Category Archives: Internet Security
The Internet of Things: how safe are your smart devices? – Spectator.co.uk
After years of marketing hype, it seems the much-heralded Internet of Things (or IoT to those in the know) has finally arrived. From washing machines and heating systems that can be controlled from your smartphone, to doorbells that learn to recognise regular visitors and broadcast suspicious activity, more and more of us are upgrading our homes with internet-enabled devices. But have we stopped to think about the cybersecurity of this new technology?
One expert isnt convinced weve thought it through. Mikko Hypponen is chief research officer for the Finnish digital security company F-Secure. Having observed the rise in IoT devices, hes coined a new maxim to alert consumers to their potential dangers: if its smart, he says, its also vulnerable. Its a pessimistic rule, he tells me during a stopover in London ahead of an industry speaking gig but its a true one too: the more connectivity we add to our homes, the more vulnerability we create.
The big risks for IoT devices fall into two broad categories, he explains both of which are already being exploited by cyber-criminals. The first and more obvious vulnerability is that smart devices might serve as a backdoor into our home networks, allowing hackers easier access to our laptops and smartphones and all the valuable information (from passwords to credit cards) that entails. In cybersecurity circles, the examples are already becoming legendary: like the Las Vegas casino that reportedly had its high-rollers database stolen by hackers who entered the network via a smart fist-tank.
Smart devices like fridges and doorbell cameras are typically the weakest link in your home network, Hypponen says. Its a problem compounded by the fact that buyers are rarely encouraged to take even the most basic of safety precautions such as changing the devices password from its default setting. Along with other new technologies (in particular cryptocurrencies like Bitcoin that allow for untraceable payments) its led to a spike in ransomware attacks, where hackers render computers useless until the user sends them a large sum of money. One of the most famous ransomware viruses was the Wannacry malware, which infected NHS computers in 2017 apparently at the instruction of North Korea.
So what can owners do to protect their own devices and their wider home networks against attack? One obvious step, according to F-Secure, is to ensure your WiFi network is as secure as possible. That means changing its name (thus making it difficult for hackers to identify its make and model and, from there, its security flaws), using WPA2 encryption, and ensuring you use a secure password. As for IoT devices themselves, owners should be sure to change the default password and also look at disabling certain features like Universal Plug and Play which make it easier for hackers to exploit their vulnerabilities.
While ransomware attacks are on the rise, Hypponen is also interested in a newer form of cyber-crime which targets the next wave of smaller IoT devices like toasters and hairdryers which connect directly to the internet using 5G. Hang on a minute, I ask. Who needs an internet-enabled toaster? Well, no-one, admits Hypponen. Yet he simultaneously predicts that, as internet-connectivity becomes cheaper and cheaper, it will soon be impossible to buy toasters that dont connect to the internet.
How so? The reason is that toasters arent going online to provide new functionalities to the customer: instead theyll be providing manufacturers with real-time data on exactly how the device is being used. This kind of mass data is extremely valuable to manufacturers, allowing them to continuously improve their products, but it also makes devices vulnerable to cyber attack particularly given many use only the most basic encryption and dont always allow users to change their settings. In the past year, Hyponnen says, hes seen more cyber attacks on IoT devices than Windows computers.
Given these devices arent usually connected to your home network (they access the internet directly through tiny 5G chips), the aim isnt to get hold of your personal data. Hackers want to recruit your devices into their botnets vast swarms of captive IT addresses that can be used to attack internet servers by sending an overwhelming flood of nonsensical data. In 2016, millions of such devices across the world were harvested in the Mirai botnet, which managed to take down websites from Twitter to the BBC, and Spotify to FoxNews. It remains one of the largest cyber-attacks of recent history.
So whats the solution? Hypponen says that industry has been slow to act partly because consumers dont suffer directly if their devices are targeted. During the Mirai attack, I called one office because we could see that a heat pump in their network was part of the botnet, he says. I asked them do you own this particular model of pump? Well are you aware its being used to help take down half of the internet right now?. He says that the company was fascinated to hear about the botnet, but werent particularly motivated to spend their own money to secure their devices. Of course many more wont even know the breach has taken place: a study by the Dutch digital security firm Gemalto found that less than half of businesses were able to identify when an IoT device had been hacked.
