Internet

now browsing by tag

 
 

Russian #hackers could #instantly cut #off the #internet for #half a #million people

Russian hackers have infected more than half a million routers across 54 countries with sophisticated malware that contains a killswitch to instantly cut internet access to users, security researchers have revealed.

The VPNFilter malware also allows attackers to monitor the web activity of anyone using the routers, including the their passwords, potentially opening up the possibility of further hacks.

“Both the scale and capability of this operation are concerning,” William Largent, a researcher at the cybersecurity firm Talos, said in a blogpost describing the vulnerability.

“The destructive capability particularly concerns us. This shows that the actor is willing to burn users’ devices to cover up their tracks, going much further than simply removing traces of the malware.”

The malware has been attributed to a group of Russian hackers, who are variously known as Sofacy Group, Fancy Bear and Apt28. The group has been in operation since the mid-2000s and has previously been blamed for attacks ranging from the Ukrainian military to the 2017 French elections.

Security researchers tell The Independent that the discovery of the malware highlights a broader issue of how vulnerable internet-connected infrastructure is to cyber attacks.

“No longer can we afford to keep our critical infrastructure connected to, and therefore directly accessible to, the internet,” said Eric Trexler, vice president of global governments and critical infrastructure at cybersecurity firm Forcepoint.

“VPNFilter proves that time tested military techniques such as network segregation not only makes sense, but is required if we expect industrial services to remain resilient in the face of sophisticated and persistent attacks.”

Routers found to be vulnerable to the VPNFilter malware include Linksys, MikroTik, Netgear and TP-Link, all of which are often used in homes or small offices. The researchers say they have not yet completed their research but they are making it public now to draw attention to it.

“Defending against this threat is extremely difficult due to the nature of the affected devices,” Mr Largent said.

“The majority of them are connected directly to the internet, with no security devices or services between them and the potential attackers.”

The FBI responded to the revelations by granting court permission to seize a web domain believed to be in control of the Russian hackers.

“This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities,” Assistant Attorney General for National Security John Demers said in a statement on Wednesday.

advertisement:

FBI Special Agent Bob Johnson added: “Although there is still much to be learned about how this particular threat initially compromises infected routers and other devices, we encourage citizens and businesses to keep their network equipment updates and to change default passwords.

The post Russian #hackers could #instantly cut #off the #internet for #half a #million people appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

International Conference on Smart Grid and Internet of Things (SGIoT)

General Cybersecurity Conference

 July 11 – 13, 2018 | Ontario, Canada

Cybersecurity Conference Description

The IoT is a grand vision as it ascribes the concept of millions of interconnected intelligent devices that can communicate with one another, and thereby control the world around us. Technically speaking, the smart grid can be considered to be an example of the IoT composed of embedded machines, which sense and control the behavior of the energy world. The IoT-driven smart grid is currently a hot area of research boosted by the global need to improve electricity access, economic growth of emerging countries, and the worldwide power plant capacity additions. GlobalData, a renowned consulting firm, forecasted that the global power transformer market is anticipated to increase from $10.3 billion in 2013 to $19.7 billion in 2020, with an astounding compound annual growth rate of 9.6 percent due to the phenomenal rise in energy demand in China, India and the Middle East. Therefore, it is the perfect time to invest research initiative, e.g., through our event, in the IoT-dominated smart grid sector.

In addition to its timeliness, the event comprises a broad range of interests. The theme invites ideas on how to achieve more efficient use of resources based largely on the IoT-based machine-to-machine (M2M) interactions of millions of smart meters and sensors in the smart grid specific communication networks such as home area networks, building area networks, and neighborhood area networks. The smart grid also encompasses IoT technologies, which monitor transmission lines, manage substations, integrate renewable energy generation (e.g., solar or wind), and utilize hybrid vehicle batteries. Through these technologies, the authorities can smartly identify outage problems, and intelligently schedule the power generation and delivery to the customers. Furthermore, the smart grid should teach us a valuable lesson that security must be designed in from the start of any IoT deployment. Since there is an alarming lack of standards to address the protection of the secret keys and/or the life-cycle security of the embedded smart grid devices, intruders could use conventional attack techniques to breach the security just as in any other IoT deployment.

advertisement:

The post International Conference on Smart Grid and Internet of Things (SGIoT) appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Internet of Things National Institute

Source: National Cyber Security News

General Cybersecurity Conference

 May 9 – 10, 2018 | Washington DC, United States

Cybersecurity Conference Description 

The Internet of Things (IOT) is defined as billions of vehicles, buildings, process control devices, wearables, medical devices, drones, consumer/business products, mobile phones, tablets, and other “smart” objects that are wirelessly connecting to and communicating with each other. This new top law practice area is raising unprecedented legal and liability issues.

As one of the most transformative and fast-paced technology developments in recent years, IoT will require businesses, policymakers, and lawyers (M&A, IP, competition, litigation, health law, IT/outsourcing, and privacy/cybersecurity) to identify and address the escalating legal risks of doing business in a connected world.

