Tag Archives: IoT

Crime Does Not Pay!!


The U.S. federal officials have arrested three hackers who have pleaded guilty to computer-crimes charges for creating and distributing Mirai botnet that crippled some of the world’s biggest and most popular websites by launching the massive DDoS attacks last year.

According to the federal court documents unsealed Tuesday, Paras Jha (21-year-old from New Jersey), Josiah White (20-year-old Washington) and Dalton Norman (21-year-old from Louisiana) were indicted by an Alaska court last week on multiple charges for their role in massive cyber attacks conducted using Mirai botnet.

Mirai is a piece of nasty IoT malware that scans for insecure routers, cameras, DVRs, and other Internet of Things devices which are still using their default passwords and then add them into a botnet network, which is then used to launch DDoS attacks on websites and Internet infrastructure.

According to his plea agreement, Jha “conspired to conduct DDoS attacks against websites and web hosting companies located in the United States and abroad” by ensnaring over 300,000 IoT devices. He also demanded payment “in exchange for halting the attack.

Between September and October 2016, Jha advertised Mirai botnet on multiple dark web forums using the online monikers “Anna Senpai.” He also admitted to securely wiping off the virtual machine used to run Mirai on his device and then posting the source code of Mirai online for free.

Since then, other cybercriminals have used the open-source code of the botnet to create their own Mirai variants in a variety of different cyber attacks against their targets.

Paras Jha (a.k.a Anna Senpai) and his business partner Josiah White (a.k.a Lightspeed and thegenius) are the same people who were outed by blogger Brian Krebs earlier this year after his blog was also knocked offline by a massive 620 Gbps of DDoS attack using Mirai botnet.

Paras-Jha-Mirai-botnet

According to Jha’s LinkedIn profile, he is a 21-year-old passionate programmer from Fanwood, U.S., who knows how to code in multiple programming languages and is positioned as president of a DDoS mitigation firm, ProTraf Solutions.

White admitted to creating the Mirai botnet’s scanner to identify and hijack vulnerable internet-connected devices to enlist in the botnet, while Norman (a.k.a Drake) admitted to identifying private zero-day vulnerabilities and exploits to build into the massive botnet.

From December 2016 to February 2017, the trio successfully infected more than 100,000 computing devices to form another powerful botnet, called Clickfraud, which was designed to scam online ad networks by simulating clicks on ads for the purpose of artificially generating revenue.

A week after the massive DDoS attack, the source code of Mirai was released on the widely used hacker chat forum Hackforums by Jha who, under the name Anna-senpai, wrote he had “made their money…so it’s time to GTFO.”

“So today, I have an amazing release for you,” he wrote. “With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.”

Once Mirai source code was out, various cyber criminals started exploiting the IoT malware to launch powerful DDoS attacks against websites and Internet infrastructure, one of which was the popular DNS provider Dyn, which was DDoSed by a botnet of an around 100,000 Mirai malware-infected devices.

The defendants’ involvement with the original Mirai variant ended in the fall of 2016, when Jha posted the source code for Mirai on a criminal forum. Since then, other criminal actors have used Mirai variants in a variety of other attacks.” DOJ said.

The trio faces a sentence of up to five years in prison.
Crime does not pay, it will eventually catch up to you !!!

How Hackable Are Our Apartments?


The Internet of Things is poised to revolutionize apartment home systems and appliances, but it also increases the security and privacy threats to apartment firms. At the 2017 NMHC OPTECH Conference & Exposition, a panel of leading security experts shared best practices for ensuring that apartment firms are mindful of the new threats as they integrate smart home devices into their communities.

The panel’s moderator, Mike Smith, vice president at White Space Building Technology Advisors, advised that as apartment firms add IoT devices to their communities, they need to look for products that are specifically designed for multifamily, noting, “if you buy a product at Home Depot, it is probably not designed for the complex nature of multifamily security needs.”

