- RSS Channel Showcase 8520517
- RSS Channel Showcase 8955736
- RSS Channel Showcase 7450691
- RSS Channel Showcase 7690077
Articles on this Page
- 10/10/17--19:04: _2017 年 9 月の最新インテリジェンス
- 10/10/17--21:22: _Microsoft Patch Tue...
- 10/12/17--09:59: _Symantec Wins Box T...
- 10/12/17--17:38: _マイクロソフト月例パッチ（Micros...
- 10/12/17--17:41: _微软“周二补丁日” — 2017年10月
- 10/12/17--18:21: _A Safe and Secure S...
- 10/13/17--08:45: _Why Companies Need ...
- 10/13/17--09:55: _Ambient Security: H...
- 10/16/17--06:08: _KRACKs: What you ne...
- 10/16/17--11:26: _DreamBot Shines a L...
- 10/16/17--18:41: _KRACK: Wi-Fi 暗号化で見つ...
- 10/17/17--04:08: _Necurs attackers no...
- 10/17/17--12:54: _Do Work!
- 10/17/17--18:10: _KRACK：新无线网络加密漏洞需知
- 10/17/17--21:00: _Necurs网络攻击者正试图窥视您的桌面
- 10/17/17--22:01: _被害者のデスクトップ情報を狙うようにな...
- 10/18/17--05:52: _Android malware on ...
- 10/18/17--15:33: _IoT Devices: Do You...
- 10/18/17--19:23: _Google Play上的安卓恶意软件...
- 10/18/17--20:26: _Android を狙い、デバイスをボッ...
- 10/10/17--19:04: 2017 年 9 月の最新インテリジェンス
- 10/10/17--21:22: Microsoft Patch Tuesday – October 2017
- 10/12/17--09:59: Symantec Wins Box Trust Partner of the Year
- 10/12/17--17:38: マイクロソフト月例パッチ（Microsoft Patch Tuesday）– 2017 年 10 月
- 10/12/17--17:41: 微软“周二补丁日” — 2017年10月
- 10/12/17--18:21: A Safe and Secure Shelter
- Safeguarding a Smooth Transition: Protecting an Inland Empire nonprofit providing relevant work skills to underprivileged populations
- A Safe Haven for Youth and Their Data: Norton Small Business protects sensitive information for youth-focused nonprofit
- Growing up Safe and Unafraid with Symantec: A spotlight on Military Veterans Against Child Abuse
- Planting the Seeds for a Safer Future: Symantec proudly supports the Fruit Tree Planting Foundation fulfill their mission
- 10/13/17--08:45: Why Companies Need to Sound a Cybersecurity Wake-Up Call
- 10/13/17--09:55: Ambient Security: How It Can Help You Secure IoT
- 10/16/17--11:26: DreamBot Shines a Light on the Need for Transaction Verification
- 10/16/17--18:41: KRACK: Wi-Fi 暗号化で見つかった新しい脆弱性についての基礎知識
- 10/17/17--04:08: Necurs attackers now want to see your desktop
- 10/17/17--12:54: Do Work!
- Define your career focus
- Research, learn, and assess
- Read and write
- Formulate a view of the attack
- Make friends, make lots of different friends
- Don’t be afraid to be wrong
- 10/17/17--18:10: KRACK：新无线网络加密漏洞需知
- 10/17/17--21:00: Necurs网络攻击者正试图窥视您的桌面
- 10/17/17--22:01: 被害者のデスクトップ情報を狙うようになった Necurs
- 10/18/17--05:52: Android malware on Google Play adds devices to botnet
- 10/18/17--15:33: IoT Devices: Do You Have What It Takes?
First, recognize that as technology pushes forward, more smart devices are inevitably going to wind up in your home. In my house, for example, I have 5 PCs, several cell phones connected to WiFi, a couple of smart TVs, a cable box, an Xbox player and an Apple TV device - all connected to the internet. Until I actually took an inventory, I had no idea that the number of connected devices was this high. I’m sure that's also the case with a lot of you.
Don’t stick with the default password on your router. This is the front door to your home network and it’s crucial to protect that device. Yet 34% of the end users we sampled recently said they still use the default password that came with their routers.
