Tag Archives: IoT

10Fold- Security Never Sleeps- 158

Mysterious Hajime Botnet Grows to 300,000 IoT Devices: Kaspersky

“About 300,000 devices already captured”

Kaspersky Labs security researchers has revealed that a new botnet malware emerging in October of last year, Hajime, has been busy ensnaring thousands of IoT devices. This new strain came on the scene around the same time we saw the Mirai attacks and targets devices in the same way without using them for DDoS processes.

Chipotle Investigating Payment Card Breach

“Unauthorized activity recently detected on network”

Popular restaraunt chain Chipotle Mexican Grill informed its recent customers on Tuesday that the company’s payment archives from its over 2,000 locations may have been breached. With an investigation ongoing, the information being made to the public is still limited.

Game guide malware ‘targeted more than 500,000 users’

“Popular mobile games affected”

App based game guides that include some of the most popular programs have been used to attack over half a million Android users. Google Play harbors the applications responsible for the malware, with researchers at Checkpoint reporting that the apps project unwanted ads and other issues to users.

Web Attacks Decline, Ransomware Attacks Surge

“More efficient and lucrative attacks developed”

New ransomware attacks on end users have been detailed by Symantec’s annual Internet Security Threat Report. The report shows the effects of cyberattacks on intended victims as well as the growing trend in ransomware attacks, up 36% last year.

 

10Fold- Security Never Sleeps- 156

CradleCore Ransomware Sold as Source Code

“Malicious software making the rounds on underground forums”

Forcepoint security researchers have found a new ransomware, CradleCore, circulating in cybercriminal markets online. CradleCore has a customizable source code, breaking from the usual RaaS ‘business model’ that is common to similar programs.

Sneaky Exploit Allows Phishing Attacks From Sites That Look Secure

“Constantly evolving malware causes increasing concern”

Phishing attacks have long been a tool of cybercriminals online, and they’re getting worse than ever before. A recent example of this is a new exploit allows what would otherwise be recognized as untrustworthy sites to a safe URL, bypassing many security systems that would otherwise block malicious actor.

IoT malware clashes in a botnet territory battle

“Rival malware emerges to notorious Mirai”

Security researchers have identified a competitor to the Mirai botnet malware responsible for the crippling of several high profile websites. The up-and-comer is capable of commandeering low security IoT devices with greater effectiveness than its counterpart, a worrying fact to researchers as well as users.

 

10Fold- Security Never Sleeps- 152

Malware Allows Remote Administration of ATMs

“Software allows for ejection of cash”

Kaspersky Labs has recently revealed malware code that is capable of remotely gaining administration functions of ATM’s. This was discovered after a Russian bank was targeted by cybercriminals, who used the malware to access several ATM’s. The code was not deleted after the theft, however, leaving pieces for researchers to analyze and ascertain how the code was developed.

New RAT Uses Sites for Command and Control

“Well trafficked sites largely affected”

Talos researchers are now saying that popular and legitimate websites are now being used by ‘ROKRAT’ for data exfiltration. Distributed via email, ROKRAT uses a HWP document to target victims in Korea. The phishing attacks feign legitimacy by faking a reputable senders email, such as the contact email of the Korea Global Forum in several instances.

How an IoT DDoS warning system helps predict cyberattacks

“Current defensive measures limited”

DDoS attacks are devestating for victims by preventing any traffic for their website, however require comparatively little resources for malicious actors. Preventive measures are currently in use by many sites, but are not always sufficient in protecting small or medium level firms and other organizations.

10Fold- Security Never Sleeps- 147

“Huge security hole in many products”
The second largest world producer of IoT devices, Dahua, has released a software update that has gaping security deficiencies in several of popular products including DVR’s and cameras. These internet connected gadgets are vulnerable to login bypasses and remote access to various systems. Additionally, code is available online that would allow exploitation of massive numbers of these types of ‘smart’ devices online by one user, creating DDoS attack concerns among security researchers.
“General technology concerns ease”
The stockpiling of zero-day vulnerabilities by various intelligence agencies to use in offensive capabilities for cyber battle is not quite as dangerous as once predicted, says a new RAND study. Tactical benefits accrued from the collection of the data result in greater outcomes from public disclosure.
 