Panelist Michael Reese, Chief Information Officer for USA Properties Fund, agreed, saying that he views “IoT as Internet of Threats, not Internet of Things,” and recommended this view as apartment firms evaluate smart home technology. Kevin Gerber, project manager at Forest City Enterprises, noted that it is critical to educate staff on the new technologies and maintaining strong security protocols, and highlighted the need for a strong support structure.

Panelists agreed in the importance of segregating networks as a critical step in good cyber hygiene. Yousef Abdelilah, innovation and product management leader at American Tower, stressed the importance of implementing different layers of security to protect systems. Hackers don’t want to spend a significant amount of time trying to hack a system and will move on to systems that have fewer layers and are, therefore, easier to access.

Bill Fisher, security engineer at the National Cybersecurity Center of Excellence, part of the National Institute of Standards and Technology (NIST), commented that “IoT threat mitigation is not that different from past cyber DSC_2153threats. Best practices for strong cyber hygiene aren’t new. Right now, the onus is on the end-user to ask right questions and educate him or herself until market correction forces vendors pushes vendors to address security.” NIST provides best practices and a customizable approach to managing cyber risk through the NIST Cybersecurity Framework.

Panelists recommended evaluating the ROI on current IoT technology. Fisher commented that installing IoT is a risk decision. Firms need to weigh the convenience of devices versus the risk of security and legal ramifications if a system is hacked.

Reese reminded the audience that ensuring strong information security policy is a senior executive issue, not simply an IT issue, that needs to be implemented throughout the company

NMHC provides a resources on cybersecurity, including a cybersecurity white paper and a cyber threat alert system. More information can be found at nmhc.org/data-security.

Internet of Things (IOT), Big Data, Business Intelligence, Data Science, Digital Transformation: Hype or Reality? Facts and Figures

analytics

The Internet of things (IoT) is the internetworking of physical devices, vehicles, connected devices and smart devises, buildings and other items, embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data without requiring human-to-human or human-to-computer interaction.

The worldwide IOT market spend will grow from $592 billion in 2014 to $1.3 trillion in 2019 according to IDC, while the installed base of IoT endpoints will grow from 9.7 billion in 2014 to 30 billion in 2020 where 40% of all data in the world will be data resulting from machines to machines communication (M2M).

Gartner survey shows that 43 % of Organizations are using or plan to implement the Internet of things in 2016. Gartner predicts $2.5M per minute in IoT spending and 1M new IoT devices sold every hour by 2021.

Industrial IOT (Internet of Things) market is estimated at $60 trillion by 2030.

By 2020, IoT will save consumers and businesses $1 trillion a year in maintenance, services and consumables.

By 2022, a blockchain-based business will be worth $10B, Blockchain being a digital platform that records and verifies transactions in a tamper and revision-proof way that is public to all.

By 2018, Cloud Computing infrastructure and platforms are predicted to grow 30% annually. Many enterprises have failed to achieve success with cloud computing, because they failed to develop a cloud strategy linked to business outcomes. Many companies are unsure how to initiate their cloud projects. The key success factors for Cloud projects are the good design of the Business Processes, the focus on the Services delivered and a good design of the transition from “As Is” to “To Be” Applications Architecture.

By 2019, Global Business Intelligence market will exceed $ 23 billion and Global Predictive Analytics market will reach $ 3.6 billion by 2020, driven by the growing need to replace uncertainty in business forecasting with probability and the increasing popularity of prediction as a key towards improved decision making. Predictive analytics is the branch of the advanced analytics which is used to make predictions about unknown future events. Predictive analytics uses many techniques from data mining, statistics, modeling, machine learning, and artificial intelligence to analyze current data to make predictions about future. It is about the increased need & desire among businesses to gain greater value from their data. Over 80% of data/information that businesses generate and collect is unstructured or semi-structured data that need special treatment using Big Data Analytics.

Big Data investments will account for over $46 Billion in 2016 reaching $72 Billion by the end of 2020.

A new brand of analysts called “data scientists” are introducing data science courses into degrees ranging from computer science to business. Data Scientists usually require a mix of skills like mathematics, statistics, computer science, algorithmic, machine learning and most importantly business knowledge. If Data Scientists are lacking business knowledge, they will definitely fail. They also need to communicate the findings to C-Level management to be able to take the right strategic decisions.