Hypponen contrasts the approach taken by both government and industry to cybersecurity with the more established approach to consumer safety. If you buy a washing machine, you can be certain its not going to catch fire or give you an electric shock as we certify those things, he says. But theres no regulation at all on whether the machine might end up revealing your WiFi password to hackers. Though that might be changing: the UK government has begun consulting with experts and industry on how to develop appropriate safeguards, while Finland has just become the first country to introduce a government-backed quality stamp for those products which meet basic cybersecurity standards.
With around a quarter of British homes already using smart devices and another 40 per cent saying they would consider buying one in the next five years its an issue which wont be going away any time soon. Something to keep in mind when youre eyeing up your new toaster.
More:
The Internet of Things: how safe are your smart devices? - Spectator.co.uk
Internet of Things security firm Armis in talks to be acquired -media – Nasdaq
JERUSALEM, Jan 6 (Reuters) - Cybersecurity firm Armis, which specializes in protection for the Internet of Things (IoT), is in talks to be bought by a U.S. tech firm for around $1 billion, Israeli financial media outlets reported on Monday.
The Calcalist financial news website said that Armis was in advanced negotiations with an unnamed potential buyer to be acquired at a valuation of $800 million to $1.2 billion.
Officials at Armis could not be reached for immediate comment.
The company says its enterprise security platform protects IoT devices -- like medical infusion pumps or those used in production lines at car manufacturers -- from attacks by identifying suspicious or malicious devices and quarantining them.
In April, Armis said it raised $65 million in Series C funding, bringing the companys total funding to $112 million. The round was led by Sequoia Capital.
(Reporting by Ari Rabinovitch Editing by Tova Cohen)
((ari.rabinovitch@thomsonreuters.com; +972-2-632-2202; Reuters Messaging: ari.rabinovitch@thomsonreuters.com@reuters.net))
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.
Continue reading here:
Internet of Things security firm Armis in talks to be acquired -media - Nasdaq
BlackBerry Collaborating with Amazon Web Services to Demonstrate Safe, Secure, and Intelligent Connected Vehicle Software Platform for In-Vehicle…
LAS VEGAS, Jan. 6, 2020 /PRNewswire/ --BlackBerry Limited(NYSE: BB; TSX: BB) today announced it has teamed up with Amazon Web Services, Inc. (AWS) to demonstrate a connected vehicle software platform for in-vehicle applications that combines the safety and security of BlackBerry's QNX real-time operating system with AWS' Internet of Things (IoT) Services in the cloud and in the car. The platform enables automotive manufacturers to securely access data from vehicle sensors, and create software applications and machine-learning models for connected, electric, and autonomous vehicles.
With the AWS-powered BlackBerry platform, automotive OEMs can expedite their vision of continuously and quickly bringing innovative connected vehicle services to market, ranging from cockpit personalization, vehicle acoustic conditioning, vehicle health monitoring, and advanced driver assistance systems (ADAS) features.Car companies can also leverage this platform for their new software-centric electric car and autonomous platforms, enabling essential functions such as continuous EV battery life monitoring and prediction, and managing vehicle sub-systems to holistically control warranty costs, providing important security updates and seamless updates of vehicle software features to delight their customers, and drive monetization of vehicle data while exercising control over data access.
The AWS-powered BlackBerry platform combines the two companies' edge and cloud technologies into a comprehensive edge-to-cloud offering for the global automotive industry. QNX software allows automotive OEMs to develop and run a common software platform across in-vehicle systems such as gateways, TCUs, engine controllers, digital cockpits and emerging domain controllers, while AWS capabilities enable automotive software developers to securely and easily access data from vehicle sensors, build software applications and machine learning (ML) models using vehicle data, and deploy them inside the vehicle to enable in-vehicle inference and actions. The platform will integrate the BlackBerry QNX operating system and over-the-air software update services, with AWS IoT cloud services for secure connectivity and telematics, Amazon SageMaker for developing ML models, and AWS IoT edge services for in-vehicle ML inference.
"By working with AWS, we can provide OEMs with a unique foundational software platform that will allow them to build the next generation connected and autonomous cars of the future," said John Wall, Senior Vice President and Co-Head of BlackBerry Technology Solutions. "By combining our technologies and strengths into one dedicated cloud-based offering, we can ensure automakers have the tools they need to deliver the driving experience consumers want, without sacrificing on the security and reliability they need."
