecasting with probability and the increasing popularity of prediction as a key towards improved decision making. Predictive analytics is the branch of the advanced analytics which is used to make predictions about unknown future events. Predictive analytics uses many techniques from data mining, statistics, modeling, machine learning, and artificial intelligence to analyze current data to make predictions about future. It is about the increased need & desire among businesses to gain greater value from their data. Over 80% of data/information that businesses generate and collect is unstructured or semi-structured data that need special treatment using Big Data Analytics.

Big Data investments will account for over $46 Billion in 2016 reaching $72 Billion by the end of 2020.

A new brand of analysts called “data scientists” are introducing data science courses into degrees ranging from computer science to business. Data Scientists usually require a mix of skills like mathematics, statistics, computer science, algorithmic, machine learning and most importantly business knowledge. If Data Scientists are lacking business knowledge, they will definitely fail. They also need to communicate the findings to C-Level management to be able to take the right strategic decisions.

Data science needs to be a fundamental component of any digital transformation effort.

All Sectors will have to hire and educate a significant number of Data Scientists.

Let’s take the example of the Energy Sector where the Digital Transformation is playing a crucial role to reach Global and European Energy targets:

87% of CFOs agree that growth requires faster data analysis and 50% of Networked enterprises are more likely to increase their market-share.

With the 2020 energy climate package and the 2050 energy roadmap, Europe has engaged early in the transformation of its Energy system.

As the Industrial Revolution was the transition to new manufacturing processes between 1760 and1840, the digital revolution will be the disruptive transformation of the 21st century to a new economy, a new society and a new era of low-emission energy.

Many large Energy players will appoint Chief Digital Officers to drive the digital transformation of their processes and create new businesses.

Four recommendations to boost Customer Centric Energy innovations will heavily require the Digital Transformation roadmap to be adopted:

  1. Accelerate Customer innovations by making the Data available for Market participants
  2. Build massive Energy Services as downloadable Apps through Energy Exchange Platforms B2B, B2C and C2C
  3. Full Customer participation by making customer usability as simple as one click
  4. Build the pan-European Energy Union of Customer Services by extending to cross-border Energy Management

With the enablement of IOT, BI, Predictive Analytics and Data Science and the proven business models, we predict that 90% of Commercial and Industrial Customers and 70% of Residential Customers will be adopting Smart Energy technologies by 2025.

Let me ask you the following questions:

  • What are the Top 3 priorities that justifie Digital Transformation in your business?
  • Are you planning to setup a Data Science team?
  • Are you considering Digital for existing business improvement or for creating new businesses?

 

Leave a comment

Posted in Big Data, Cyber Security, Network, Security, Technology

Tagged ,

Top tips on protecting your devices from hackers

Posted on November 18, 2016 | Leave a comment

iot_hackers

Billions of fitness trackers, medical implants, surveillance cameras, home appliances, thermostats, baby monitors and computers in automobiles now are connected as part of a rapidly expanding (IoT) “internet of things.”

But many such devices were developed without security considerations. As a result, they are prime targets for hackers.

Tips to protect your devices:

How do I know if I have an internet of things device?

If you have a device that is capable of connecting to the internet or shares information over a wireless network in your home, it is potentially insecure and can be leveraged for a cyber attack.

Last month, hackers harnessed an army of 100 000 internet-connected devices around the world, such as DVRs and security cameras, to attack Dyn, which helps route internet traffic to its destination. It caused temporary internet outages to sites that included Twitter, PayPal, Pinterest, Reddit and Spotify.

Why should I care?

Hackers can penetrate devices to directly harm someone or to target critical infrastructure.

They can remotely disable a car, raise the thermostat on refrigerated foods, and toy with internet-enabled medical devices.

In the Dyn attack, hackers used the devices to flood the internet infrastructure company with data and knock it offline.

Such tactics also could be used against electrical and water systems, which are increasingly being put online to allow for remote operation.

What can I do?

Make sure you are aware of what you are connecting to the internet, and think about what is necessary.

That feature on your new bathroom scale that syncs with your phone is handy, but can you password protect it from getting hacked?

Any device that has the capabilities of remotely sending information elsewhere is vulnerable. Therefore, the software on that device and the network in connects to must be secured.

If a device comes with a default password, make sure you change it. You should also change the password on your wireless network at home. Use complex passphrases to ensure your device is not easily hacked.

The Dyn attack was made possible by devices with default passwords that were never changed.

Whom do I contact if I am worried about a device?

Contacting the manufacturer or vendor of the device may not always help.