Data science needs to be a fundamental component of any digital transformation effort.

All Sectors will have to hire and educate a significant number of Data Scientists.

Let’s take the example of the Energy Sector where the Digital Transformation is playing a crucial role to reach Global and European Energy targets:

87% of CFOs agree that growth requires faster data analysis and 50% of Networked enterprises are more likely to increase their market-share.

With the 2020 energy climate package and the 2050 energy roadmap, Europe has engaged early in the transformation of its Energy system.

As the Industrial Revolution was the transition to new manufacturing processes between 1760 and1840, the digital revolution will be the disruptive transformation of the 21st century to a new economy, a new society and a new era of low-emission energy.

Many large Energy players will appoint Chief Digital Officers to drive the digital transformation of their processes and create new businesses.

Four recommendations to boost Customer Centric Energy innovations will heavily require the Digital Transformation roadmap to be adopted:

  1. Accelerate Customer innovations by making the Data available for Market participants
  2. Build massive Energy Services as downloadable Apps through Energy Exchange Platforms B2B, B2C and C2C
  3. Full Customer participation by making customer usability as simple as one click
  4. Build the pan-European Energy Union of Customer Services by extending to cross-border Energy Management

With the enablement of IOT, BI, Predictive Analytics and Data Science and the proven business models, we predict that 90% of Commercial and Industrial Customers and 70% of Residential Customers will be adopting Smart Energy technologies by 2025.

Let me ask you the following questions:

  • What are the Top 3 priorities that justifie Digital Transformation in your business?
  • Are you planning to setup a Data Science team?
  • Are you considering Digital for existing business improvement or for creating new businesses?

 

Top tips on protecting your devices from hackers

iot_hackers

Billions of fitness trackers, medical implants, surveillance cameras, home appliances, thermostats, baby monitors and computers in automobiles now are connected as part of a rapidly expanding (IoT) “internet of things.”

But many such devices were developed without security considerations. As a result, they are prime targets for hackers.

Tips to protect your devices:

How do I know if I have an internet of things device?

If you have a device that is capable of connecting to the internet or shares information over a wireless network in your home, it is potentially insecure and can be leveraged for a cyber attack.

Last month, hackers harnessed an army of 100 000 internet-connected devices around the world, such as DVRs and security cameras, to attack Dyn, which helps route internet traffic to its destination. It caused temporary internet outages to sites that included Twitter, PayPal, Pinterest, Reddit and Spotify.

Why should I care?

Hackers can penetrate devices to directly harm someone or to target critical infrastructure.

They can remotely disable a car, raise the thermostat on refrigerated foods, and toy with internet-enabled medical devices.

In the Dyn attack, hackers used the devices to flood the internet infrastructure company with data and knock it offline.

Such tactics also could be used against electrical and water systems, which are increasingly being put online to allow for remote operation.

What can I do?

Make sure you are aware of what you are connecting to the internet, and think about what is necessary.

That feature on your new bathroom scale that syncs with your phone is handy, but can you password protect it from getting hacked?

Any device that has the capabilities of remotely sending information elsewhere is vulnerable. Therefore, the software on that device and the network in connects to must be secured.

If a device comes with a default password, make sure you change it. You should also change the password on your wireless network at home. Use complex passphrases to ensure your device is not easily hacked.

The Dyn attack was made possible by devices with default passwords that were never changed.

Whom do I contact if I am worried about a device?

Contacting the manufacturer or vendor of the device may not always help.

This is especially true because innovation has frequently outpaced cyber security education.

In the US, the Homeland Security Department, for example, sends out public alerts about vulnerabilities through its US-CERT programme that you can sign up for on its website .

 

The IT Guy Becomes a Player

it

Back in the days of mainframes, the ubiquitous “IT Guy” was responsible for planning, building and maintaining in-house infrastructure, as well as developing custom solutions to automate back-office functions. And while the role evolved some over the years, the first truly tectonic shift occurred when cloud computing emerged, combined with aftershocks in the form of mobile, social and Big Data. As technology became commoditized and consumerized, some analysts suggested in-house IT would become obsolete.