When choosing a home router, make sure there’s some kind of protection beyond a simple firewall and that it can self-update.
Password-protect all of your IoT devices. Get a password manager if you need help. But by all means, don't reuse the original password.
Configure your Wi-Fi network to use encryption. It’s OK to be a little paranoid.Malicious hackers are lurking everywhere so don’t make it easy for them.
Don’t connect any IoT devices to the internet if they don’t need to be connected. You’re simply reducing the odds of coming under attack.
- 10/18/17--19:23: Google Play上的安卓恶意软件可将设备添加至僵尸网络
- 10/18/17--20:26: Android を狙い、デバイスをボットネットに組み入れようとするマルウェアが Google Play に出現
9 月には、Dragonfly グループの新たな活動が明らかになり、複数の Locky スパム攻撃も新たに始まりました。
This month the vendor has patched 62 vulnerabilities, 27 of which are rated Critical.
Symantec just won the Box Technology Partner of the Year award in the category of Trust and Security. We've had a great year working with Box on technology integrations and go to market activities. Box is an Elite Partner of Symantec for good reason.
Our CloudSOC Cloud Access Security Broker (CASB) and Data Loss Protection (DLP) solutions have included Box integration for some time and this year we expanded our integrations and partnership activities even further. Most recently we added integration with Box Data Governance to offer more visibility and policy enforcement options for governing sensitive content in Box so our shared customers can automatically identify, classify and enforce policy controls over sensitive data with native Box classifications using the industry-leading Symantec CloudSOC CASB and Symantec DLP. You can get more details on this recent integration in our Symantec + Box blog post here.
By partnering with Box on an integrated solution, we can offer our shared customers the advantages of the native Box platform security capabilities with the automated policy controls and visibility of Symantec CloudSOC CASB and fine-tuned enterprise-wide content policies of Symantec DLP. Here's a recent blog post from Box on our expanded partnership around content security.
Thank you Box! You are a great partner to work with, both from a technology integration perspective and as an organization of good people. We look forward to continuing our excellent relationship with you in the year to come.
今月は、62 個のパッチがリリースされており、そのうち 27 件が「緊急」レベルです。
Product donation is Symantec’s largest mechanism to support the nonprofit community and help nonprofits fulfill their missions. In partnership with TechSoup, each year we provide cybersecurity solutions to more than 25,000 organizations across 55 countries worldwide, allowing them to secure their most important data wherever it lives. Since launching the software donation program in 2002, Symantec has helped more than 93,000 nonprofits solve today’s biggest security challenges and protect against the ever-evolving threat landscape.
Founded in 1976, Citizens Against Physical and Sexual Abuse (CAPSA), works to provide safe, caring, and confidential shelter, advocacy, and support for victims of physical and emotional domestic violence and sexual assault; and to reduce incidents of abuse through prevention education. Serving a small community in Northern Utah, the organization is up against significant odds—nationally one in four women, and one in seven men, will experience domestic violence in their lifetimes.
CAPSA is an organization that continually has more needs than resources in trying to help those suffering from abuse. Even with limited resources and funding, the nonprofit is able to provide advocacy, counseling, safety planning, and both temporary and long-term shelter for almost 1,000 people each year. The group also educates thousands of youth a year, channeling tens of thousands of volunteer hours towards this cause.
Data security is critical for CASPA
With this type of work, CAPSA has some demanding computer, network, and information system challenges and needs. According to James Boyd, CAPSA’s Development Director, “The feeling of safety and security is something we’re trying to provide our clients. We’re dealing with people who sometimes come in afraid for their lives, afraid someone will find out their location. In fact, the Center for Disease Control and Prevention put out a study that indicates when someone leaves an abusive relationship, the chances of being killed increases significantly. We have a safe and secure shelter, we teach people safety planning, and as an organization, we need to know our data is secure. Maintaining the security and safety of our confidential and sensitive data is a big part of what we need, and a big part of what we need to be able to provide our clients.”
James went on to describe how a data security breach would affect the grants that sustain the organization financially. “If our data was breached, I’m confident that most, if not all, of our grants would pull out. That would mean immediately losing services for clients—thousands of people each year wouldn’t get support or services they need,” he said.