This is especially true because innovation has frequently outpaced cyber security education.

In the US, the Homeland Security Department, for example, sends out public alerts about vulnerabilities through its US-CERT programme that you can sign up for on its website .

 

Leave a comment

Posted in Cyber Security, Hacking, Security, Technology

Tagged ,

The IT Guy Becomes a Player

Posted on November 10, 2016 | Leave a comment

it

Back in the days of mainframes, the ubiquitous “IT Guy” was responsible for planning, building and maintaining in-house infrastructure, as well as developing custom solutions to automate back-office functions. And while the role evolved some over the years, the first truly tectonic shift occurred when cloud computing emerged, combined with aftershocks in the form of mobile, social and Big Data. As technology became commoditized and consumerized, some analysts suggested in-house IT would become obsolete.

In reality, the role of the IT Guy is evolving into one of greater value and significance.

Recently, IDC and Forrester Research, two of the largest technology industry research firms, released predictions that IT is poised to take the lead as companies move toward their digital futures. The reason: While many companies outsourced their initial forays into cloud and mobile applications, they can’t continue to depend on external consultancies for much longer. Digital transformation is so critical to the future of businesses, the analysts say, that relying on external parties to provide solutions will be too dangerous. In-house IT will, of necessity then, become the core driver of “how business does business.”

Taking on a more important role

Even in today’s quick moving environments, the role of the IT department has increased in value across the enterprise, as it works with various internal teams and links its goals to the wider objectives of the business. A recent survey by Forrester asked company executives to name the most important senior leader in driving or supporting business transformation and innovation, and one of the top answers was the CIO – ahead even of the CEO.

As the master of all things digital, talented CIOs are perfectly positioned to take the lead on leveraging new tech elements to help shape a business’ overall strategy – and use high-performance networks to effectively pursue it.

This new, more challenging—but much more valuable—vision of the IT Guy’s role as an innovator and strategist also seems to be widely accepted, according to a survey by Gartner Research.

The CIO as chief innovator is trending up: The Gartner survey says more CIOs are adding value to their roles by leading boardroom discussions about using cloud, mobile, analytics and social technologies to drive new product development, online marketing and other customer-facing initiatives. The research firm concludes that the perception of the CIO has evolved from an IT service provider to an enabler of digital products that support business.

And that’s only the beginning. The next great leap for businesses will be the Internet of Things (IoT), and CIOs will have the opportunity to lead by solving the challenges that will come with IoT integration.

Three types of CIOs

“IoT requires the creation of a software platform that integrates the company’s IoT ecosystem with its products and services,” says Peter Sondergaard, senior vice president, Gartner Research, adding that CIOs will be the “builders” of the new digital platforms and high-performance networks that IoT projects will require. However, while the change of role might be adventurous for some, not every CIO wants to embrace the change from being operational to innovative, according to an IDC study, “The Changing Role of IT Leadership: CIO Perspectives for 2016.”

The study outlines three types of CIOs: operational (keeping the lights on and costs down); business services manager (providing an agile portfolio of business services); and chief innovation officer (business innovator).

Business innovator is the role CIOs must play in order to have a meaningful future, says Michael Jennett, vice president for enterprise mobile strategy at IDC.

“For these executives to stay relevant, they must shift their focus to transformation and innovation,” he adds. “CIOs who stay operational will find themselves further marginalized over the next three years.”

The big question for many businesses, then, is will the IT Guy be prepared to incorporate an understanding of the company’s mission and develop value-added strategies to generate, as Jennet says, “revenue out of what you do.”

Interestingly, the IDC study found that while more than 40 percent of line-of-business executives view the CIO as an innovator, only 25 percent of CIOs describe their own role that way, with more than 40 percent viewing themselves as primarily operational, and 34 percent as business service managers.

However, with global digital commerce revenue at over $1 trillion annually, CEOs see digital as fuel for growth, and expectations for IT departments are running high. To succeed in this environment, and bring value, the IT Guy needs to rise to the occasion and take on responsibility for digital innovation, as well as maintaining the infrastructure.

 

Leave a comment

Posted in Big Data, Security, Technology

Tagged ,

An Army of Million Hacked IoT Devices Almost Broke the Internet on Friday

Posted on October 24, 2016 | Leave a comment

 

internet-outage
A massive Distributed Denial of Service (DDoS) attack against Dyn, a major domain name system (DNS) provider, broke large portions of the Internet on Friday, causing a significant outage to a ton of websites and services, including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, Box, and Spotify.

But how the attack happened? What’s the cause behind the attack?