"Our automotive customers are developing exciting new products and services that rely on the power of the cloud, IoT, and AI/ML. We are thrilled to be working with BlackBerry QNX to provide secure connectivity and advanced edge computing capabilities for the next generation of electric and autonomous vehicles," said Bill Vass, Vice President, Technology, Amazon Web Services, Inc.
"Combining the safety and security of QNX with AWS cloud and edge intelligence has the potential to speed the development of Karma's connected car ecosystem," said Lewis Liu, Karma Automotive Vice President, Business Development and Strategy. "It shows how Karma's vehicle platform is being used by technologists as a test-bed to prove new innovation, speed product development and ultimately to provide owners with leading cyber-security resources and predictive maintenance information via the latest artificial intelligence applications. The result is enhanced VVIP treatment for our discerning luxury-customer base, and cutting-edge technology that can lead to new business opportunities for Karma beyond pure automotive retail sales."
BlackBerry's full suite of automotive offerings will be demonstrated at the Consumer Electronics Show (CES) in Las Vegas from January 7-10, 2020, at the Las Vegas Convention Center.Visit BlackBerry at Booth #7515 in the North Hall.
About BlackBerry
BlackBerry (NYSE: BB; TSX: BB) is a trusted security software and services company that provides enterprises and governments with the technology they need to secure the Internet of Things. Based in Waterloo, Ontario, the company is unwavering in its commitment to safety, cybersecurity and data privacy, and leads in key areas such as artificial intelligence, endpoint security and management, encryption and embedded systems. For more information, visit BlackBerry.com and follow @BlackBerry.
BlackBerry and related trademarks, names and logos are the property of BlackBerry Limited and are registered and/or used in the U.S. and countries around the world. All other marks are the property of their respective owners. BlackBerry is not responsible for any third-party products or services.
Media Contacts:BlackBerry (519) 597-7273mediarelations@BlackBerry.com
SOURCE BlackBerry Limited
Beset by lawsuits over poor security protections, Ring rolls out ‘privacy dashboard’ for its creepy surveillance cams, immediately takes heat – The…
CES With criticism mounting, Amazon's Ring revealed a web dashboard of privacy controls it hopes will slash the number of horror stories coming from customers.
On Monday, in time for this year's CES in Las Vegas, the home surveillance camera and internet-connected doorbell specialist made a point of unveiling an account control panel it hopes will allow users to better manage the access settings on their devices and keep hackers and other intruders out. The new controls will be available across all products.
"This latest feature will make it easy to view and control privacy and security settings from one dashboard," Ring said of the new feature.
"The Control Center will initially let you see and manage your connected mobile, desktop, and tablet devices, as well as third-party services; it will also enable you to opt out of receiving video requests in areas where local police have joined the Neighbors app."
This comes after Ring found itself under fire on a number of fronts for its privacy policies and security protections. In particular, the close relationship Ring struck with America's plod has worried civil rights groups who believe that the cameras provide officers with excessive levels of surveillance power. In short, Ring encourages folks to share their web-connected cam footage with neighbors and the police, opening up a whole can of worms regarding privacy and consent.
And it doesn't alert owners to multiple logins from across the country or world a tell-tale sign of an account compromise nor limit the rate at which miscreants can attempt to guess account passwords. It does not direct people to use multi-factor authentication, nor does it require strong passwords, and nor does it reject username-password combinations known to be stolen from other websites. It basically fails to prevent netizens from falling foul of brute-force attacks and credential stuffing, and subsequent security device hijackings, by miscreants on the other side of the internet.
Don't expect the dashboard rollout to solve any of these worries. Digital-rights group Fight for the Future was quick to dismiss the CES announcement as "a total joke." The dashboard "amounts to little more than a cosmetic redesign," the campaigners added, and no new protections have been added, we're told.
"Amazon is still putting the responsibility on users to protect these devices, knowing full well that they wont," thundered Fight for the Future deputy director Evan Greer.
"You cant sell a car without seat belts or airbags and then say the driver should have installed them when they get in a crash. Amazon is selling cheap, insecure, internet-connected surveillance cameras and convincing people to put them inside their homes, knowing that they put those people in danger."
And then there's the matter of the lawsuits. In December, a class-action case emerged in the US over a spate of hacks of in-home Ring surveillance cameras. And in California on Friday, a second suit [PDF] was filed complete with harrowing details of what lawyers for the plaintiffs call a "living nightmare" enabled by shoddy Ring security.
