#Botnet
Text
"According to a recent report published by the Aargauer Zeitung (h/t Golem.de), around three million smart toothbrushes have been infected by hackers and enslaved into botnets. The source report says this sizable army of connected dental cleansing tools was used in a DDoS attack on a Swiss company’s website. The firm’s site collapsed under the strain of the attack, reportedly resulting in the loss of millions of Euros of business."
106 notes
·
View notes
Text
21 notes
·
View notes
Text
Il malware AVrecon ha infettato 70 mila router per Linux, per costruire una botnet.
2 notes
·
View notes
Text
Malware Explained Part 1: Understanding the Malicious
Dive into the world of malware in this first part of a series! In this video, I'll be sharing my views on what malware is, how it works, and the different types you might encounter. Whether you're a tech wiz or just starting out, this video will equip you with the knowledge to stay safe online. Stay tuned for Part 2 where we'll discuss how to protect yourself from malware attacks!
To learn more do check out Cybersecurity courses.
#Cybersecurity#ethicalhacking#InfoSec (Information Security)#DigitalDefense#CyberThreats#DataSecurity#OnlineSafety#SecurityAwareness#CyberHygiene#Cybercrime#Phishing#Ransomware#Spyware#Adware#Virus#Worm#Botnet#ZeroDayAttack#MalwareAnalysis#CyberSecurityBasics#StaySafeOnline#ProtectYourData#CyberSecurityTrends#EthicalHacking#VulnerabilityManagement
1 note
·
View note
Text
Debunking 10 common misconceptions about IoT devices - CyberTalk
New Post has been published on https://thedigitalinsider.com/debunking-10-common-misconceptions-about-iot-devices-cybertalk/
Debunking 10 common misconceptions about IoT devices - CyberTalk
By Antoinette Hodes, a Check Point Global Solutions Architect and an Evangelist with the Check Point Office of the CTO.
This article aims to provide a comprehensive overview of the most common misconceptions surrounding IoT (Internet of Things) devices. As the adoption of IoT devices continues to grow, it is crucial to address these misconceptions and provide accurate information to users and businesses alike. This will lead to better adoption and utilization, and foster a more informed and secure IoT ecosystem.
IoT devices are not a valuable target for hackers (read: criminals)
This is false. IoT devices often collect personal and sensitive data, making them attractive to hackers. Topics like user consent and data privacy should be addressed. IoT data is the “new gold” and it is important to anonymize data and incorporate data privacy-by-design principles.
IoT devices don’t collect or hold sensitive information
Many IoT devices collect and transmit personal or sensitive data, which can be compromised. Although devices will not store it, security controls like data encryption are often needed. There 3 types of data: data at rest, data in transit and data in use. Data in use the most vulnerable and often easy to compromise.
IoT devices do not pose a risk to the overall network security
Often, there is an assumption that IoT devices are isolated from the network: IoT devices can act as entry points to the broader network, a potential starting point of starting the Cyber Kill Chain. We also see lateral movement and propagation attacks.
Manufacturers always prioritize security when developing IoT devices
IoT device manufacturers are already under high levels of pressure in a very competitive market. They must balance cost against device functionality, while remaining attractive and differentiating their products. So, in general, security is often overlooked in favor of functionality and cost-cutting measures. IoT devices are often not “Secure by Design” or “Secure by Default”.
Physical access to an IoT device is required to compromise its security
In many cases, IoT devices are remotely exploited and compromised. Connected devices provide access, enabling attackers to exploit vulnerabilities or extract sensitive data from the IoT devices. Or devices can be utilized for network based attacks, like Man-in-the-Middle (MitM) attacks. This can lead to disruption or unauthorized control.
IoT devices are only a threat on the internet
IoT devices connected to a local network can still be compromised and pose a threat. They can be used as jump host, infiltrate or scan the network, lateral movement and propagation attacks.
IoT devices are immune to malware
There is a general assumption that IoT devices are immune to malware due to limited hardware. Nonetheless, malware can infect IoT devices, allowing hackers to gain control or use them as part of a botnet. IoT devices are often connected to the internet and can potentially be accessed by attackers. IoT devices are often used in critical infrastructure, like power grids and hospitals. This makes them very attractive targets through which to cause a massive and widespread impact.
IoT device security is a one-time setup
Either the device should be hardened from within, making it zero-day proof or security measures like ongoing monitoring, updates, and patching are needed. IoT device security is not a “set and forget” kind of thing. As the technology evolves, new security threats evolve along with it. IoT devices that are not attended to, from a security standpoint, can quickly become outdated and vulnerable.