“Malicious software not part of official ROM”
Check Point Software Technologies posted a blog last Friday detailing the installation of malware of several android devices sold to two firms. The malware was added somewhere along the supply chain, but was not included by the official ROM made by the manufacturer. Many of the phones affected with a ROM using system privileges, meaning that a complete re-installation of all software programs to remedy the problem.

Trends 2017: Big Data Adds Big Intelligence and Bigger Learning

While it’s too early to say that Big Data is all grown up, it is mature enough to have spawned a number of new and very interesting offspring. As Gartner analyst Betsy Burton explained in late 2015 when she removed Big Data from the firm’s Hype Cycle, “Big Data has quickly moved over the peak of inflated expectations and has become prevalent in our lives across many hype cycles.”

Big Data is now a fundamental basis of several emerging technologies including the IoT, self-driving vehicles, artificial intelligence (AI), machine learning, deep learning, and augmented (AR) and virtual reality (VR). It has moved beyond elemental data into more sophisticated areas such as image recognition and correlation, and natural language querying systems such as AI-based personal assistants.

The Big Data category is evolving so rapidly it’s difficult to say where it will be at year’s end but strong trends are evident. 10Fold has a dedicated Big Data team that has been driving and closely tracking its evolution, and below is a short list of some of the important trends we see for 2017.

Data Democratization

Delivering ease of use and understandable analytics to people who are not data engineers or scientists is evidence of the industry’s maturity, a key to its growth, and increases ROI via simplification. Improvements in data processing and cloud apps and services, including BDaaS and STaaS, have delivered simple and sometimes free tools that make Big Data results easier to access. The cloud is now the main means of implementing most Big Data initiatives, allowing users to specify the needed storage and compute by spinning up databases for apps and data warehouses in mere minutes, at minimal cost, and without the all the previous physical hassles of configuration. This year and the coming decade will see more from the next level of data democratization, and one that is born of Big Data itself, with VR- and AR-based data interaction capabilities providing an immersive and further simplified experience.

IoT, Big Data – and Blockchain?

IoT perfectly exemplifies Big Data, delivering constant generation of unstructured data from a variety of sources. IoT is hot, but it also expands the attack surface among a variety of new vectors. Interestingly, media and analysts alike see blockchain technology growing beyond its financial origins to impact Big Data and as a potential remedy for IoT’s security issues. Blockchain’s relevance comes from its distributed ledger capabilities that hasten communications, its encryption, and from its unalterable nature. If these capabilities can be successfully applied to IoT and across other distributed Big Data systems, then not only will they speed and improve performance, but will greatly reduce risks.

AI Continues Learning

According to IDC’s 2017 predictions, “by 2019, 40 percent of digital transformation initiatives and 100 percent of IoT initiatives will be supported by AI capabilities.” AI provides timely analytics from Big Data and is especially useful with unstructured data by rapidly sifting through and identifying which data are most relevant for specific use cases. AI has morphed into a variety of new applications including machine learning, deep learning, neural networks, cognitive computing, image recognition, speech recognition and natural language processing just to name a few.

Feeding Big Data’s analytic output back into the system so the database learns from itself creates an iterative process that is the main tenet of machine learning, with AI hastening that process. Cognitive solutions that leverage AI are particularly useful by providing explanations, recommendations, and informing future actions or outcomes via their predictive nature.

While the predictive nature of these solutions positively impacts a variety of industries, it is especially useful in the most critical area to us all—healthcare. Using AI and other learning technologies to harness Big Data sources such as genomic sequencing, imaging analytics, medical devices (IoT), and data from medical records can deliver decision support capabilities enabling: health risk predictions; prevention of hospital readmissions; and faster decisions for improved patient outcomes. As proof of its importance, industry giants including Microsoft, SAP, Dell Services, IBM, Google and others have invested heavily in healthcare with the goal of applying machine learning strategies to complex problems such as cancer research.