CAPSA began using Symantec's Endpoint Protection (SEP) for small businesses a couple of years ago after experiencing considerable downtime as workstations became compromised. Due to limited funds, in the past they used free or trial versions of anti-virus software, and were continually hit with malware attacks. Their email accounts were hacked, sending out private information and spam emails, negatively affecting their reputation, and more importantly, putting lives in danger.
Their part-time information systems manager David Sullivan spent multiple days after each attack reinstalling a clean version of the operating system and software. This tedious and time-consuming process also left employees without their computers for several days. David then started looking for a solution that would protect their confidential information, keep the organization running smoothly, and could be both deployed and maintained easily.
David chose SEP, through Symantec’s software donation partnership with TechSoup. “Symantec’s Endpoint Protection has done a superb job of keeping our sensitive and confidential information safe, preventing malware and other issues that cause down time in our computers and systems. The ease in which I was able to deploy SEP, and the way it can be centrally managed through an online portal has been wonderful. It has helped our staff stay focused on the individuals and families they support, and has helped me focus on providing the information systems improvements that help them best do their jobs.”
Saving lives one-by-one
James also estimates that through SEP, each year the organization saves $1,000—which directly equals sheltering one more individual per year. That one person is someone like the young mother who walked through the snow and slush barefooted with her two children last winter to escape abuse. “Luckily she ran into a stranger who knew about us and was able to get her to CAPSA. We helped her work to overcome barriers that often times cause people to go back to violent situations. We helped her get a job, helped her get housing, and gave her and her older child therapy. She’s now living in a CAPSA-owned house and she’s doing well. To see that whole cycle is amazing,” says James.
Domestic violence happens more than we realize: according to CAPSA half of all homicides in the U.S. are domestic violence related. In Utah, CAPSA relies on Symantec to keep their systems and their clients’ information secure, while the organization and its volunteers work tirelessly on their mission of providing safe, caring, and confidential shelter for victims of abuse, ultimately saving people’s lives.
Learn more about some of the many nonprofits utilizing Symantec products through Symantec’s partnership with TechSoup:
Despite the growing number of high-profile data breaches - Equifax being the most recent big victim - cybersecurity awareness still remains a back-burner issue at many organizations.
More often than not, management relegates the topic to an annual training event, one that most employees are all too happy to ignore.
When MediaPro, a company specializing in cybersecurity awareness training, investigated the level of cyber awareness, it found that seven in 10 employees lacked the basic awareness to stop preventable cybersecurity incidents. Their report also judged the average respondent to be dangerously close to making one mistaken decision that might trigger a security or privacy incident. These included working remotely on unsecured public WiFi hotspots (19%), failing to recognize common signs of malware (12%), and participating in risky social media behavior (20%).
Most companies don’t do more either because they think their investment in IT security infrastructure offers enough of a shield or because they don’t have sufficient funding or C-level backing to engage in formal cybersecurity awareness training. Many also believe that having a security policy employees can reference on occasion is enough of a deterrent.
"There’s an attitude of immunity," according to Kevin Beaver, founder and principal information security consultant at Principle Logic LLC. "Many organizations believe they aren’t targeted or won’t get hit."
It’s up to the organization’s leadership to inculcate cyber awareness early on, starting with the candidates they interview during the hiring process. Then it’s up to them to put the right policies and programs in place to make this second nature.
But while companies have become more rigorous about securing their IT infrastructure in recent years, they haven’t shown the same due diligence in creating awareness programs that reinforce the technology by adequately engaging and informing users about risky cybersecurity behavior, experts say.
"Current cybersecurity awareness training, if it actually exists at all, is inadequate," said Adam Godfrey, a cybersecurity policy consultant. "The majority of approaches are minimalist—maybe an annual refresher course or a PowerPoint presentation that serves to check the box that training technically took place. The reality is they have no purpose beyond that."
Inform and Delight
Standard informational tools like policy documents or training courses simply don’t go far enough in grabbing employees’ attention and providing working knowledge of how to avoid or ward off threats. However, for organizations willing to go beyond traditional tactics, there are new gamification and behavioral awareness techniques that are proving to be more effective tools in combating cybersecurity threats.