Named Plaintiffs Ashley LeMay and Dylan Blakeley recounted a time when a hacker broke into the couple's Ring security camera over the internet, and began playing music over the gizmo to lure their 8-year-old daughter into a bedroom where the miscreant could speak to the child.
"Intrigued by the music, the Blakeleys eight-year-old daughter, A., went to the room she shares with two of her younger sisters to investigate. But the room was empty. As A. wandered the room, looking for the source of the music, the song abruptly stopped, and a mans voice rang out: 'Hello there'," the filing recounts.
"It was a stranger an unknown hacker, who had taken over the Blakeleys account and had the ability to see, hear, and speak to A. inside her own room. In a chilling exchange captured on the devices video recording, the hacker began shouting racial slurs at A. and encouraging her to misbehave."
The lawsuit states that there are a number of glaring flaws in Ring's security, such as allowing multiple logins from different IP addresses, not insisting on two-factor authentication and, even then, only using text messages for multi-factor login codes, leaving people open to SIM-jacking attacks.
It might take a bit more than a dashboard to fix this.
Read the original:
Beset by lawsuits over poor security protections, Ring rolls out 'privacy dashboard' for its creepy surveillance cams, immediately takes heat - The...
Start the new year, and new decade, by making your slice of the internet more secure – Times Colonist
TORONTO In a year that saw companies such as TransUnion, Facebook and Desjardins urge their Canadian users to change their passwords and monitor their financial accounts due to data breaches, it's never been more important to safeguard your personal information.
The crucial part, however, is to actually take steps to make your personal data less vulnerable to cybercriminals.
"That's really what cyber hygiene is all about," said Adrian White, director of the financial crimes division at the Canadian Bankers Association.
"You want to make sure you minimize the risks by doing things on a regular basis that keep you safe from these kinds of threats in the criminal space."
The start of a new year, and (by most accounts) the start of a fresh new decade, presents an excellent nudge to review digital passwords and take other steps to protect yourself and your finances online.
Taking action is increasingly important amid a rising number of major data breaches, leaving more sensitive data vulnerable to criminals who find devious new ways to put it all to use.
"As we move into 2020, people have less and less control over the security and privacy of their personal information," said Claudiu Popa, cybersecurity expert and CEO of Informatica Corp.
With so much out of your hands, it's important to keep control of the key points of entry for your personal online accounts.
First and foremost is updating your passwords, those jumbles of characters that you've been haphazardly managing since you went online. It's time to create a system that will carry you through the next decade with greater safety and peace of mind.
One of the best ways to create a secure password is to think of a phrase, and then use the first letter of each word with some numbers and symbols mixed in as the password. The full phrase can also be used if it is easier to remember, with some added random bits to add security.
"I've stopped calling them passwords, I call them passphrases," said Popa.
"Because the emphasis is on the most important attribute of passwords, which is length. The longer they are, the more useful they are."
Better yet, use a password manager, which can create complex passwords and them remembers them so you don't have to. There are a wide variety out there, including some quite functional free versions from providers like LastPass, KeePass, and Dashlane.
"The sooner you get comfortable with a password database the better," said Popa.
Next is your email, which is the way you access all those accounts where you've forgotten your password because you don't have a system or password manager in place.
You should keep your primary email linked to online banking and other important accounts secure by only giving it out when necessary. Have a second email for less important accounts that don't store personal data, and consider using disposable accounts when possible, said Popa.
"A lot of people just constantly give out their real, their almost permanent, their long-term personal email address because they don't know how to get a disposable one."
There are plenty of online services that let you set up a quick email address to satisfy those sites that demand an address when you don't feel you need to give one.
And while you're considering whether an email is needed, expand that assessment to any other information asked of you, whether it be a request for your email address at the big box store or a social insurance number when applying for a credit card.
The less information you give out, whether to companies or to the general public on social media, the lower the chances it will fall into the wrong hands.
Other important steps to staying secure, like keeping programs updated, checking in on your online financial accounts, being wary of what you're connecting your devices to (especially public wifi), and to generally keep a skeptical eye on everything online.
With these two main areas more secure you can venture out a little more confidently in the new year.
This report by The Canadian Press was first published January 2, 2020.