Exact details of the attack remain vague, but Dyn reported a huge army of hijacked internet-connected devices could be responsible for the massive attack.
Yes, the same method recently employed by hackers to carry out record-breaking DDoS attack of over 1 Tbps against France-based hosting provider OVH.

According to security intelligence firm Flashpoint, Mirai bots were detected driving much, but not necessarily all, of the traffic in the DDoS attacks against DynDNS.

Mirai is a piece of malware that targets Internet of Things (IoT) devices such as routers, and security cameras, DVRs, and enslaves vast numbers of these compromised devices into a botnet, which is then used to conduct DDoS attacks.

Since the source code of Mirai Botnet has already made available to the public, anyone can wield DDoS attacks against targets.

This time hackers did not target an individual site, rather they attacked Dyn that many sites and services are using as their upstream DNS provider for turning internet protocol (IP) addresses into human-readable websites.

The result we all know: Major sites and services including Twitter, GitHub, Reddit, PayPal, Amazon, AirBnb, Netflix, Box, Pinterest, and so on, were among hundreds of services rendered inaccessible to Millions of people worldwide for several hours on Friday.

“Flashpoint has confirmed that at least some of the devices used in the Dyn DNS attacks are DVRs, further matching the technical indicators and tactics, techniques, and procedures associated with previous known Mirai botnet attacks,” Flashpoint says in a blog post.

This type of attack is notable and concerning because it largely consists of unsecured IoT devices, which are growing exponentially with time. These devices are implemented in a way that they cannot easily be updated and thus are nearly impossible to secure.

Manufacturers majorly focus on performance and usability of IoT devices but ignore security measures and encryption mechanisms, which is why they are routinely being hacked and widely becoming part of DDoS botnets used as weapons in cyber attacks.

An online tracker of the Mirai botnet suggests there are more than 1.2 Million Mirai-infected devices on the Internet, with over 166,000 devices active right now.

In short, IoT botnets like Mirai are growing rapidly, and there is no easy way to stop them.

According to officials speaking to Reuters, the US Department of Homeland Security (DHS) and the FBI are both investigating the massive DDoS attacks hitting DynDNS, but none of the agencies yet speculated on who might be behind them.

Leave a comment

Posted in Cyber Security, Hacking, Security, Technology

Tagged ,

Internet of Things sparks healthcare cybersecurity concerns, HIMSS16 speaker says

Posted on February 24, 2016 | 4 comments

As connectivity continues to expand, cybersecurity should be top of mind for CIOs, CISOs and other hospital executives, according to Eric Miller of Ascension.

medicaldevicehitn_0The Internet of Things is set to explode. Forecasters expect more than 6 billion objects connected to the Internet this year and some expect 50 billion by 2020. But with connectivity comes risk.

For healthcare providers trying to leverage what is emerging as the IoT for healthcare – that growing universe of wearable sensors, networked devices and home monitoring systems deployed to collect medical data and even treat patients – ineffective cybersecurity can have potentially dangerous consequences.

“The Internet of Things is different from the Internet of Things for healthcare in terms of risk,” said Eric Miller, senior director of IT at Ascension Information Services.

Miller pointed to a recent initiative in which white hat hackers working with the Mayo Clinic were easily able to hack into numerous connected medical devices, including an infusion pump that delivers drugs and fluids into patients.

One of the hired hackers, in fact, was able to connect an infusion pump to his computer network and manipulate the dosage remotely.

Miller and Paul Unbehagan, chief architect of Avaya, will discuss technologies that enable the security of connected devices and how providers can recognize and mitigate these cyber security risks during a HIMSS16 session on March 1, 2016.

“Our goal is to show how to reduce the risk from connected medical devices in a manageable way,” Miller added. “There’s a process side to it and a technology side, and we will discuss both,” Miller said.

The session will cover how providers can get a handle on the number and types of Internet of Things for healthcare devices connected to their network; how to apply risk models to device classifications in order to clarify the threat level; how to implement automation to manage the security of the growing number of connected devices; how to evaluate inventory management options against existing technologies; and how to create an implementation plan.

“We want attendees to leave this session with an understanding of how to improve their risk posture for the existing Internet of Things for healthcare as well as the connected devices to come,” he said.

The Internet of Healthcare Things” will be held Tuesday, March 1, from 1 – 2 p.m. PST in the Sands Expo Convention Center Human Nature Theater.

 

4 Comments

Posted in Big Data, Cyber Security, Hacking, Hacks, Healthcare

Tagged , , ,