In reality, the role of the IT Guy is evolving into one of greater value and significance.

Recently, IDC and Forrester Research, two of the largest technology industry research firms, released predictions that IT is poised to take the lead as companies move toward their digital futures. The reason: While many companies outsourced their initial forays into cloud and mobile applications, they can’t continue to depend on external consultancies for much longer. Digital transformation is so critical to the future of businesses, the analysts say, that relying on external parties to provide solutions will be too dangerous. In-house IT will, of necessity then, become the core driver of “how business does business.”

Taking on a more important role

Even in today’s quick moving environments, the role of the IT department has increased in value across the enterprise, as it works with various internal teams and links its goals to the wider objectives of the business. A recent survey by Forrester asked company executives to name the most important senior leader in driving or supporting business transformation and innovation, and one of the top answers was the CIO – ahead even of the CEO.

As the master of all things digital, talented CIOs are perfectly positioned to take the lead on leveraging new tech elements to help shape a business’ overall strategy – and use high-performance networks to effectively pursue it.

This new, more challenging—but much more valuable—vision of the IT Guy’s role as an innovator and strategist also seems to be widely accepted, according to a survey by Gartner Research.

The CIO as chief innovator is trending up: The Gartner survey says more CIOs are adding value to their roles by leading boardroom discussions about using cloud, mobile, analytics and social technologies to drive new product development, online marketing and other customer-facing initiatives. The research firm concludes that the perception of the CIO has evolved from an IT service provider to an enabler of digital products that support business.

And that’s only the beginning. The next great leap for businesses will be the Internet of Things (IoT), and CIOs will have the opportunity to lead by solving the challenges that will come with IoT integration.

Three types of CIOs

“IoT requires the creation of a software platform that integrates the company’s IoT ecosystem with its products and services,” says Peter Sondergaard, senior vice president, Gartner Research, adding that CIOs will be the “builders” of the new digital platforms and high-performance networks that IoT projects will require. However, while the change of role might be adventurous for some, not every CIO wants to embrace the change from being operational to innovative, according to an IDC study, “The Changing Role of IT Leadership: CIO Perspectives for 2016.”

The study outlines three types of CIOs: operational (keeping the lights on and costs down); business services manager (providing an agile portfolio of business services); and chief innovation officer (business innovator).

Business innovator is the role CIOs must play in order to have a meaningful future, says Michael Jennett, vice president for enterprise mobile strategy at IDC.

“For these executives to stay relevant, they must shift their focus to transformation and innovation,” he adds. “CIOs who stay operational will find themselves further marginalized over the next three years.”

The big question for many businesses, then, is will the IT Guy be prepared to incorporate an understanding of the company’s mission and develop value-added strategies to generate, as Jennet says, “revenue out of what you do.”

Interestingly, the IDC study found that while more than 40 percent of line-of-business executives view the CIO as an innovator, only 25 percent of CIOs describe their own role that way, with more than 40 percent viewing themselves as primarily operational, and 34 percent as business service managers.

However, with global digital commerce revenue at over $1 trillion annually, CEOs see digital as fuel for growth, and expectations for IT departments are running high. To succeed in this environment, and bring value, the IT Guy needs to rise to the occasion and take on responsibility for digital innovation, as well as maintaining the infrastructure.

 

An Army of Million Hacked IoT Devices Almost Broke the Internet on Friday

 

internet-outage
A massive Distributed Denial of Service (DDoS) attack against Dyn, a major domain name system (DNS) provider, broke large portions of the Internet on Friday, causing a significant outage to a ton of websites and services, including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, Box, and Spotify.

But how the attack happened? What’s the cause behind the attack?

Exact details of the attack remain vague, but Dyn reported a huge army of hijacked internet-connected devices could be responsible for the massive attack.
Yes, the same method recently employed by hackers to carry out record-breaking DDoS attack of over 1 Tbps against France-based hosting provider OVH.