Visit link:
Start the new year, and new decade, by making your slice of the internet more secure - Times Colonist
Russia Takes a Big Step Toward Internet Isolation – WIRED
Over the holidays, the Russian government said it had completed a multi-day test of a national, internal internet known as RuNet, a bid to show that the country's online infrastructure could survive even if disconnected from the rest of the world. Though Russia claims the initiative relates to cybersecurity, researchers and human rights advocates inside Russia and around the world argue that the test underscores Russia's broader campaign to control and censor access to digital information within its borders.
Whether the Kremlin intends to fully cut Russia off from the global internet remains an open question. But through its support of purpose-built Russian services and its tech sector more generally, Russia has indisputably made significant steps toward going it alone. In early December, President Vladimir Putin signed a law that will take effect this summer requiring all computers, smartphones, and smart TVs sold in Russia to come pre-loaded with apps from Russian developers. The government is also investing 2 billion rublesabout $32 millionin a Russian Wikipedia alternative.
Those initiatives, together with increasingly isolationist infrastructure, points to a desire for markedly increased control. But analysts say that last week's test may actually reflect a gradual approach rather than a rush to separate.
"There is not that much data available, but presenting the drills that happened in late December as a real-world exercise about disconnecting Russia from the global internet is probably exaggeration. There were no user reports confirming that," says Leonid Evdokimov, a Russian security researcher at Censored Planet who formerly worked for the Tor Project and the Russian web services giant Yandex. "But the internet censorship and overall situation in Russia clearly has a chilling effect. So it seems there is no urgent need for the government to make an isolated internet right now. The current partial censorship and set of laws produce enough of a noticeable effect."
The fear is that at some point the government will trade incremental infringement for radical repression.
Over the last decade, the Russian government has worked steadily to build out legal and infrastructure-level internet controls, establishing content filters and block lists and introducing oversight mechanisms within private telecoms. In October 2018, the Russian government cut mobile data service in the Ingushetia region during political proteststhe first such internet outage in the country. Last August, the government initiated another internet blackout, this time during protests in Moscow. And in November, a new "sovereign internet" law also took effect, legalizing more radical isolation, including last week's test.
Technical challenges have slowed Russia's efforts, though. In the case of China, whose so-called Great Firewall gives the government near-absolute control over the internet, censorship and blocking infrastructure was built in from the start. In a country like Russia, where the internet grew mostly unchecked for decades, it's tougher to retrofit mechanisms for control. Take Russia's efforts in 2018 to ban the encrypted messaging app Telegram, which largely failed as Telegram and its users deployed anti-censorship techniques. Similarly, Russia's efforts to crack down on VPNs have been very problematic, but still not comprehensive.
"I dont think were going to see a large-scale shutdown in Russia or a large-scale block of big digital platforms. It isnt strategically viable," says Allie Funk, a research analyst at the pro-democracy group Freedom House, who works on an annual Freedom on the Net global assessment. "Russian users as a whole are extremely politically active and the government doesn't really want to deter foreign tech companies. So it seems like what they're trying to do is create an environment in which international or foreign platforms are more willing to comply with Russian laws."
That isn't to say the government couldn't eventually develop comprehensive control, but it hasn't yet demonstrated anything close to a full connectivity blackout or internet separation. In contrast, the Iranian government caused a total country-wide blackout in November that lasted multiple days. Iran is a much smaller and more geographically contained country than Russia, though.
Read the rest here:
Russia Takes a Big Step Toward Internet Isolation - WIRED
Industrial Internet Consortium teams up with blockchain-focused security group – Network World
The Industrial Internet Consortium and the Trusted IoT Alliance announced today that they would merge memberships, in an effort to drive more collaborative approaches to industrial IoT and help create more market-ready products.
The Trusted IoT Alliance will now operate under the aegis of the IIC, a long-standing umbrella group for vendors operating in the IIoT market. The idea is to help create more standardized approaches to common use cases in IIoT, enabling companies to get solutions to market more quickly.
This consolidation will strengthen the ability of the IIC to provide guidance and advance best practices on the uses of distributed-ledger technology across industries, and boost the commercialization of these products and services, said 451 Research senior blockchain and DLT analyst Csilla Zsigri in a statement.
Gartner vice president and analyst Al Velosa said that its possible the move to team up with TIoTA was driven in part by a new urgency to reach potential customers. Where other players in the IoT marketplace, like the major cloud vendors, have raked in billions of dollars in revenue, the IIoT vendors themselves havent been as quick to hit their sales targets. This approach is them trying to explore new vectors for revenue that they havent before, Velosa said in an interview.