Consider phishing attacks, one of the most prevalent attack vectors. Instead of simply talking about the threat or providing background reading material, some organizations now conduct mock phishing scenarios to give employees first-hand experience with what an attack looks and feels like.
Couple the hands-on approach with gamification tactics and a reward system (awarding gift cards or a catered lunch to the winners, for example) and all of the sudden, employees are highly motivated to become cybersecurity subject matter experts, Godfrey says.
"By actively engaging users in this manner, they remain on their toes in anticipation of future attempts," he explains, adding that gamification removes monotony and boredom from the equation. "It encourages participation in something that would otherwise be dry and disengaging. It forces the user to interact with the training rather than mindlessly clicking through it or zoning out until the end of the session."
Making cybersecurity awareness fun—and funny—is another way to break the tedium of traditional training. Leveraging short-form videos, keeping things light, and creating social media content destined to go viral is an effective way to keep employees from tuning out. It also helps to leverage a campaign approach to get the message out while conducting awareness training on a continuous basis, notes Tom Pendergast, CTO at MediaPro, which helps companies create cybersecurity awareness programs.
"We’ve been using tactics like advertising and public relations forever to get people to pay attention, although historically we haven’t applied those domains to run security awareness programs," he said. "The more progressive and risk-adverse companies recognize that there’s got to be a year-round program communicating about cyber security in a variety of modalities using humor and getting influential people in the organization involved in the conversation."
Deb Walter, a manager of information security policy, standards, training and awareness for AmerisourceBergen, says her company is taking just that approach. The firm has been working to mature its awareness strategy, working with MediaPro to create courses for targeted areas of security awareness training, but also to put a program in place to cover the basics for new hires.
"We do regular, mandatory phishing training on a regular basis and on-going publishing of security-focused content on our website, among other things," Walter said. She added that the drug wholesale company is making role-based training a priority.
"It’s still early in the maturation process, but we’ve gotten lots of great feedback from employees about the training, particularly since it’s short and interactive," she said. "We’re continuing to focus on keeping it brief and engaging for maximum retention."
After spending a good part of my career doing serious embedded security engineering, I once confidently believed it was possible to build serious security into (nearly) any kind of thing.
Yet each day, it seemed, there was a new kind of item to secure. Like the film character “Neo,” we’ve become wired into a 24 x 7 digital matrix of constant connectivity with networked lights, locks, heating-cooling systems, cameras, and a variety of other smart “things” to secure.
It took me more than a year to realize that I couldn’t possibly build security into all of the - literally - billions of things coming online, each with their own operating systems or embedded applications. That would take more than a lifetime.
But if the long-term goal of absolute cybersecurity in the Internet of Things era remains beyond our grasp for now, there may still be another way to move closer to that target. The fact that we’re already constantly connected and able to participate in a seamless experience - an ecosystem of devices we call ambient computing - offers the theoretical hope that we can do the same for security.
Think about it this way. What if your device was connected to a cloud-based service that delivered “always on” security? What’s more, the device wouldn’t be able to connect to anything except through that particular security service, which would offer full protection against any imaginable cyberattacks cooked up by the bad guys.
This isn’t fantasy. We already do something similar for laptops, smartphones, and tablets with “firewall as a service” offerings. Many enterprises also use cloud-based services with global deployments of security hardware so that wherever they connect, employees are connecting through these security sites.
Some may be connecting over an untrusted local connection but that’s why those services set you up with a “personal” crypto connection, thus eliminating the need to trust a particular local network. What’s more, everything is encrypted from the device to a secure site which deploys security hardware to protect users from potential attack.
Of course, firewalls aren’t enough. That’s why such services seriously need things like full proxies and careful “key management.” That allows the security hardware to even defend against attacks tunneling through encrypted web connections. Fortunately, this exists today in commercial services like our own Web Security Service (WSS) as well as offerings by other security providers.
The Road Ahead
Where do we head from here? I see three possibilities.
