Reflare - Weekly Security Briefing 2015-50
As 2015 winds to a close, a trend in specific cyber threats is growing. These trends mainly focus on poorly secured IoT and childrenâ€™s devices. The threats arenâ€™t new, but they continue to trend in popularity with cyber criminals. The trending popularity is a concern for security professionals.
IoT devices continue to introduce new features for consumer home automation. Wearables are trending as popular new gadgets. Manufacturers continue to integrate the Internet into their everyday devices for consumers. These devices arenâ€™t updated often, donâ€™t have anti-malware implemented, and arenâ€™t well monitored for new vulnerabilities. The result is that these devices are targets for malware â€“ especially spyware that exposes user home information to the attacker.
The biggest exposure is from the control systemâ€™s hub. For instance, a recent security threat was identified in Ubi hubs where the manufacturer left the debugging interface exposed. Simply disabling the debugging interface improves security, but manufacturers have yet to acknowledge the need for better security in their technology.
Children's Tablets as Targets
Mobile devices are becoming more integrated into school life for young children and teens. This makes them a target for cyber criminals.
Recently, a major security breach was confirmed from VTech, a company that manufactures devices and monitors for children and their parents. The company confirmed that 6.4 million childrenâ€™s profiles were stolen by hackers. Childrenâ€™s names, birthdates, photos, email addresses, physical addresses, and even passwords were breached.
This comes as no surprise since tablets are rarely updated or have any type of malware installed. Efforts to block hackers from desktops make it more difficult to bypass security, so hackers turn to less secured mobile devices that rarely have any anti-malware features. 2016 promises to see trends in mobile device malware rather than desktop as more consumers turn to mobile as a primary online source.
Ransomware is Making a Comeback
Crowdsourcing isnâ€™t just for legal startups anymore. Ransomware developers created a site named Tox that crowdsources malware development and distribution. The site lets programmers and malware distributors come together and combine forces to demand payments from helpless victims that canâ€™t access important documents without payment.
Incidentally, Tox shut down due to fear of being an FBI target, but several others have piggybacked off of the idea. These sites are a part of the dark web, so they can avoid detection from law enforcement. Ransomware isnâ€™t a new concept, but crowdsourcing has given it an increased incentive and interest for cyber criminals.
Anti-Hacking Talks Between China and the US
The US and China are in discussions regarding anti-hacking agreements. The talks come after several years both countries have battled with cyber attacks and espionage in the private sector. As much as a positive outcome is publicized, itâ€™s not likely that any agreement will be reached soon.
For consumers, itâ€™s difficult to protect a device when you donâ€™t have the simple option of installing antimalware software. For this reason, responsibility falls on the manufacturers to either better protect consumer products or provide users with the ability to protect their private data.