Internet of things security takeaway: Save yourself, and by doing so, maybe help save the rest of us too. That's the obvious takeaway from the rise of low-tech, high-impact Mirai malware, which has been tied to the record-setting Oct. 21 DDoS attack against Dyn.
Chinese manufacturer Xiongmai has promised to replace or patch some IoT components that attackers are using to build massive internet of things Mirai botnets to wage DDoS attacks, such as the Oct. 21 disruption of DNS provider Dyn. But security experts question whether these moves will blunt future IoT attacks.
Massive DDoS attacks, targeting DNS provider Dyn, have triggered widespread internet disruptions. Security intelligence firm Flashpoint says the attacks have been perpetrated at least in part via a botnet of Mirai-infected internet of things devices.
Widespread website outages beginning early Oct. 21 are suspected to have been caused by a massive distributed denial-of-service attack against DNS service provider Dyn. Numerous sites, including Amazon and Twitter, were sporadically unavailable.
IoT botnets, the term for armies of hacked internet-connected devices, aren't going away. And an anecdote from the field shows the gravity of the problem and why it's unlikely to be resolved any time soon.
Sadly, users are still their own worst enemy as they are not taking the safeguards to help protect themselves in digital mobile market today. As reported by Infosecurity Magazine, today, only 45% report locking their phone with a pin, password or biometric. Yet 83% of consumers are extremely, very or somewhat...
The internet of things is being compromised by malware-wielding attackers exploiting default credentials baked into devices. What will it take for manufacturers to ship devices that are secure by default?
Bad news: A developer has released the source code for Mirai malware, which is designed to automatically find and hack internet of things devices, turning them into DDoS cannons. The malware has been tied to recent record-smashing DDoS attacks.
A new cyberattack trend report from Europol notes that while online criminals continue to refine their capabilities, old and unsophisticated attacks too often still succeed, thanks to poor digital hygiene and a lack of security by design and user awareness.
The cybercrime sector involves a rapidly growing services economy that provides everything from bulletproof hosting and stresser/booter DDoS on demand, to ransomware-as-a-service and sites that offer to launder bitcoins via a process known as tumbling.
Two men have been arrested by Israeli police, at the request of the FBI, in connection with an investigation into the vDos site, which provided distributed denial-of-service - a.k.a. stresser or booter - attacks on demand.
Those who embrace good cyber hygiene in their personal lives are likely to be more aware of information security on the job as well, says Steve Durbin of the Information Security Forum, who'll deliver a keynote address at Information Security Media Group's Fraud and Breach Prevention Summit in Toronto.
The breach of porn site Brazzers - which allows users to swap fantasies in online forums - begs the question of how many users employed throwaway usernames and passwords. Some 1,446 U.S. military and 41 U.S. government email addresses were found in the data dump.