The IIC, whose founding members include Cisco, IBM, Intel, AT&T and GE, features 19 different working groups, covering everything from IIoT technology itself to security to marketing to strategy. Adding TIoTAs blockchain focus to the mix could help answer questions about security, which are centrally important to the continued success of enterprise and industrial IoT products.
Indeed, research from Gartner released late last year shows that IoT users are already gravitating toward blockchain and other distributed-ledger technologies. Fully three-quarters of IoT technology adopters in the U.S. have either brought that type of technology into their stack already or are planning to do so by the end of 2020. While almost two-thirds of respondents to the survey cited security and trust as the biggest drivers of their embrace of blockchain, almost as many noted that the technology had allowed them to increase business efficiency and lower costs.
See original here:
Industrial Internet Consortium teams up with blockchain-focused security group - Network World
‘This Is the Beginning’: Hackers Claiming to Be from Iran Take Over U.S. Government Website – PJ Media
At around 8 p.m. Saturday, hackers breached and defaced the website of the U.S. Federal Depository Library (USFDL), posting a graphic image of President Trump being punched in the face and announcing, "This is a message from Islamic Republic of Iran."
U.S. officials have not confirmed that the attack on the website of USFDL, a program created to make federal government publications available to the public at no cost, came from Iran, but the hackers claim to be avenging the death of Qasem Soleimani, the brutal Iranian terrorist who was killed in a U.S. airstrike at the Bahrain Airport in Iraq early Friday morning.
About an hour after the attack on the little-known USFDL website, the Iranian propaganda had been removed and the website was offline, displaying a Cloudflare error message. (Cloudflare is an internet security and DDoS mitigation provider that protects websites from malicious attacks.)
Visitors to the fldp.gov site Saturday night were greeted by a black screen displaying the flag of Iran and the words "in the name of god," along with messages warning: We will not stop supporting our friends in the region: the oppressed people of Palestine, the oppressed people of Yemen, the people and the Syrian government, the people and government of Iraq, the oppressed people of Bahrain, the true mujahideen resistance in Lebanon and Palestine [they] always will be supported by us."
Below that was an image or President Trump being punched in the jaw by a fist displaying Iran's Revolutionary Guard insignia.
"Martyrdom was his (Shahid Soleymani) reward for years of implacable efforts. With his departure and with God's power, his work and path will not cease and severe revenge awaits those criminals who have tainted their filthy hands with his blood and the blood of the other martyrs of last night's incident," the message read. "Hacked By Iran Cyber Security Group HackerS... This is only small part of Iran's cyber ability! We're always ready... to be continues... We Are: Iranian Hackers... #Hard revenge... #ICG - #SpadSecurityGroup."
The attack on the federal website came two hours after President Trump warned on Twitter that Iran "WILL BE HIT VERY FAST AND VERY HARD" if they strike American assets or targets.
"Iran is talking very boldly about targeting certain USA assets as revenge for our ridding the world of their terrorist leader who had just killed an American, & badly wounded many others, not to mention all of the people he had killed over his lifetime, including recently hundreds of Iranian protesters," the president wrote on Twitter. "He was already attacking our Embassy, and preparing for additional hits in other locations. Iran has been nothing but problems for many years."
"Let this serve as a WARNING that if Iran strikes any Americans, or American assets, we have targeted 52 Iranian sites (representing the 52 American hostages taken by Iran many years ago), some at a very high level & important to Iran & the Iranian culture, and those targets, and Iran itself... The USA wants no more threats!"
A former senior U.S. government national security official told Fox News' Leland Vittert, "It has the feel of being pretty insignificant...they just hacked a website that most Washington insiders dont know existed...Honestly, this is not very hard...this website had very weak security." The source told Vitter that the attack likely did not come from the Iranian government directly, rather from sympathizers or a proxy group.
The chief public relations office for the U.S. Government Publishing Office told Fox News: An intrusion was detected on GPOs FDLP website, which has been taken down. GPOs other sites are fully operational. We are coordinating with the appropriate authorities to investigate further.
Security experts have warned that Iran could launch cyberattacks in response to the death of Soleimani. While Saturday's attack appears to be rather unsophisticated, the fear is that hackers with more advanced skills could inject malware into websites and cause major disruptions of U.S. infrastructure or the financial and energy sectors.