If your company makes IoT devices, be sure they only connect through such security services. It should be up to the manufacturer, not the end-customer, to decide whether or not their “things” connect to security services - or to anything else.
If you or your company buys IoT devices, don’t be bashful. Tell your suppliers that you want products configured so as to only connect to cloud-based security gateways that protect them. If a supplier can’t do that, put them on notice that the clock is ticking. Let them know that you’ll only source products in the future from vendors that are serious about IoT security. While we’re at it, consider this: If a vendor is unable to configure their devices to connect to a simple cloud-based security service, can you really trust them to deal with the harder aspects of security?
We can glimpse a better security future over the horizon. So, whether you make or buy IoT devices, let’s team up and further the research into how to make seamless, “always on” ambient security better. Symantec collaborates with countless universities and customers and we regularly share our research with the industry. Even if someone else manages to find an answer, we’d still be flattered and grateful that you chose to join us on the journey. After all, we all share the same goal of making a better, more secure world.
Wi-Fi security under threat from newly discovered WPA2 vulnerabilities
First confirmed in Japan in December of 2016, the DreamBot Trojan infected computers and tricked victims into giving up their credentials and one-time passcode, which a criminal group used to siphon off funds.
* Mainichi Japan October 5 2017
By the time Japan’s Metropolitan Police Department announced, on October 5, 2017, that it had exposed the criminals, the group had pilfered a staggering 240 million yen (approximately US$2.1 million) from consumer accounts. DreamBot exposed the need for banks to move away from one-time passcodes (OTPs) as their only two-factor authentication for access and embrace a strong form of transaction verification.
Strong Authentication for Access
DreamBot was a man in-the-browser attack, facilitated by malware installed on a Windows machine. Traditional OTP has never been the right security measure to protect against man-in-the-middle or man-in-the-browser attacks. Given the growing scale of data breaches, banks, in particular, have an obligation to implement stronger security measures to protect sensitive consumer accounts. Banks need to leverage a multifactor authentication (MFA) solution that provides a secure out-of-band authentication method for both account logon as well as transaction verification. Whether the action is a password reset or a wire transfer, banks need to require two-factor authentication on any risky actions to confirm their legitimacy.
Contextual Authentication for Transactions
The DreamBot attack could have been mitigated had unsuspecting users received a push notification asking them to confirm the (malicious) account activity. While human error cannot be completely eliminated, the vast majority of transfers would have been stopped when users recognized the malicious activity and denied the unauthorized request.
If the transaction details match what you were submitting—for example, “Transfer $100 to my friend’s account”—then a simple Accept on your smartphone will let the transaction proceed. If the details have changed—for example, “Transfer $10,000 to an unknown account”—then a Deny will stop it dead in its tracks. Assurance is provided through the user response from a unique, secure device, answered by the intended human that previously linked this device to the account. The attacker cannot compromise both communication channels (web and mobile) without significant effort.
Choosing the Right Authentication Solution
When selecting a strong, out-of-band authentication software method, look for security vendors with proprietary technology, which is unique and cannot be cloned. When implementing a soft authenticator solution, ensure your authentication vendor leverages the Trusted Execution Environment (TEE). We believe a TEE-protected soft authenticator approach is more secure than a dedicated hardware approach because it resides in a full-stack computing platform that enables secure updates, such as secret rotation, which can quickly mitigate possible threats.
Banks also need to consider vendors that offer complementary security services. DreamBot took advantage of compromised Windows machines—it is as critical to protect user devices as it is to protect user credentials.* Consider authentication vendors who can provide malware detection for all user devices. Soft authenticators are oftentimes hosted on mobile devices so choose a vendor that can check for mobile risk factors and ensure good device hygiene. Mobile device risk factors include outdated operating systems, jail-broken or rooted phones, and debuggers or other development tools.
Last, banks should ensure any security solution easily fits with their consumer-facing applications. Look for a scalable solution that delivers strong, out-of-band authentication and device protection using supporting APIs and advanced business logic. By building these capabilities into their applications, banks can preserve the user experience while promoting their brand.
By leveraging all the above-mentioned security capabilities for access control and transaction verification, banks can greatly decrease the attack surface and protect themselves and their consumers from future criminal activity.
*Japan Cybercrime Control Center has a page that enables user to check if their computers are infected
WPA2 で新たな脆弱性が見つかり、Wi-Fi のセキュリティが脅威にさらされています。
The Necurs botnet is back again, this time spreading a downloader that takes screen grabs of victims’ desktops and reports encountered errors back to the attackers.
By Jonathan Omansky, Senior Director, Development, Security Technology & Response Team
Symantec’s Jonathan Omansky provides a simple set of steps to launch a career in cyber security and to address the critical shortage of qualified cyber security professionals. Check out his first article on how to break into the cyber security field. This week he focuses on step two: research, learn, and assess—and most importantly, do work!
I was raised to know that education and hard work provide opportunities. If I didn’t know how to do something, I learned it through whatever means possible. If books or teachers weren’t available, I’d watch someone (or three people if need be) do a task and then emulate what I saw. I’d read up on a topic, try different ways of getting something done, and learn from my errors.
Let’s use learning how to build an automobile engine as an example. It’s a big job and what I quickly learned is that all big goals need to be broken up into smaller, more digestible chunks of learning. I also learned that I didn’t need to know how to construct the whole engine at first. Instead, I started by focusing on my needs at the time. For instance, I could start by learning how to change the oil or replace a spark plug, completing smaller tasks that allowed me to move forward towards my ultimate goal.
This approach is no different in security. It may seem daunting to learn how to code, to reverse engineer, or to construct a sound security architecture system. If you have interest and ability, the great thing about the security field is people are hiring even if you only currently know how to “change the oil”. Opportunities in cyber security exist at all levels, and now is the best time to jump in!
This brings me to my next bit of advice for those keen on entering our field. Below you’ll find six simple steps to launch a career in cyber security and in this article, I’ll cover the second step, research, learn, and assess, in detail.
#2. Research, learn, and assess
If you haven’t already selected an area of focus based on my previous blog recommendations, or are overwhelmed by the process of choosing an area, this approach might help.
Many of the interns I’ve mentored—from colleges, prep schools, retraining programs, and other learning institutions —came into their internships with no exposure to security at all. In these situations, the first thing we work on is finding an area of security that interests them. To do this, I give all interns a learning task, for example, reading up on the latest corporate hack or information leak.
You can find these examples using resources like RSS feeds or news aggregators and focusing your reading on all things cyber security. This is one of my favorite news feeds and Symantec’s own Security Response blog is a great place to start. Twitter is also an excellent resource for reading up on the latest cyber security news. Find a handful of well-known cyber security professionals (including yours truly @jomansky), follow them, and the add some of their followers.
From there I ask them to break down the technical aspects of the story, focusing on things like: why the topic is important; what the risks are and who is at risk; how to detect the threat; and how to protect against it. This process often helps students find topics they are excited to learn about, and provides me with an opportunity to shape their internships.
Once you’ve defined your focus, it’s up to you to dive in and learn to “change the oil”. Let’s use incident response (IR) as an example. There are a ton of books, blogs, videos, and other learning materials that provide the basic steps on responding to an incident. These tools vary in length and complexity, and once you’ve explored a handful you’ll begin to see a pattern. You’ll learn about IR fundamentals from the perspective of a CSO, a CISO, a junior analyst, a government worker, and more.
It’s also helpful to review articles about actual incidents across different business sectors. Reading the analyst’s view of a particular incident can help you learn what he or she did right or wrong, where technology played a role, and where it was a people or process breakdown. This should give you a sense of what responding to an incident looks like, and give you insight into how to correct specific problems from happening again.
Learning about IR strategies is a great first step. When paired with technical awareness of the tools an incident responder might use to do the job, many of which are free or have trial versions along with demos, you are on your way to your first career opportunity in cyber security.
After researching security areas, and learning all you can, I next suggest assessing where your knowledge gaps are, and filling them. Focusing on what you’re missing can help ensure you have the full range of knowledge on a topic and that you can speak to it when asked in an interview. Taking incident response as our example again, review the duties and expectations of a dozen incident responder-related jobs, to see where you still need to build skills. Focus on what you’re missing and how you plan to gain that knowledge. The information is out there; go get it!