Consumers are not responsible for securing their IoT devices; it’s the manufacturer’s job
Manufacturers bear the responsibility of prioritizing security during the design and development stages. Through the implementation of robust security measures, they can effectively shield consumers from potential attacks and breaches. However, consumers also have a role to play in ensuring device security. By actively pursuing measures such as changing default passwords, using strong passwords, and keeping devices updated, consumers can actively contribute to safeguarding their data and preventing cyber attacks. Ultimately, the security of IoT devices is a shared responsibility between manufacturers and consumers. Informed and educated consumers who prioritize security will assess the security level of the device they intend to use, opting exclusively for trusted reputable vendors.
Home IoT devices are not targets
It is often believed that cyber attacks solely target specific individuals or organizations. However, a significant number of cyber attacks are classified as “spray attacks.” In these cases, random victims with lower levels of security become the primary targets.
Furthermore, attackers frequently focus on home IoT devices, aiming to either obtain personal data or exploit their vulnerabilities for more significant attacks. Unfortunately, many of these devices lack proper security measures, making them easy to compromise. Once compromised, these assets are often utilized as “zombies” in a botnet, potentially participating in activities like DDoS attacks.
In conclusion, debunking these misconceptions helps in understanding the true nature of IoT devices and the need for robust security measures to ensure their safe and effective utilization. Ultimately, the security of IoT devices is a shared responsibility between manufacturers and consumers.
Related resources
The green revolution | How IoT is driving sustainability – Learn more
Friction to integration | How blockchain can streamline manufacturing processes – Details
IoT solutions for enterprise, industrial and healthcare groups – Get product information here
#Antoinette Hodes#Article#assets#attackers#Blockchain#botnet#Check Point#comprehensive#connected devices#consumers#critical infrastructure#CTO#cutting#cyber#cyber attacks#cyber security#data#data privacy#data protection#data security#DDoS#ddos attacks#Design#design principles#details#development#device security#devices#disruption#easy
0 notes
Text
New InfectedSlurs Mirai-based botnet exploits two zero-days
New InfectedSlurs Mirai-based botnet exploits two zero-days
Pierluigi Paganini
November 22, 2023
Mirai-based botnet InfectedSlurs has been spotted exploiting two zero-day RCE flaws to compromise routers and video recorder (NVR) devices.
Akamai discovered a new Mirai-based DDoS botnet, named InfectedSlurs, actively exploiting two zero-day vulnerabilities to infect routers and video recorder…
View On WordPress
0 notes
Text
Comprueba si formas parte de una botnet.
El servicio AntiBotnet de INCIBE pone a nuestra disposición mecanismos para poder identificar si desde nuestra conexión a Internet (siempre que lo utilices dentro de España) se ha detectado algún incidente de seguridad relacionado con botnets u otras amenazas, y nos ofrece información al respecto y herramientas para que podamos desinfectar nuestros dispositivos en caso de que nos llevemos una…
View On WordPress
0 notes
Text
Service IRC: Cosa sono e a cosa servono
I servizi Internet Relay Chat (solitamente chiamati service IRC ) sono il nome di un insieme di funzionalità implementate su molte moderne reti Internet Relay Chat . I service di Internet Relay Chat sono bot automatizzati con status speciale che vengono generalmente utilizzati per fornire agli utenti l’accesso con determinati privilegi e protezione. Di solito implementano una sorta di sistema di…
View On WordPress
0 notes
Text
ExtraHop® Open Sources Machine Learning Dataset to Help Security Teams Detect Malware and Botnet Operations Faster
Manila, Philippines – ExtraHop, a leader in cloud-native network detection and response (NDR), today announced it is open sourcing its expansive 16 million row dataset – one of the most robust available – to help defend against domains generated by algorithm (DGAs). This is in an effort to level the playing field for defenders and empower businesses of all sizes to better secure their…
View On WordPress
0 notes
Text
Wereldwijd netwerk gehackte computers onschadelijk gemaakt door OM en FBI
Opsporingsdiensten uit zeven landen, waaronder Nederland, hebben met ‘Operatie Duck Hunt’ het criminele botnet-netwerk Qakbot ontmanteld. Met Qakbot, sinds 2008 actief, wisten criminelen toegang te krijgen tot wel zevenhonderdduizend computers, om daarmee fraude te plegen of bedrijven af te persen. Volgens het Landelijk Parket is de afgelopen jaren via Qakbot voor honderden miljoenen euro´s…
View On WordPress
0 notes
Text
Gafgyt-Malware nutzt fünf Jahre alten Fehler im EoL-Router von Zyxel aus
Gafgyt-Malware profitiert von älterer Schwachstelle in nicht mehr unterstütztem Zyxel-Router
Verbesserte deutsche Schlagzeile: Gafgyt-Malware nutzt Schwachstelle in Zyxel-Router aus, der nicht mehr unterstützt wird.