Better Than Humans and Accelerating

Recently published results from experiments at Google’s Brain and DeepMind artificial intelligence research groups, OpenAI, MIT and UC Berkeley indicate AI software can design machine-learning systems with better results than those designed by humans. This has powerful implications such as: reducing market demand/stress for AI engineers that are in low supply; accelerating the pace at which machine-learning software is deployed; and reducing the amount of required data consumed for a system to perform (learn) a task well—with the last two further accelerating the pace of machine-learning’s evolution.

The pace of innovation enabled by Big Data and its various intelligent and self-learning spawn is so rapid and widespread that its outcomes may be impossible for mere humans to predict, though perhaps AI and the learning systems themselves will have an answer soon. One thing is for sure, at this pace we won’t have to wait long for the results.

Event Summary
BDH 2017 - 10Fold - WIKIBON - INVITE - FINAL
Event Details
This is an intimate luncheon with a select group of data scientists and big data industry executives to discuss trends such as AI and machine learning. Join this small group of forward thinkers in discussing how these new technologies will fundamentally change how we interact with data and change entire industries. Held during Strata + Hadoop World SV in San Jose, this event provides an opportunity to look ahead beyond the hype. Wikibon’s Lead Big Data & Machine Learning Analyst George Gilbert will help lead discussion at the roundtable.


Event Registration
Register Now

10Fold- Security Never Sleeps- 133

Trojan Malware Blamed for Health Cyberattack 

“Targeted hospital computer systems forced offline”

Barts Health NHS Trust computer systems were taken offline by cybercriminls with a Trojan malware program on Friday. Nearly all department systems, even those unaffected, were set offline as a precaution. How the infiltration entered into the network is still undisclosed.

Yahoo hack compromised accounts of over 3,000 Australian government officials

“Largest known data breach of its kind”

The victim count of a massive cyberattack on Yahoo has risen to over 3,000 Australian government officials. High profile positions such as MP’s, judges, and federal police were among those compromised, exposing a large amount of high risk information to cybercriminals. Security firm InfoArmor has released information that an Eastern European hacker collective “Group E” stole data from Yahoo in 2013, and the Department of Defence was apparently notified of this fact in October of last year. The breach has prompted Malcolm Turnbull, the Australian Prime Minister, to begin to probe the incident.

Fighting cybercrime using IoT and AI-based automation

“Murder case gains ground with new tech”

Detectives investigating a murder in Arkansas were able to pull valuable data off a smart meter, measuring 140 gallons of water in the early hours of the morning. This was far more than the home had ever been used before, possibly providing the time of death and attempts to conceal evidence.

Firefox Update Will Kill This Sneaky Tracking Technique

“Captures information in ‘browser fingerprinting'”

A new Firefox patch will probe for various softwares that use pieces of information that are indicative of whether or not the actual owner of the computer is using it. Some surprising factors, such as screen resolution, interface language and plug-ins, are actually quite accurate in recognizing the correct user.

10Fold- Security Never Sleeps- 129

Russian Hackers Run Record-Breaking Online Ad-Fraud Operation

“Over 5 million stolen per day”

Russian cybercriminals have been found to be responsible for a fraud operation that is conducted by posing as over 6,000 different big name websites and generating fake ad impressions. Among those affected are The Huffington Post, Fortune, Fox News, and ESPN.

Cyberattack suspected in Ukraine power outage

“Automation control systems, more affected at Northern Substation”

A complete power loss in a power station near Novi Petrivsi resulted in a massive lack of delivery to the Northern Kiev area. The attack was consistent with a cyber breach, with the culprit unknown as of yet.

What Obama Said to Putin on the Red Phone About the Election Hack

“U.S. president speaks with Russian leadership over influence in domestic politics”

President Obama is reported to have taken official deterrence steps with Vladimir Putin over the course of the 2016 presidential elections, officials reported to NBC News. Obama apparently decided to leave the option out of election meddling as an act of war after urging from advisers, but spoke with Putin at the G-20 summit in China in September.