Though we focused on only one particular category of the cyber security space, incident response, as our example, the approach is the same for all positions, even the more technically advanced roles. The tools and knowledge are available and the cyber security skills gap in today’s job market needs to be filled. It’s up to you to grab this information, learn it, and get your foot in the door.
Follow our CR in Action blog for more on how to launch a cyber security career. Interested in a career in cyber security? Learn more about the Symantec Cyber Career Connection(Symantec C3), which provides a mix of targeted classroom education, non-technical skills development, and cyber security internships to position students to fill in-demand cyber security
先ごろ復活した Necurs ボットネットが、また新たなダウンローダを拡散しています。被害者のスクリーンショットを取得し、発生したエラーのレポートを攻撃者に送り付けるという特異なダウンローダです。
Symantec has found eight apps infected with the Sockbot malware on Google Play that can add compromised devices to a botnet and potentially perform DDoS attacks.
Week in, week out, the TV series, “Mr. Robot,” introduces fans to the darker side of our connected world. It makes for great entertainment but fun aside, the show’s plots aren’t far from fantasy.
When the hackers led by Mr. Robot decided to force the general counsel for E Corp out of her home, for example, they simply exploited a variety of unpatched devices to make their victim’s various “intelligent” devices suddenly go bonkers.
Too much? Maybe, but give Hollywood credit for having its collective finger on the pulse of an important security issue. As more smart things wind up in our homes and offices as part of the Internet of Things, we need to do better protecting these new endpoints - because there are going to be lots of them. In fact, Juniper Research estimates the number of IoT devices will more than double between 2015 and 2020 to 38.5 billion.
Are we ready for a challenge of that magnitude? I want to be optimistic, but frankly, the road ahead is going to get bumpy.
Rolling the Dice
Consider the way that the Conficker worm (sometimes also known as Downadup or Kido) continues to enjoy a Lazarus-like resurrection. Conficker, which began around 2008 was seemingly neutralized after the cybersecurity industry joined forces with overseas governments and cut off the worm’s access to internet domains.
Game over? Well, not exactly.
One of the lessons taught by WannaCry is that worms can infect a large number machines very quickly and have incredibly long lives. They self-propagate and never give up; as long as a device remains infected, they try and infect other devices.
It’s hardly shocking to learn that Conficker continues to hang around. It even made it onto Symantec’s list of the 10 most active worms and viruses last year.
The disruptions were particularly apparent at hospitals and healthcare facilities. Hackers targeted medical equipment because many hospital systems ran Windows XP and failed to apply timely patches or security software. Unsurprisingly, malware like Conficker was subsequently able to exploit the resulting security vulnerabilities.
The problem is even more acute nowadays as more medical devices that get connected don’t get regularly patched. But this problem stretches far beyond the medical industry. Starting today, even if every IoT device manufactured was guaranteed to be 100% secure – and that requires a leap of imagination - there still would be millions of vulnerable devices in use around the world. The blunt fact is that the poor security of IoT devices will haunt us for years.
Changing Old Habits
If this reminds you of a ticking time bomb, it should. IoT is a game-changing event in the history of IT and organizations increasingly view it as strategic to their operations. But that also puts enormous new responsibility on organizations and individuals to do better when it comes to cybersecurity. Left unprotected, IoT devices can turn into bots in a larger criminal enterprise to steal information or launch denial-of-service attacks as we’ve seen with Mirai, BASHLITE and other IoT malware.
So, what can you do to make a difference? A good place to start is by being more cyber-aware, at work and at home, when it comes to these myriad devices. Human nature is slow to change but begin by paying attention to the basic blocking and tackling around securing IoT.
These may sound like small steps but every little bit helps. If you want to learn more about what you can do, check out our cyber security awareness resources here.
If you enjoyed this blog and would like to watch Kevin’s webinar, click here here
シマンテックは、Sockbot マルウェアに感染した 8 種類のアプリを Google Play 上で確認しました。そのアプリをインストールしたデバイスは、ボットネットに追加され、DDoS 攻撃に利用される恐れがあります。