Attend this institute to:

  • Discover why corporate, law firm, government, university, and other attendees gave the last two IoT Institutes rave reviews, calling it “magical,” “eye-opening,” with “rock star” speakers, and overall “a grand slam.”
  • Gain insights and practical guidance on the latest legal, legislative, regulatory, and liability issues of the IoT transformation—a game-changer for businesses, policymakers, and lawyers that’s generating hundreds of billions of dollars in spending globally.
  • Explore need-to-know IoT hot topics: big data/ privacy, cybersecurity, litigation/mitigation, cloud/artificial intelligence, connected healthcare, ethics, global IoT product development and sales, insurance risk allocation, and homeland/national security.

    Read More….

advertisement:

View full post on National Cyber Security Ventures

Malicious Software and Hardware in Internet of Things (Mal-IoT)

Source: National Cyber Security News

General Cybersecurity Conference

 May 8, 2018 | Ischia, Italy

Cybersecurity Conference Description

Cyber-physical and smart embedded systems, already highly networked, will be even more connected in the near future to form the Internet of Things, handling large amount of private and safety critical data. The pervasive diffusion of these devices will create several threats to privacy and could open new possibilities for attackers, since the security of even large portions of the Internet of Things could be harmed by compromising a reduced number of components. The possibility of securely updating devices should be guaranteed and it should be possible to verify and assert the root of trust of components. With respect to this context we expect contributions in different areas of security in Internet of Things. Topics of the workshop include but are not limit to:

– Malicious firmware design and detection
– Malware in Internet of Things applications
– Hardware root of trust
– Privacy issues of smart-home systems and complex systems
– Hardware Trojans and their effects on systems
– Hardware authentication and IP protection
– Secure communication and key-management
– Implementation attacks and countermeasures
– Emerging threats and attack vectors in the Internet of Things
– Supply chain security

Read More….

advertisement:

View full post on National Cyber Security Ventures

Wall Street and The Internet Of Money

Source: National Cyber Security News

General Cybersecurity Conference

 March 22, 2018 | New York City, New York, United States

Cybersecurity Conference Description 

The CryptoWorld team has spent many years working within the eco-system of retail and institutional investors, and partnering with the world’s leading academics and industry practitioners to provide leading edge educational solutions for practical implementation and commercial success.

With the meteoric rise in the use of blockchain technology and the resultant growth in crypto assets, investors are bombarded with information and misinformation about the asset class, the investment products, and a reliable approach to valuation. At the same time, funds, exchanges and regulators are grappling with the same issues as they seek to find protections and solutions for market participants around the world.

The team at CryptoWorld will address these issues and more in the inaugural “Wall Street and the Internet of Money” Conference in New York City on March 22, 2018. Our agenda features a world-class speaker faculty in an interactive format to promote dialogue and debate, and a stimulating learning environment for attendees. There is ample networking time devoted to meeting directly with the speaker faculty as well as the many industry participants that will be in attendance.

Read More….

advertisement:

View full post on National Cyber Security Ventures

What’s #Riding on 5G #Security? The #Internet of #Everything

Source: National Cyber Security – Produced By Gregory Evans

The U.S. government’s idea to take the reins of the development of 5G mobile networks has been met with cynicism and criticism. But there are good reasons the government is worried: Standards haven’t been set in stone yet, and 5G will present a bevy of new security challenges.

Read More….

The post What's #Riding on 5G #Security? The #Internet of #Everything appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The #Wall of #Lava #Lamps That #Protects the #Internet From #Hackers

Source: National Cyber Security – Produced By Gregory Evans

With hackers hitting everyone from Equifax to HBO, you’d imagine something more advanced than lava lamps is protecting your information—but you’d be wrong.

With high-profile hackers stealing headlines, credit card numbers, and Game of Thrones scripts in the last six months, there’s no doubt been very important meetings called across the world to figure out how to keep hackers at bay.

So, what ingenious, impenetrable systems are keeping the world safe? 

The folks at Cloudflare, which handles encryption for around 10 percent of the internet’s total traffic, have to say “lava lamps” with a straight face.

Well, to be fair, that’s actually 100 lava lamps, a swinging pendulum in London, and a chunk of radioactive material in Singapore. 

It might sound like little more than a slightly more complex version of Mouse Trap, but together this weird assortment of junk keeps Cloudflare’s traffic encrypted through the magical, mathematical concepts of randomness and unpredictability. Also, Linux is involved. 

It’s interesting to see how encryption and chaos theory overlap—the pendulum mentioned in the video is probably similar to a double pendulum, which is a classic example of chaos theory (you probably learned about that in Jurassic Park).

A double pendulum is very sensitive to “initial conditions,” or what position it starts in, to the point that a small fraction in difference in two starting points can yield incredibly different swing patterns. This seeming unpredictability to outside observers makes it a great way to simulate randomness, and therefore create the basis for an extremely difficult encryption.

Still, lava lamps give Cloudflare way more style points.