IoT could be our downfall

“Average data breach value is roughly $4 million”

Serious exposure from various risks in data systems is an ever-increasing threat for firms. Reputational and financial damage can level a company, particularly with the failure to comply with new regulations and procedures that are involved with personal data.

10fold- Security Never Sleeps- 123

San Francisco Muni Says Server Data Not Accessed in Ransomware Hit

“Ransom never considered to be paid”

San Francisco Municipal authorities have released a statement on Monday indicating that its servers had not been breached by a hacking attempt. The potential cyber criminal responsible claimed 30GB of stolen data would be dumped from the agency if roughly $73,000 worth of Bitcoin was not paid, a sum the SFMTA never even considered paying when no indications of a breach had been found.

Researchers Exploit App Flaw and Steal a Tesla Model S

“Remote hacking and driving now possible”

Chinese researchers working in Keen Security Lab were able to access and execute commands on a Tesla S vehicle, adding to concerns existing as driverless cars become less prevalent in science fiction and more in reality. Lack of security in the Tesla smartphone apps allows cybercriminals to remotely access and drive away with a car in just a few seconds without a key fob being physically present.

Upgraded Mirai Botnet Disrupts Deutsche Telekom by Infecting Routers

“Vulnerable routers being targeted”

IoT malware menace Mirai has been plaguing the German state firm Deutsche Telekom, causing connection issues for nearly a million customers. Blame for the disruptions was placed on a new strain of the Mirai malware, found to have infected over 500,000 IoT devices ranging from surveillance cameras to DVR’s.

Feds Provide Legal Loophole to Hacking IoT Devices

“Changes release researchers from select legal liabilities”

What many consider long overdue exemptions from legal action are currently being celebrated by technology security researchers in the United States. The Digital Millenium Copyright Act has been amended to provide a two year ‘good-faith’ window, allowing security analysts to break into softwares that involve IoT devices and more without violating copyright laws under section 1201.

10Fold- Security Never Sleeps- 119

Some Yahoo Employees Knew of Massive Hack in 2014

“Will create more concern in Verizon acquisition”

Yahoo has now admitted that many employees were aware of a state-sponsored hacking attempt that resulted in a critical breach of its network. Personal information from at least half a billion accounts, what is considered to be the largest in history, involved over 200 million usernames and passwords being stolen from users and customers.

Possible Health Data Breach From Employee Laptop

“MGA Home Healthcare notifies patients of possible personal information theft”

Potential data breaches may have occurred with a vendor downloading information in an unauthorized manner while servicing homes. Over 3,000 patient and employee information blocks may have possibly been compromised, left vulnerable in an employee’s vehicle. Law enforcement has been notified and released a statement; “has been conducting a thorough review of the potentially affected records to confirm what information was exposed.”

IoT Worm Can Hack Smart Devices, Prompts Concerns

“Chain reaction can create chain reaction in other devices as well”

A proof-of-concept worm developed by Eyal Ronen, Adi Shamir, and Achi-Or Weingarten of Weizmann Institute of Science, and Colin O’Flynn of Dalhousie that can create insecure web-connected chain reaction hacks is exploiting universal encryption keys over ZigBee networks. This is then capable of moving to other devices via other devices universal keys, able to spread exponentially in what is described as a city-wide basis.

Major Cloud Malware Infested Says Researchers

“Concerns over difficulty identify mount”

Many computer experts are saying that repositories are supplying malware to users, creating a serious epidemic for those using cloud based technologies. Hundreds of buckets have possibly been compromised, says Xiaojing Liao, a graduate student at Georgia Tech who is leading a study that is addressing possible solutions to the issue.

Trump Victory Sparks Fears Over U.S. Encryption, Surveillance Policy

“Donald Trump’s surprise win has brought fears of rights violations, security”

Civil Libertarians and technology companies have voiced serious concern over some of Trump’s potential policies that call for closing down certain parts of the internet to fight Islamic terrorism. Trump won the election Tuesday night, a victory unforeseen by much of the media. The new President-Elect has been a vocal opponent of tech companies being uncooperative with the government on unlocking their technologies to assist with terrorist investigations.