State-sponsored Iranian hackers have proven successful in the past. In 2016, seven Iranians "conducted a coordinated cyber attack on dozens of U.S. banks, causing millions of dollars in lost business, and tried to shut down a New York dam, the U.S. government said on Thursday in an indictment that for the first time accused individuals tied to another country of trying to disrupt critical infrastructure," according to a Reuters report.
Christopher C. Krebs, Director of the Cybersecurity and Infrastructure Security Agency (CISA), warned that Iran could target U.S. assets to avenge the death of Suleimani.
"Given recent developments, re-upping our statement from the summer," Krebs warned on Twitter."Bottom line: time to brush up on Iranian TTPs and pay close attention to your critical systems, particularly ICS.Make sure youre also watching third party accesses!"
In June, CISA warned that Iranian actors or proxies could attack U.S. targets utilizing destructive "wiper" tools.
CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies," CISA said.Iranian regime actors and proxies are increasingly using destructive wiper attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where youve lost your whole network."
In times like these its important to make sure youve shored up your basic defenses, like using multi-factor authentication, and if you suspect an incident - take it seriously and act quickly," the statement concluded.
John Hultquist, director of intelligence analysis at cybersecurity firm FireEye warned, "We will probably see an uptick in espionage, primarily focused on government systems, as Iranian actors seek to gather intelligence and better understand the dynamic geopolitical environment. We also anticipate disruptive and destructive cyberattacks against the private sphere."
"Iran has leveraged wiper malware in destructive attacks on several occasions in recent years," he explained. "Though, for the most part, these incidents did not affect the most sensitive industrial control systems, they did result in serious disruptions to operations. We are concerned that attempts by Iranian actors to gain access to industrial control system software providers could be leveraged to gain widespread access to critical infrastructure simultaneously. In the past, subverting the supply chain has been the means to prolific deployment of destructive malware by Russian and North Korean actors.
While Saturday's attack on a minor federal agency seems insignificant, it could be a harbinger of more sophisticated Iranian cyber attacks in an effort to hurt the U.S. in response to the death of Iran's top terrorists.
"The Department of Homeland Security stands ready to confront and combat any and all threats facing our homeland," Acting Secretary Chad F. Wolf said on Friday. "While there are currently no specific, credible threats against our homeland, DHS continues to monitor the situation and work with our Federal, State, and local partners to ensure the safety of every American."
Read the original:
'This Is the Beginning': Hackers Claiming to Be from Iran Take Over U.S. Government Website - PJ Media
Virus-Crippled Travelex Was Running Windows 8, RDP Connected to Internet – Computer Business Review
Add to favorites
Users left stranded with no access to FX
Three days after foreign exchange provider Travelex pulled its systems offline after discovering a software virus on New Years Eve, the companys UK website remains unavailable and partners from Barclays to Travelex have been unable to offer online currency services through Travelex, which provides them with FX services.
Security experts say the company which is FCA regulated and was running a payment platform on AWS appears to have showed signs of poor network segmentation.
As Drew Perry, CEO of security firm Tiberium noted to Computer Business Review: Its digital transformation appears to have only covered its http://travelex.com estate (hosted on AWS using Cloudfront) while its UK domain remains down and is hosted on its own BT provided IP, so this server must be linked to internal infrastructure.
Travelex appears to have recently created https://response.travelex.co.uk, with its UK site still returning an IIS error page: even the companys investor relations pages remain offline.
Security researcher Kevin Beaumont meanwhile noticed that Travelexs AWS platform had Windows servers with RDP enabled to internet and NLA [network location service] disabled, oops.
Travelex also appears to have been running Windows Server 8 aging software that will see security support end on January 14. Insiders confirmed to Computer Business Review that it was a ransomware attack and said they understood it to have been the Sodinokibi variant, although they were not able to confirm this.
One staffer told us: Global Travelex sites are offline (excluding those operated by partners South Africa, Brazil). Services also offline include partners who whitelabel the service including Barclays, HSBC, FirstDirect, Tesco, ASDA, Sainsburys, Virgin Money, NatWest, RBS, Manchester Airport and Heathrow.
They added: Oddly their dev centre site reports no service issues probably not a priority. Right now, theres little else to tell as staff are kept in the dark.
The company is the worlds largest foreign exchange specialist, with almost 800 retail branches in more than 26 countries. It is owned by Indias Finablr, an LSE-listed financial services company that owns a range of payments and FX brands.
Many customers reliant on Travelexs cards meanwhile have been left stranded overseas without access to foreign currency.
