Insights · February 13th, 2019
IoT hacking
The IoT (Internet of Things) has grown exponentially with the popularity of smart home devices like the Amazon Echo and Google Home Hub. While certainly great examples of the vibrant future of consumer technology, the nature of those devices poses some security ramifications. IoT endpoint devices are usually wirelessly connected to the Internet, which exposes them to malicious activity. As Wired magazine uncovered last spring, embedded exploitation efforts were becoming alarmingly more sophisticated. While it’s more commonplace to recruit thousands of vulnerable devices into botnets that aid in DDoS (distributed denial of service) attacks, security experts are beginning to see more elaborate hacks. Attacks in which the perpetrators jump from one device to the next, bypassing normal server protocols have been nicknamed “Rube Goldberg”-style attacks. These allow the hacker to access login credentials and data caches and the power to control entire systems, all from a single compromised entry point such as a wireless camera. Ang Cui, an embedded device security expert, says, “We’re looking at a fitness tracker hacking a smart speaker, a smart speaker hacking a thermostat and the thermostat hacking the rest of the network. It’s all laughs until that thermostat connects to a power plant or an embassy.”Social engineering
Murray Goldschmidt, COO of information security firm Sense of Security, called social engineering “the new norm in hacking” in a recent post for CSO. Organized cybercriminals research their targets, analyzing every tidbit of externally presented information, right down to an individual’s social media posts. They then tailor their attack to gain that individual’s trust via phishing websites and emails, artificially injected social media articles and messenger bots or by posing as an employee, friend of a friend or even a relative. These phishing schemes are designed to trick users into giving up passwords or financial details or even to manipulate the outcome of current events (see the latest sophisticated spoofing attempt made against BlackRock CEO Larry Fink). They have the potential to throw social media networks and society at large into chaos without proper action and regulation.Cloud attacks
Cloud computing is an emerging trend in the software world. Using cloud-based solutions, many companies have increased their operational efficiencies for relatively low costs. Unfortunately, not everything is perfect in the cloud industry.
In 2017, a Chinese hacking group named “Red Apollo” launched one of the largest sustained global espionage campaigns. As part of their efforts, they targeted cloud service providers in an attempt to use their centralized network to leverage their client rosters (containing some of the world’s top companies) as inadvertent spying tools. In the time since, security experts have expressed increasing concern over the increased maturity in supply chain attacks. Because companies now host the vast majority of their valuable data in the cloud, they’ve become natural targets for cybercriminals.
How to protect yourself
Security breaches are a legal and financial quagmire for businesses and a personal nightmare for consumers. Keeping the following in mind can help keep hackers away from personal data and network systems.
Restrict access to your network
Think about it: Who actually needs access to your network? If you’re a business, that list will likely only include authorized employees and IT personnel. If you’re a regular individual, that means people in your household or close friends. Keeping a watchful eye on current phishing scams, limiting access to sensitive data and password-protecting network equipment helps keep out the people who don’t belong.
Change passwords frequently
Of course, your network is only as secure as your passwords. Many people don’t update their passwords as often as they should or use the same password for multiple sites across their security keychain. It certainly isn’t necessary to change passwords on a monthly basis, but using a password manager to routinely audit the age and use of your passwords can give you a better idea of when to change it up. If you’re ever in a suspicious situation or feel like your information is at risk, however, you should change your password immediately.
Maintain current security updates
One of the easiest ways hackers gain access to a system is through out-of-date security systems. Cloud industry expert Mark Hurd, CEO of Oracle Corporation, says, “Consider the fact that 85 percent of security breaches take advantage of system vulnerabilities for which a patch was available for more than a year but was not applied.” Installing the latest general software updates or patches is always a good idea for businesses and individuals alike. The same goes for phone applications: Regularly check for the latest updates in the app store, and make sure they’re all up-to-date.
While we’d all like to believe that one day, system security will become so airtight that there won’t be any room for breaches, it’s more realistic to assume that criminals will evolve and adapt to the changing technology ecosystem no matter what. When crime goes online, constant vigilance is the key to protecting your data.
Sara Carter is the co-founder of Enlightened-Digital, an online publication covering emerging technology and business trends.
Category
Business & Economy