Fortinet hat eine Warnmeldung herausgegeben, dass die Gafgyt-Botnet-Malware aktiv versucht, in Tausenden von täglichen Angriffen eine Schwachstelle im ausgemusterten Zyxel…
View On WordPress
0 notes
Text
youtube
0 notes
Text
How small businesses can mitigate the dark side of digitization - CyberTalk
New Post has been published on https://thedigitalinsider.com/how-small-businesses-can-mitigate-the-dark-side-of-digitization-cybertalk/
How small businesses can mitigate the dark side of digitization - CyberTalk
I’m Zahier Madhar, and I’m honored to work as a Lead Security Engineer and Check Point Evangelist. I’ve been part of the Check Point team since 2012, and my journey in the industry began in 2006. I’m dedicated to helping Dutch companies boost their cyber security. Outside of work, I enjoy practicing Krav Maga, going for runs, and staying updated on cyber threats using Check Point’s research (https://research.checkpoint.com), Telegram, and various forums.
In this brilliant interview, Check Point expert Zahier Madhar offers astute and thoughtful insights into the state of digital transformation for non-traditionally digital businesses. Discover ultramodern trends, original thinking, and actionable security strategies. Don’t miss this!
Can you share a bit about the trends that you’re seeing in terms of every business becoming a digitized business?
Companies are digitizing more than ever before. The digitization has been driven by a variety of reasons, such as reducing costs, reaching a larger audience, and enhancing customer experience, among others. This trend is not limited to large enterprises, but extends to businesses like the bakery next door. In the modern world, even the local bakery is embracing digitization. The reasons behind these transformations are often similar to those of larger companies.
For instance, many bakeries are incorporating smart or connected ovens. These ovens allow bakers to upload or program baking processes, making the baking process more efficient and dynamic. Additionally, numerous bakeries have adopted webshops, enabling customers to order bread online for convenient pickup, resulting in a direct increase in sales. E-commerce plays a crucial role in attracting more customers to both the physical shop and the online platform.
To streamline operations, the Point of Sale (POS) system is connected to the internet. This reduces administrative tasks. This integration enables the bakery to focus on what they do best — baking bread. Like any other business, the bakery is constantly seeking opportunities to enhance efficiency, increase customer satisfaction, and reach a wider audience, ensuring that the process of digitization never comes to a halt.
A big step in going digital is using cloud technology. This allows businesses, including bakeries, to become more flexible and scale their resources based on demand. Cloud technology enables the bakery to host its website, webshop, and POS system efficiently.
Another noteworthy step in digitalization is the use of Artificial Intelligence (AI). AI is widely employed for data analysis, predictive analytics, and personalized customer experiences.
Even a bakery can explore using AI for digital transformation. For instance, by analyzing purchasing history, AI can customize marketing campaigns and implement dynamic pricing based on demand and time of the day.
Finally, the Internet of Things (IoT) is a key component of many companies. Organizations are incorporating smart screens, camera systems, and climate control to enhance convenience for employees and to save on costs. Continuing the analogy above, the bakery is leveraging IoT in its digital transformation journey. From smart ovens to temperature monitoring and energy management, IoT applications enable the bakery to operate more efficiently, receive alerts during the baking process, and achieve cost savings.
Can you provide an overview of the positive and negative aspects of this trend, especially as they relate to cyber security professionals?
Security is the most important concern in digital transformation. Digitizing requires adopting a robust cyber security strategy, enabling the business to undergo transformation in the most secure way. The digitalization of the business introduces various technologies such as cloud, SaaS, IoT, and AI, allowing employees to work from any place at any time.
In the example for the bakery, it means that the baker can monitor the baking of the bread while he is working in the shop serving customers. This flexibility is a significant advantage for business continuity. However, it also makes things challenging for security experts.
The process of digitization blurs the borders between secure and unsecured networks, increasing the attack vector as more technologies are connected to the internet. More connections mean a higher chance of data breaches. So, it’s important for security experts to be there from the start and to stay involved as digitization keeps going.
Pro Con Flexible Security Efficiency Maintenance Improve customer experience Knowledge Innovation Complexity Expand market reach Compliance Improve communication Data privacy Marketing Trust Digital payments Integration Scalable Monitoring
Given the above, what specific challenges do you foresee for non-traditionally digital businesses in terms of data security?
It is essential for everyone to have a basic cyber security awareness knowledge, similar to understanding the importance of locking the door when leaving the house or wearing a seatbelt while driving. This awareness is crucial in recognizing phishing emails, avoiding malicious links, and refraining from opening unknown files from unfamiliar storage devices.