According to security intelligence firm Flashpoint, Mirai bots were detected driving much, but not necessarily all, of the traffic in the DDoS attacks against DynDNS.

Mirai is a piece of malware that targets Internet of Things (IoT) devices such as routers, and security cameras, DVRs, and enslaves vast numbers of these compromised devices into a botnet, which is then used to conduct DDoS attacks.

Since the source code of Mirai Botnet has already made available to the public, anyone can wield DDoS attacks against targets.

This time hackers did not target an individual site, rather they attacked Dyn that many sites and services are using as their upstream DNS provider for turning internet protocol (IP) addresses into human-readable websites.

The result we all know: Major sites and services including Twitter, GitHub, Reddit, PayPal, Amazon, AirBnb, Netflix, Box, Pinterest, and so on, were among hundreds of services rendered inaccessible to Millions of people worldwide for several hours on Friday.

“Flashpoint has confirmed that at least some of the devices used in the Dyn DNS attacks are DVRs, further matching the technical indicators and tactics, techniques, and procedures associated with previous known Mirai botnet attacks,” Flashpoint says in a blog post.

This type of attack is notable and concerning because it largely consists of unsecured IoT devices, which are growing exponentially with time. These devices are implemented in a way that they cannot easily be updated and thus are nearly impossible to secure.

Manufacturers majorly focus on performance and usability of IoT devices but ignore security measures and encryption mechanisms, which is why they are routinely being hacked and widely becoming part of DDoS botnets used as weapons in cyber attacks.

An online tracker of the Mirai botnet suggests there are more than 1.2 Million Mirai-infected devices on the Internet, with over 166,000 devices active right now.

In short, IoT botnets like Mirai are growing rapidly, and there is no easy way to stop them.

According to officials speaking to Reuters, the US Department of Homeland Security (DHS) and the FBI are both investigating the massive DDoS attacks hitting DynDNS, but none of the agencies yet speculated on who might be behind them.

Internet of Things sparks healthcare cybersecurity concerns, HIMSS16 speaker says

As connectivity continues to expand, cybersecurity should be top of mind for CIOs, CISOs and other hospital executives, according to Eric Miller of Ascension.

medicaldevicehitn_0The Internet of Things is set to explode. Forecasters expect more than 6 billion objects connected to the Internet this year and some expect 50 billion by 2020. But with connectivity comes risk.

For healthcare providers trying to leverage what is emerging as the IoT for healthcare – that growing universe of wearable sensors, networked devices and home monitoring systems deployed to collect medical data and even treat patients – ineffective cybersecurity can have potentially dangerous consequences.

“The Internet of Things is different from the Internet of Things for healthcare in terms of risk,” said Eric Miller, senior director of IT at Ascension Information Services.

Miller pointed to a recent initiative in which white hat hackers working with the Mayo Clinic were easily able to hack into numerous connected medical devices, including an infusion pump that delivers drugs and fluids into patients.

One of the hired hackers, in fact, was able to connect an infusion pump to his computer network and manipulate the dosage remotely.

Miller and Paul Unbehagan, chief architect of Avaya, will discuss technologies that enable the security of connected devices and how providers can recognize and mitigate these cyber security risks during a HIMSS16 session on March 1, 2016.

“Our goal is to show how to reduce the risk from connected medical devices in a manageable way,” Miller added. “There’s a process side to it and a technology side, and we will discuss both,” Miller said.

The session will cover how providers can get a handle on the number and types of Internet of Things for healthcare devices connected to their network; how to apply risk models to device classifications in order to clarify the threat level; how to implement automation to manage the security of the growing number of connected devices; how to evaluate inventory management options against existing technologies; and how to create an implementation plan.

“We want attendees to leave this session with an understanding of how to improve their risk posture for the existing Internet of Things for healthcare as well as the connected devices to come,” he said.

The Internet of Healthcare Things” will be held Tuesday, March 1, from 1 – 2 p.m. PST in the Sands Expo Convention Center Human Nature Theater.