Security experts say such attacks increasingly come at the end, rather than the beginning of targeted system intrusions, with such payloads triggered after system surveillance and in some instances data exfiltration.
Travelex provided few details about the incident, saying that the unnamed virus had compromised some of its services. It added: As a precautionary measure in order to protect data and prevent the spread of the virus, we immediately took all of our systems offline, saying that it believes no customer data has been stolen.
Customers took to social media to castigate the company for its response. One, Matt Bartlett, said he had been stuck in Canada for four days as a result.
The incident comes less than 24 months after Travelex leaked the details of nearly 17,000 Tesco Bank customers. (Travelex provides Tesco Banks FX services).
Recent ransomware strains are increasingly sophisticated, for example bypassing Windows protections by immediately rebooting computers and running them in safe mode, where end-point protection software doesnt run.
As Aron Brand, CTO at IsraelsCTERA told Computer Business Review last week, robustly protected back-ups are an essential prerequisite for a rapid recovery after a ransomware attack.
He said: Make sure all of your data is reliably backed up and physically separated from the main dataset, with backup versions in a read-only repository. In the event of an attack, you can rollback to an uninfected file version and be up and running quickly.
He adds: If your data is outside your firewall, it must be encrypted. Keys should be generated and managed internally by trusted individuals, separate from any third-party service to ensure total data privacy.
Updated 23:00 January 4, 2019, corrects Travelex owner to Finablr.
Banner image credit Tejvan Pettinger, Creative Commons, 2.0, Flickr.
See more here:
Virus-Crippled Travelex Was Running Windows 8, RDP Connected to Internet - Computer Business Review
From the archives: Top ten WSU stories of the decade – – The Wright State Guardian
After going through The Wright State Guardians archives, several stories stuck out more than others. The university has seen many highs and lows in the last decade.
WebCT was a program that had been used by students and faculty since 2003. This article describes how Pilot was similar to WebCT but more capable and easier for students and faculty to use. Wright State has been using for Pilot for almost the whole decade.
The Wright State Research Institute was started in 2007. At the time of publication, only 47 people worked at The Wright State Research Institute. During the fiscal year 2010, The Wright State Research Institute generated $3.4 million, and for fiscal year 2011, $6 million was generated in just six months.
The $6.4 million in research money was spread between two contacts, one focused on neuroscience and medical imaging and one focused on intelligence technologies. The contracts were set to be worked on for the next five years. In 2018, The Wright State Research Institute employed 85 people.
Internet security bill sent to US Senate could affect the privacy of internet users alike if passed, 2012
The internet has changed and evolved so much in the past decade. 2012 was a year for big internet security debates. The internet security bill being discussed in this article was the Cyber Intelligence Sharing and Protection Act.
The Raiders have seen good and bad years for our Mens Basketball team.
2010-11: fifth in the Horizon League
2011-12: eighth in the Horizon League
2012-13: third in the Horizon League
2013-14: third in the Horizon League
2014-15: eighth in the Horizon League
2015-16: second in the Horizon League
2016-17: fifth in the Horizon League
2017-18: second in the Horizon League
2018-19: first in the Horizon League
Wright State has seen several different presidents and administrative changes throughout the decade. This article discusses the various plans and projects that were put in action to maintain affordability, quality of education, growth on campus, branding and accessibility.
The decade saw a drastic rise in gas prices and then a drop in prices.
This article details the story of the Chairman of the Board of Trustees at the time, Michael Bridges, participating in a vote which in turn lead to the hiring of his son, David Bridges, for a university position. Violation the state nepotism laws is considered a fourth-degree felony.
Wright State has seen many administrative changes and is about to see another as Susan Edwards will be taking the position of president in January.
2019 saw a faculty strike that made history in Ohio. For almost two years leading up to this, WSU-AAUP and Wright State Administration had been struggling to agree on contract negotiations. Starting in 2016, Wright State had been dealing with a financial crisis regarding a $30 million structural budget deficit. The strike lasted 20 days and left some students with no professors in the classroom.
Our new and current President Susan Edwards was named in 2019. Edwards was the executive vice president for academic affairs and provost of Wright State before being named as the new president.
WSU has experienced many changes throughout the decade. The university will continue to evolve and change in 2020 and the next decade.
Follow this link:
From the archives: Top ten WSU stories of the decade - - The Wright State Guardian