However, implementing the correct security strategy to support the digitization of a non-traditionally digital business requires the expertise of a security professional. Employees also need to undergo awareness training on how to handle data securely. Having a security professional and doing training usually costs money, and limited budgets might make it a challenge.
Also, there are other things to think about that require a security professional, like keeping data private, watching for security issues, and doing routine maintenance. These additional aspects are important for keeping a safe digital space and need careful attention.
To summarize, the challenges would be budget, the right technology, knowledge and awareness.
Do you think it’s realistic for our world to effectively demand that every business owner and operator become a digital and cyber expert?
No, I don’t think so. It isn’t realistic to expect every business owner and operator to become a digital expert. What I believe is realistic is that every business owner and operator has basic knowledge, such as using strong passwords (MFA), being aware of phishing attempts, and ensuring that software is kept up-to-date. I also think it’s practical for business owners to be security champions, making sure that steps taken for digitizing the business are done securely.
For businesses like bakeries, or [insert a similar example], what strategies do you think are effective in maintaining simplicity and sufficient cyber security?
A basic plan doesn’t need to be complicated. There are a few effective items that can be taken care of even by non-security professionals:
1. Ensure that employees have basic knowledge like not sharing passwords, using strong passwords, and recognizing phishing attacks.
2. Keep all devices up-to-date with the latest software updates.
3. Separate the guest Wi-Fi from the work network to enhance security.
4. Schedule regular scans with the endpoint security client to ensure no threats are overlooked.
5. Maintain a list of all hardware and software products, along with their versions.
A good next step would be to enhance the security architecture to prevent more complex and advanced threats targeting the broad attack surface introduced by digitization. Check Point provides a unified architecture focused on preventing threats across various attack surfaces. Additionally, the architecture introduces a standardized cyber security language to create a security policy that enables any type of company to conduct their business securely over the internet.
A strong follow-up to this is creating an incident response plan. For instance, ensure you have contact details for an incident response team that you can reach in case of an incident. If you don’t have one, take note of the Check Point incident response team at +1-866-923-0907 (https://www.checkpoint.com/support-services/threatcloud-incident-response). Understand the impact on the bakery and inform the employees promptly.
How else can the risks associated with the ‘dark side of digitization’ be mitigated?
I highly recommend that every type of business embrace digitization to maximize efficiency. Security should always be an integral part of the overall strategy.
For large enterprises, I strongly advise implementing a security strategy that comprehensively covers all attack vectors. This can be achieved through a consolidated platform, which lowers the risk of misconfigurations, provides better visibility, and simplifies security tasks. The platform should be API-driven to facilitate automation and integration with third-party solutions.
Remarkably, enterprise-grade security and technology are now accessible even for smaller businesses, such as the bakery next door. Check Point offers solutions tailored for small to medium-sized businesses, allowing them to leverage the right technology to address the diverse attack vectors associated with digitization. The Check Point solution provides a consolidated architecture that is easy to set up and maintain, even for those without extensive security expertise. It secures networks, mobile devices, endpoints, cloud email, and SaaS apps.
In summary, my strong recommendation stands: Every business, regardless of size, should embrace digitization to enhance efficiency, with security integrated into the core of their strategy. More information about the available solutions for small and medium businesses can be found here: https://www.checkpoint.com/solutions/small-medium-business-security.
Based on your observations and analyses, what are the key takeaways for CISOs and cyber security professionals here?
Digitization sounds appealing and is currently a trend. It is tangible, making many business owners proud as they modernize their processes. However, when something goes wrong, the impact can be significant — customer data might leak, passwords might be stolen, or smart IoT devices could become part of a botnet.
The world is more digital than ever, and there’s no reason to believe this trend will stop. Digitization requires cyber security involvement at every step, from regulations to technical details.
1. Digitization adds value to any business.
2. However, the dark side is that it increases the attack surface.
3. The role of a Chief Information Security Officer (CISO) is crucial to realizing a secure and future-proof transformation.
Is there anything else that you wish to share with the Cyber Talk security community?
The key to successful digitization is integrating cyber security; from regulations to technical details. This ensures that the transformation is future-proof and secure, making it easier to adopt new regulations like NIS2 and expand the range of products connected to the internet while mitigating potential risks.
#advanced threats#ai#alerts#Analysis#Analytics#API#applications#apps#architecture#artificial#Artificial Intelligence#attention#automation#awareness#botnet#bread#budgets#Business#business continuity#challenge#Check Point#chief information security officer#CISO#CISOs#climate#Cloud#cloud technology#Commerce#communication#Community
0 notes
Last Seen Blogs
peas-in-a-can-pie
Winter is Coming
prussiantique
A Stanza A Day
auctorpetrova
Tatia Petrova
kingdom123456
Untitled