We like to imagine the Chinese scientists who launched the world’s first quantum encryption satellite covertly including a lava lamp in their next satellite, just for that extra layer of security. Groovy, man.

The post The #Wall of #Lava #Lamps That #Protects the #Internet From #Hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The #internet of #things: Why it #matters

The #internet of #things: Why it #mattersSource: National Cyber Security – Produced By Gregory Evans The iPod, Facebook, “smart” televisions: the 21st century has seen a host of innovations that have transformed the way we live. The rise of the so called internet of things, or IoT, is another technological development that is starting to become an increasingly common presence in our […] View full post on AmIHackerProof.com | Can You Be Hacked?

5 #Cybersecurity Predictions for #Tomorrow’s Internet

Source: National Cyber Security – Produced By Gregory Evans

5 #Cybersecurity Predictions for #Tomorrow’s Internet

Cybersecurity is quickly becoming part of everyone’s daily life and can no longer be separated between personal and work life. In the past, cyber-attacks were typically only a concern for the workplace; however, today that is no longer the case with cyber-attacks becoming more common – effecting everyone connected to the internet.

Cyber-attacks are going to be the biggest threat to everyone and businesses on earth and will be the trigger for future wars and political instability.

Cyber-attacks do not care about the age, gender, race, culture, beliefs or nationality of its victims. They attack based on opportunity and/or financial gain, irrespective of whom the victim is.

The question then becomes: Why is it that we continue to see so many cyber breaches?

If we look at why many of the breaches in recent years have occurred, it comes down to three major factors that can be categorized into the human factor, identities and credentials, and vulnerabilities. With the digital social society, we are sharing more information publically, ultimately causing ourselves to be much more exposed to social engineering and targeted spear phishing attacks. When our identities are stolen, it provides the attacker with the ease of bypassing the traditional security perimeter undetected, existing security technologies, and if that identity has access to privilege accounts, they can easily carry out malicious attacks under your name.

Here are some predictions for tomorrow’s internet:

1. Privacy may be gone, but not forgotten – is it even reversible?

Yes, the end of privacy as we know it is closer than you may think. Privacy definitions are very different between nation states and cultures – though one thing in common is that privacy is becoming less an option for most citizens. In public, almost everyone is being watched and monitored 24/7 with thousands of cameras using your expressions, fashion, walk, directions, interactions and speech to determine what you need, what you might be thinking, who you are going to meet, who is nearby and even algorithms determining what your next action might be. All of this to help provide a custom experience unique to everyone, as well as predict and prevent cybersecurity threats. The saying “if you have nothing to hide you have nothing to fear” is becoming reality.

2. Ransomware will evolve to cross platform and payments will be single click

Ransomware is going to be platform agnostic and can lock people out of any device or system. The financial payment for ransomware is going to evolve significantly so that it will be as easy as clicking once to pay the ransomware. It will target time sensitive systems and events, so watch out if you are taking part in the World Cup next year as cyber-crime will always be looking for major events to trick and take advantage of people wanting to get access to their favourite sport or concerts. RansomScare will also be the next threat which will become a life and death situation unless a ransom is paid.

3. Blockchain will become an important cybersecurity control

Most people are familiar with blockchain being the building blocks for cryptocurrencies and transactions; however, many are not familiar with its ability to provide non-repudiation or data integrity when related to cybersecurity. Blockchain used heavily in the early digital systems within Estonia are primarily used to ensure history could not be re-written. This mind-set can be repeated in security when it comes to the integrity of systems and data. Blockchain can be used for multiple different attributes – ensuring data is not poisoned, used for digital forensics to ensure chain of custody does not manipulate the data and for security log integrity. Blockchain is an ever-increasing trend in cybersecurity.

4. Governments and Encryption will come head to head

Governments hate not being able to spy on people and encryption is making it even more difficult for them to gather intelligence about other nation’s foe or allies’ activities either for political advantage, economic advantage or espionage. What is surprising is that while this was typically for intelligence on other nation states, it has become more common practice for nation states monitoring their own citizens as disclosed by Edward Snowden. With more people using VPN and encryption or messaging apps that have end to end encryption, we are going to see a head-to-head battle between governments and technology – especially when it relates to security and terrorism.

5. Humans will be connected directly to the internet

Even today humans are almost entirely connected to the internet. Just like when our work and personal life separation disappeared, the next generation will only know of life continuously connected to the internet. And not just through fashion and technology getting intertwined along with our personalized internet experience, but they will literally be connected not through a device, but through their bodies.

Source:

The post 5 #Cybersecurity Predictions for #Tomorrow’s Internet appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

China’s New Cybersecurity Law Smacks the Internet Giants

Source: National Cyber Security – Produced By Gregory Evans

There are many potential pitfalls for operating in China. Local businesses can gain and maintain a competitive edge resulting from the quagmire of government regulations and local bureaucracy, which in many cases favors Chinese companies over foreign competitors. But even that advantage can be both a blessing and a curse….

The post China’s New Cybersecurity Law Smacks the Internet Giants appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures