DOCSLIB.ORG

Turning Internet of Things(Iot) Into Internet of Vulnerabilities (Iov) : Iot Botnets

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

TURNING IOT INTO IOV : IOT BOTNETS 1 Turning Internet of Things(IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets Kishore Angrishi Abstract—Internet of Things (IoT) is the next big evolutionary step in the world of internet. The main intention behind the IoT is to enable safer living and risk mitigation on different levels of life. Home Automation / With the advent of IoT botnets, the view towards IoT devices Smart Home has changed from enabler of enhanced living into Internet of vulnerabilities for cyber criminals. IoT botnets has exposed two Industrial Control Systems different glaring issues, 1) A large number of IoT devices are Smart City accessible over public Internet. 2) Security (if considered at all) is often an afterthought in the architecture of many wide spread Internet of Things (IoT) IoT devices. In this article, we briefly outline the anatomy of Autonomous the IoT botnets and their basic mode of operations. Some of the Vehicles Medical and healthcare major DDoS incidents using IoT botnets in recent times along Smart traffic & parking with the corresponding exploited vulnerabilities will be discussed. control We also provide remedies and recommendations to mitigate IoT Smart Metering & related cyber risks and briefly illustrate the importance of cyber Smart Grids insurance in the modern connected world. Index Terms—DDoS, IoT, IoT Botnets, Mirai Botnet, Cyber Insurance, Security I. INTRODUCTION Fig. 1. Internet of Things (IoT) The Internet of Things (IoT) is key in the digital world of connected living. The futuristic appeal to make life bit more enjoyable in a hectic day-to-day routine is enticing to many. For example, the idea of refrigerators monitoring their contents and send orders directly to the retailers when the milk is run- ning out or ordering Sunday morning bread from your bed with a voice or gesture command to an intelligent assistants like Amazon Alexa or Apple Siri or Google Assistant is appealing. With the advent of smart phones, smart television, and more smart devices like Amazon echo with Alexa or Google Home, most of the ideas stated above are not part of some science fiction dream anymore but rather becoming a reality right now. The IoT devices have a wide range of applications (see Fig: arXiv:1702.03681v1 [cs.NI] 13 Feb 2017 1) especially in home automation (smart home), healthcare, smart energy solutions, autonomous connected vehicles and extremely complicated industrial control systems. According to a study [1] we have now (2016) have 9 billion smart Fig. 2. The worth of IoT by 2025 devices (excluding smart phones, tablets and computers) and is anticipated to grow to 28.1 billion by 2020. By 2025, the value of the internet of things will be trillions annually (see a smart phone can be seen as a computer that makes phone Fig: 2) [2]. calls or a refrigerator is a computer that keeps things cold. It is important to understand that these smart devices cannot These specialized computers are often run by powerful micro- be seen as specialized devices with intelligence built-in but processors just as much as desktop, laptop or tablet computers rather as computers which does specialized jobs. For examples, and are well connected with each other, either inside a private network or over the public Internet. The crucial distinction Disclaimer: The views expressed here are solely those of the author in his with these specialized computers is that, IoT devices are often private capacity and do not in any way represent the views of the Munich RE, or any other entity of the Munich RE Group designed with poor security or even none at all. Internet is K. Angrishi is with Munich RE, Königinstrasse 107, 80802 Munich e-mail: already very complex to secure, with additional 9+ billion [email protected]. insecure IoT devices, the task has become more difficult. In The author like to thank Jo Müller, Carsten Topsch, Sebastian Wolf and Wilhelm Reeb for their time and feedback in both initiation into work on IoT the next section, a brief introduction of simplified Internet is and in the preparation of this contribution given to understand the vulnerabilities used by IoT botnets to TURNING IOT INTO IOV : IOT BOTNETS 2 launch attacks on clueless victims in Internet. FTP &HTTP CDN Service Node II. INTRODUCTION TO SIMPLIFIED INTERNET CDN Cache DHCP Server DSL Modem Internet is the network of networks. It can be broadly divided into two parts, namely, access network and core DSL Modem network. There are arrays of technologies involved in enabling ISP 2 the normal functioning of both access and core networks. BRAS ISP 1 DSL Modem Since IoT devices are mostly end customer devices deployed Router DSLAM/ at edge of access networks and IoT botnets often exploit the MSAN ISP 3 vulnerabilities present at the interface between access networks Edge Router DSL Modem and core network, we limit our discussion on internet to access networks especially digital subscriber line (DSL) access AAA TR Ͳ069 DNS & Server ACS NTP server network (see Figure 3) along with the TCP/IP protocol suite. DSL Modem The first entity on the DSL access network is DSL modem DSL Access Network Core Network located at the customer premises. DSL modem can terminate ADSL, SHDSL, VDSL circuits and provide LAN interface Fig. 3. The DSL access network together with core network of ISPs to end devices at private or commercial premises. Now-a- days, most DSL modems are integrated into the home routers. BRAS is technically the first IP hop from the client to the Thereby, the clear demarcation of local area network (home internet. BRAS is connected to Internet router of the ISP to network) and the infrastructure of the Internet Service Provider route the user traffic into the Internet. Data traffic from one ISP (ISP) is no more possible. DSL modem is connected to a is forwarded to the infrastructure of another ISP through their digital subscriber line access multiplexer (DSLAM) port in respective edge routers. The main functionality of Internet is telephone exchange using telephone company wires. DSLAM to be used by users to transfer data from end devices over converts analog electrical signals from subscriber local loop to a medium (wired or wireless) through the infrastructure of digital data traffic (upstream traffic for data upload) and digital an Internet Service Provider (ISP) to either other user’s end data traffic to analog electrical signals to subscriber local loop devices or to servers of service providers. The end user will (downstream for data download). The traffic from DSLAM is need the IP address of the destination to transfer the data routed to and from a broadband remote access server (BRAS) through the Internet, this information can be obtained by sitting at the edge of an ISP’s core network, and aggregates making a domain name look-up using the services of DNS user sessions from the access network. BRAS has following server of the ISP to obtain the IP address. The DNS server specific tasks of ISP, if the requested domain name is not found locally, 1) Provides layer 2 connectivity through transparent bridg- would recursively querying the authoritative DNS hierarchy. ing or Point to Point Protocol sessions over Ethernet To illustrate the working of DNS, let’s imagine a user wants (PPPoE) or ATM sessions. A BRAS can terminate upto to visit the website "www.amazon.com". The web browser first 50000 PPPoE sessions. looks in its own cache for the IP address of the domain name 2) Inject policy management and Quality of Service (QoS). "www.amazon.com", if no entry is found, the web browser 3) Provides layer 3 connectivity and routes IP traffic will ask the operating system (OS). If OS doesn’t have the through the Internet Service Provider (ISP) backbone entry, OS will perform the DNS query to DNS servers of infrastructure to the Internet. ISP. The DNS servers of ISP are mostly configured to provide 4) Responsible for assigning network parameters such as IP recursive DNS look-up. This means, the ISP’s DNS server addresses to the clients. BRAS is connected to following will quest the "root" name server to find out which name major necessary servers to assign network parameters to servers are authoritative (in simple terms responsible) for the DSL modem: the ".com" domain. Once the information is available, ISP’s • Authentication, authorization and accounting sys- DNS sever will send a query to those name servers asking tems of ISP them about the authoritative name server for "amazon.com" • Auto Configuration Server (ACS) to perform remote domain and then a final query to those name servers asking management of the DSL modems at the customer for the address of "www.amazon.com". The servers which premises. answer for "www.amazon.com" and resolve the domain name • Domain Name System (DNS) server of ISP to to an IP address are called authoritative DNS servers. These translate the domain name address to IP address authoritative DNS servers can be either company’s private to enable the users to transfer data over the IP DNS server or a company hires a DNS service provider like networks. Dyn to have managed DNS service. The figure 4 illustrates • Network Time Protocol (NTP) server to provide the working of recursive DNS query processing without the timing information to DSL modems. consideration of DNS caching, web-browser caching or OS • Dynamic Host Configuration Protocol (DHCP) caching. server to lease unique public IP address to each DSL The another important component of Internet is Content modems. Delivery Networks (CDN). CDN operators like Akamai host TURNING IOT INTO IOV : IOT BOTNETS 3 Root DNS Server Sender Receiver Application Application Software Software 2 DNS Query „www.amazon.com“ Application 3 Data Data ISP‘s Ask „.com“ server Layer Recursive DNS Top Ͳlevel Domain Client Laptop Server DNS Server „.com“ UDP UDP Transport UDP UDP DNS Query Header Data Layer Header Data 1 DNS Query 4 „www.amazon.com“ „www.amazon.com“ IP Internet IP Header IP Data Layer Header IP Data 5 Ask Dyn DNS 8 „216.58.211.36“ Frame Frame Frame Frame Link Header Frame Data Footer Header Frame Data Footer 6 DNS Query „www.amazon.com“ Authoritative 7 Response „216.58.211.36“ Fig.
Recommended publications
  • (U//Fouo) Assessment of Anonymous Threat to Control Systems

    (U//Fouo) Assessment of Anonymous Threat to Control Systems

    UNCLASSIFIED//FOR OFFICIAL USE ONLY A‐0020‐NCCIC / ICS‐CERT –120020110916 DISTRIBUTION NOTICE (A): THIS PRODUCT IS INTENDED FOR MISION PARTNERS AT THE “FOR OFFICIAL USE ONLY” LEVEL, ACROSS THE CYBERSECURITY, CRITICAL INFRASTRUCTURE AND / OR KEY RESOURCES COMMUNITY AT LARGE. (U//FOUO) ASSESSMENT OF ANONYMOUS THREAT TO CONTROL SYSTEMS EXECUTIVE SUMMARY (U) The loosely organized hacking collective known as Anonymous has recently expressed an interest in targeting inDustrial control systems (ICS). This proDuct characterizes Anonymous’ capabilities and intent in this area, based on expert input from DHS’s Control Systems Security Program/Industrial Control Systems Cyber Emergency Response Team (ICS‐CERT) in coordination with the other NCCIC components. (U//FOUO) While Anonymous recently expressed intent to target ICS, they have not Demonstrated a capability to inflict Damage to these systems, instead choosing to harass and embarrass their targets using rudimentary attack methoDs, readily available to the research community. Anonymous does have the ability to impact aspects of critical infrastructure that run on common, internet accessible systems (such as web‐based applications and windows systems) by employing tactics such as denial of service. Anonymous’ increased interest may indicate intent to Develop an offensive ICS capability in the future. ICS‐CERT assesses that the publically available information regarding exploitation of ICS coulD be leveraged to reDuce the amount of time to develop offensive ICS capabilities. However, the lack of centralized leadership/coordination anD specific expertise may pose challenges to this effort. DISCUSSION (U//FOUO) Several racist, homophobic, hateful, and otherwise maliciously intolerant cyber and physical inciDents throughout the past Decadea have been attributeD to Anonymous, though recently, their targets and apparent motivations have evolved to what appears to be a hacktivist1 agenda.
  • About the Sony Hack

    About the Sony Hack

    All About the Sony Hack Sony Pictures Entertainment was hacked in late November by a group called the Guardians of Peace. The hackers stole a significant amount of data off of Sony’s servers, including employee conversations through email and other documents, executive salaries, and copies of unreleased January/February 2015 Sony movies. Sony’s network was down for a few days as administrators worked to assess the damage. According to the FBI, the hackers are believed have ties with the North Korean government, which has denied any involvement with the hack and has even offered to help the United States discover the identities of the hackers. Various analysts and security experts have stated that it is unlikely All About the Sony Hack that the North Korean government is involved, claiming that the government likely doesn’t have the Learn how Sony was attacked and infrastructure to succeed in a hack of this magnitude. what the potential ramifications are. The hackers quickly turned their focus to an upcoming Sony film, “The Interview,” a comedy about Securing Your Files in Cloud two Americans who assassinate North Korean leader Kim Jong-un. The hackers contacted Storage reporters on Dec. 16, threatening to commit acts of terrorism towards people going to see the Storing files in the cloud is easy movie, which was scheduled to be released on Dec. 25. Despite the lack of credible evidence that and convenient—but definitely not attacks would take place, Sony decided to postpone the movie’s release. On Dec. 19, President risk-free. Obama went on record calling the movie’s cancelation a mistake.
  • How to Reform Counterintelligence Outreach to Industry

    How to Reform Counterintelligence Outreach to Industry

    Protecting Partners or Preserving Fiefdoms? How to Reform Counterintelligence Outreach to Industry BY DARREN E. TROMBLAY | OCTOBER 2017 U.S. industry is increasingly independent of federal government direction It’s time for a new in its creation of new knowledge and capabilities. Nonetheless, the approach to counterintelligence outputs of industry support the United States’ ability to maintain outreach to the elements of its national power. Consequently, industry is in the crosshairs commercial sector— of not only foreign competitors, but also of foreign intelligence services one that focuses more that seek to surreptitiously obtain valuable knowledge and other on recognizing and responding to intellectual property. This is an unfair fight. It is further complicated by indicators of the the fact that both adversaries and allies alike have directed their threat, less on turning intelligence resources against U.S. industry. to investigators once the damage has Although the U.S. government has attempted to partner with the private sector on already been done. counterintelligence (CI) awareness and response, these efforts have been plagued by a limited concept of which industry sectors are at risk, inconsistency in programs, and redundancies across agencies. Moreover, the U.S. intelligence community is already being asked to do more with less. It is time for a new approach to the important function of counterintelligence outreach to the commercial sector. Such an approach must focus more on recognizing and responding to indicators of the threat, less on turning to investigators once the damage has already been done. Counterintelligence—in the theoretical sense—means preventing an adversary’s intelligence services from acquiring an information advantage.
  • Van De Laarschot and Rolf Van Wegberg, Delft University of Technology

    Van De Laarschot and Rolf Van Wegberg, Delft University of Technology

    Risky Business? Investigating the Security Practices of Vendors on an Online Anonymous Market using Ground-Truth Data Jochem van de Laarschot and Rolf van Wegberg, Delft University of Technology https://www.usenix.org/conference/usenixsecurity21/presentation/van-de-laarschot This paper is included in the Proceedings of the 30th USENIX Security Symposium. August 11–13, 2021 978-1-939133-24-3 Open access to the Proceedings of the 30th USENIX Security Symposium is sponsored by USENIX. Risky Business? Investigating the Security Practices of Vendors on an Online Anonymous Market using Ground-Truth Data Jochem van de Laarschot Rolf van Wegberg Delft University of Technology Delft University of Technology Abstract However, there are numerous indications in earlier work that cybercriminals do not always achieve maximum security. Cybercriminal entrepreneurs on online anonymous markets Due to competing business incentives, criminals may turn rely on security mechanisms to thwart investigators in at- to insecure practices that ease transacting illegal products or tributing their illicit activities. Earlier work indicates that – services. Here, we witness an inevitable trade-off between despite the high-risk criminal context – cybercriminals may enhanced security and improved efficiency of operations [42]. turn to poor security practices due to competing business ‘Perfect security’ therefore, is not economically viable. Like incentives. This claim has not yet been supported through in the legitimate economy [54], security in the underground empirical, quantitative analysis on ground-truth data. In this economy comes at a cost [53]. This leads us to wonder how paper, we investigate the security practices on Hansa Mar- prevalent poor security practices (or: “insecure practices”) ket (2015-2017) and measure the prevalence of poor security among online anonymous market vendors actually are.
  • Internet Security Threat Report Volume 24 | February 2019

    Internet Security Threat Report Volume 24 | February 2019

    ISTRInternet Security Threat Report Volume 24 | February 2019 THE DOCUMENT IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENT. THE INFORMATION CONTAINED IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. INFORMATION OBTAINED FROM THIRD PARTY SOURCES IS BELIEVED TO BE RELIABLE, BUT IS IN NO WAY GUARANTEED. SECURITY PRODUCTS, TECHNICAL SERVICES, AND ANY OTHER TECHNICAL DATA REFERENCED IN THIS DOCUMENT (“CONTROLLED ITEMS”) ARE SUBJECT TO U.S. EXPORT CONTROL AND SANCTIONS LAWS, REGULATIONS AND REQUIREMENTS, AND MAY BE SUBJECT TO EXPORT OR IMPORT REGULATIONS IN OTHER COUNTRIES. YOU AGREE TO COMPLY STRICTLY WITH THESE LAWS, REGULATIONS AND REQUIREMENTS, AND ACKNOWLEDGE THAT YOU HAVE THE RESPONSIBILITY TO OBTAIN ANY LICENSES, PERMITS OR OTHER APPROVALS THAT MAY BE REQUIRED IN ORDER FOR YOU TO EXPORT, RE-EXPORT, TRANSFER IN COUNTRY OR IMPORT SUCH CONTROLLED ITEMS. TABLE OF CONTENTS 1 2 3 BIG NUMBERS YEAR-IN-REVIEW FACTS AND FIGURES METHODOLOGY Formjacking Messaging Cryptojacking Malware Ransomware Mobile Living off the land Web attacks and supply chain attacks Targeted attacks Targeted attacks IoT Cloud Underground economy IoT Election interference MALICIOUS
  • Security Now! #664 - 05-22-18 Spectreng Revealed

    Security Now! #664 - 05-22-18 Spectreng Revealed

    Security Now! #664 - 05-22-18 SpectreNG Revealed This week on Security Now! This week we examine the recent flaws discovered in the secure Signal messaging app for desktops, the rise in DNS router hijacking, another seriously flawed consumer router family, Microsoft Spectre patches for Win10's April 2018 feature update, the threat of voice assistant spoofing attacks, the evolving security of HTTP, still more new trouble with GPON routers, Facebook's Android app mistake, BMW's 14 security flaws and some fun miscellany. Then we examine the news of the next-generation of Spectre processor speculation flaws and what they mean for us. Our Picture of the Week Security News Update your Signal Desktop Apps for Windows & Linux A few weeks ago, Argentinian security researchers discovered a severe vulnerability in the Signal messaging app for Windows and Linux desktops that allows remote attackers to execute malicious code on recipient systems simply by sending a message—without requiring any user interaction. The vulnerability was accidentally discovered while researchers–amond them Juliano Rizzo–were chatting on Signal messenger and one of them shared a link of a vulnerable site with an XSS payload in its URL. However, the XSS payload unexpectedly got executed on the Signal desktop app!! (Juliano Rizzo was on the beach when the BEAST and CRIME attacks occurred to him.) After analyzing the scope of this issue by testing multiple XSS payloads, they found that the vulnerability resides in the function responsible for handling shared links, allowing attackers to inject user-defined HTML/JavaScript code via iFrame, image, video and audio tags.
  • Sample Iis Publication Page

    Sample Iis Publication Page

    https://doi.org/10.48009/1_iis_2012_133-143 Issues in Information Systems Volume 13, Issue 1, pp. 133-143, 2012 HACKERS GONE WILD: THE 2011 SPRING BREAK OF LULZSEC Stan Pendergrass, Robert Morris University, [email protected] ABSTRACT Computer hackers, like the group known as Anonymous, have made themselves more and more relevant to our modern life. As we create and expand more and more data within our interconnected electronic universe, the threat that they bring to its fragile structure grows as well. However Anonymous is not the only group of hackers/activists or hacktivists that have made their presence known. LulzSec was a group that wreaked havoc with information systems in 2011. This will be a case study examination of their activities so that a better understanding of five aspects can be obtained: the Timeline of activities, the Targets of attack, the Tactics the group used, the makeup of the Team and a category which will be referred to as The Twist for reasons which will be made clear at the end of the paper. Keywords: LulzSec, Hackers, Security, AntiSec, Anonymous, Sabu INTRODUCTION Information systems lie at the heart of our modern existence. We deal with them when we work, when we play and when we relax; texting, checking email, posting on Facebook, Tweeting, gaming, conducting e-commerce and e- banking have become so commonplace as to be nearly invisible in modern life. Yet, within each of these electronic interactions lies the danger that the perceived line of security and privacy might be breached and our most important information and secrets might be revealed and exploited.
  • Cloud Down Impacts on the US Economy 02

    Cloud Down Impacts on the US Economy 02

    Emerging Risk Report 2018 Technology Cloud Down Impacts on the US economy 02 Lloyd’s of London disclaimer About Lloyd’s Lloyd's is the world's specialist insurance and This report has been co-produced by Lloyd's and AIR reinsurance market. Under our globally trusted name, for general information purposes only. While care has we act as the market's custodian. Backed by diverse been taken in gathering the data and preparing the global capital and excellent financial ratings, Lloyd's report Lloyd's does not make any representations or works with a global network to grow the insured world – warranties as to its accuracy or completeness and building resilience of local communities and expressly excludes to the maximum extent permitted by strengthening global economic growth. law all those that might otherwise be implied. With expertise earned over centuries, Lloyd's is the Lloyd's accepts no responsibility or liability for any loss foundation of the insurance industry and the future of it. or damage of any nature occasioned to any person as a Led by expert underwriters and brokers who cover more result of acting or refraining from acting as a result of, or than 200 territories, the Lloyd’s market develops the in reliance on, any statement, fact, figure or expression essential, complex and critical insurance needed to of opinion or belief contained in this report. This report underwrite human progress. does not constitute advice of any kind. About AIR Worldwide © Lloyd’s 2018 All rights reserved AIR Worldwide (AIR) provides risk modeling solutions that make individuals, businesses, and society more AIR disclaimer resilient to extreme events.
  • Analyzing Third Party Service Dependencies in Modern Web Services: Have We Learned from the Mirai-Dyn Incident?

    Analyzing Third Party Service Dependencies in Modern Web Services: Have We Learned from the Mirai-Dyn Incident?

    Analyzing Third Party Service Dependencies in Modern Web Services: Have We Learned from the Mirai-Dyn Incident? Aqsa Kashaf Vyas Sekar Yuvraj Agarwal Carnegie Mellon University Carnegie Mellon University Carnegie Mellon University [email protected] [email protected] [email protected] Abstract the Mirai Dyn attack [24], GlobalSign revocation error incident in Many websites rely on third parties for services (e.g., DNS, CDN, 2016 [21] and the Amazon DNS DDoS attack in 2019 [50] affected etc.). However, it also exposes them to shared risks from attacks a significant number of popular web services. These incidents raise (e.g., Mirai DDoS attack [24]) or cascading failures (e.g., GlobalSign broader questions about the robustness of the web ecosystem: • revocation error [21]). Motivated by such incidents, we analyze Are these singular occurrences or are there other types of third- the prevalence and impact of third-party dependencies, focusing party services that are also potential Achilles’ heels for affecting on three critical infrastructure services: DNS, CDN, and certificate popular web-services? For example, as services are concentrated, revocation checking by CA. We analyze both direct (e.g., Twitter is there a single provider whose failure will have a significant uses Dyn) and indirect (e.g., Netflix uses Symantec as CA which impact on many websites critically dependent on it? uses Verisign for DNS) dependencies. We also take two snapshots • Are there hidden transitive or indirect dependencies between in 2016 and 2020 to understand
  • Internet Infrastructure Review Vol.34

    Internet Infrastructure Review Vol.34

    Internet Infrastructure Review Mar.2017 Vol. 34 Infrastructure Security Ursnif (Gozi) Anti-Analysis Techniques and Methods for Bypassing Them Technology Trends The Current State of Library OSes Internet Infrastructure Review March 2017 Vol.34 Executive Summary ............................................................................................................................ 3 1. Infrastructure Security .................................................................................................................. 4 1.1 Introduction ..................................................................................................................................... 4 1.2 Incident Summary ........................................................................................................................... 4 1.3 Incident Survey ...............................................................................................................................11 1.3.1 DDoS Attacks ...................................................................................................................................11 1.3.2 Malware Activities ......................................................................................................................... 13 1.3.3 SQL Injection Attacks ..................................................................................................................... 17 1.3.4 Website Alterations .......................................................................................................................
  • Announcement

    Announcement

    Announcement 100 articles, 2016-02-25 12:01 1 Microsoft introduces Windows 10 for PCs build 14271 and Mobile build 14267.1004 to Fast ring (4) Microsoft released two new Insider builds to the Fast ring today. Windows 10 Mobile build 14267.1004 fixes an issue with Lumia 550 and Windows 10 for PCs build 14271 has other fixes. 2016-02-24 18:16:01+00:00 1KB www.neowin.net 2 Apple plans Siri for Mac as tentpole feature for this fall's OS X 10.12 launch (2) Apple has reportedly been testing Siri for Mac since at least 2012, but even though the digital assistant has already made its way from the iPhone to the Apple Watch and Apple TV, it’s been notably absent from OS X.… 2016-02-25 08:32:48 1KB www.techspot.com 3 MasterCard wants to replace passwords and PINs with selfies In the ongoing search for the successor to unsecure passwords and PINs, financial (2) services giant MasterCard is taking a modern approach to authenticating transactions called MasterCard Identity Check. 2016-02-25 11:17:44 2KB www.techspot.com 4 Docker: Build Use-case-appropriate Containers - Developer.com Docker hits a sweet spot with the default container construction. It provides reasonable (2) defaults without hindering productivity of users. 2016-02-25 00:00:00 5KB www.developer.com 5 Alcatel OneTouch Fierce XL now supported by Windows 10 Insider Preview (2) After releasing Windows 10 for PCs build 14271 and Windows 10 Mobile build 14267.1004 today, Microsoft also announced that the Alcatel OneTouch Fierce XL can now enroll in the Insider Program.
  • Evolution of Iot Attacks

    Evolution of Iot Attacks

    Evolution of IoT Attacks By 2025, there will be 41.6 billion connected IoT devices, generating 79 zettabytes (ZB) of data (IDC). Every Internet-connected “thing,” from power grids to smart doorbells, is at risk of attack. BLUETOOTH INDUSTRIAL MEDICAL Throughout the last few decades, cyberattacks against IoT devices have become more sophisticated, more common, and unfortunately, much BOTNET GENERIC IOT SMART HOME more effective. However, the technology sector has fought back, developing and implementing new security technologies to prevent and CAR INFRASTRUCTURE WATCH/WEARABLE protect against cyberattacks. This infographic shows how the industry has evolved with new technologies, protocols, and processes to raise the bar on cybersecurity. STUXNET WATER BMW MIRAI FITBIT SAUDI PETROL SILEX LINUX DARK NEXUS VIRUS UTILITY CONNECTED BOTNET VULNERABILITY CHEMICAL MALWARE BOTNET SYSTEM DRIVE SYSTEM PLANT ATTACK (SCADA) PUERTO UNIVERSITY UKRAINIAN HAJIME AMNESIA AMAZON PHILIPS HUE RICO OF MICHIGAN POWER VIGILANTE BOTNET RING HACK LIGHTBULB SMART TRAFFIC GRID BOTNET METERS LIGHTS MEDTRONIC GERMAN TESLA CCTV PERSIRAI FANCY SWEYNTOOTH INSULIN STEEL MODEL S BOTNET BOTNET BEAR VS. FAMILY PUMPS MILL HACK REMOTE SPORTS HACK HACKABLE HEART BASHLITE FIAT CHRYSLER NYADROP SELF- REAPER THINKPHP TWO MILLION KAIJI MONITORS BOTNET REMOTE CONTROL UPDATING MALWARE BOTNET EXPLOITATION TAKEOVER MALWARE First Era | THE AGE OF EXPLORATION | 2005 - 2009 Second Era | THE AGE OF EXPLOITATION | 2011 - 2019 Third Era | THE AGE OF PROTECTION | 2020 Security is not a priority for early IoT/embedded devices. Most The number of connected devices is exploding, and cloud connectivity Connected devices are ubiquitous in every area of life, from cyberattacks are limited to malware and viruses impacting Windows- is becoming commonplace.