The IoT and Attack Vectors

This holiday season, you might’ve received or purchased a smart device as a gift. This device might connect to your phone or computer so that it could be used remotely, or it might connect to some other smart device that you own. Such devices are a part of the Internet of Things (IoT), a hot topic in both academia and business. Jacob Morgan of Forbes describes the IoT as both “the concept of basically connecting any device with an on and off switch to the Internet (and/or to each other)” and “a giant network of connected ‘things’ (which also includes people).” Practical examples include the Google Home and Amazon Echo smart speakers, which can connect to compatible devices such as microwaves so that everything can be activated with voice commands. 

Note that applications of the IoT extend far beyond those that apply to smart homes. IoT devices have proven to be crucial in helping farmers optimize crop harvesting. According to Andrew Meola of Business Insider, farmers have been “smart farming” since 2016. Examples include the use of sensors that can evaluate soil acidity, access weather forecasts, and be accessed by smart phones for remote monitoring. The IoT helps doctors too; Sean Gallagher of Ars Technica considers hospital medical instruments with embedded operating systems to be a part of the IoT. Overall, the IoT can be a tremendous asset to the workplace. 

However, there is a dark side to the convenience of the IoT: an increase in potential attack vectors. Let’s say you have a home computer with a strong firewall and a an IoT device with a weak firewall and permission to go through your computer’s firewall. Now, anti-virus software aside, imagine that your IoT device gets compromised. The hacker could exploit the connection between it and your home computer to infect the latter. Now, imagine that you buy dozens of IoT devices—coffee makers, fridges, microwaves, etc.—all connected to your computer and to one-another. One weak link could mean that your whole smart house—or even worse, your entire farm or hospital—gets infected. The more IoT devices you have, the greater the potential for weak links. 

In November, Beth Steele of the FBI gave an example of a potential IoT attack vector: smart TVs, which make for tantalizing holiday gifts. Steele notes that a “bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router,” as well as spy on you through your TV’s microphone and/or camera. Steele provides the following security advice: understand which features your TV has, such as any microphone and camera capabilities; don’t rely on the default security settings, and change default passwords; learn how to shut off the camera and/or microphone, and worst case, cover the former with black tape if necessary; and finally, check the privacy policies of your TV and streaming services. As we begin a new year, you should make sure that every smart device gift is secure. It is better to make sure you’re secure now than to suffer later. 

Cybersecurity through IT Modernization

Ransomware is a problem that can be mitigated through IT Modernization.

Last week, Dan Goodin of Ars Technica reported that LifeLabs—a specialty laboratory testing company based in Canada—was the victim of a recent cyberattack. On the first of November this year, LifeLabs reported a potential cyberattack, which was later confirmed to be real and one that resulted in 15 million customers having their data stolen, as mentioned in a recent statement by the Office of the Information & Privacy Commissioner for British Columbia (OIPC). Said data included everything from passwords to health information and the attackers demanded a ransom in exchange for restoring the data. To rub salt on the wound, LifeLabs ultimately released an open letter stating that they gave into the ransom demand. Dan Goodin observed that the open letter is absent of any information regarding the amount of the paid ransom. An enormous ransom could serve as a source of embarrassment and damage the reputation of a health service provider. 

During the last four years, ransoms connected to cyberattacks have become a common trend. Part of this is due to public victories for hackers, using the LifeLabs incident as an example. Another factor is the rise of malware specifically created for ransoms, known as ransomware. Although the use of ransomware isn’t mentioned in the open letter or the statement, it makes ransom schemes significantly easier to carry out and often works by encrypting the victim’s data so that even if the malware had somehow been removed, data would still be lost because victims wouldn’t possess the key necessary for decryption. 

Unfortunately, not only do hospitals have to treat infected patients, but the systems they need to treat their patients can be infected too. Since health-related data is critical and often time-sensitive, hospitals have proven to be popular targets for ransomware attacks. Examples would be the 10 targeted in Maryland in 2016, as noted by Sean Gallagher of Ars Technica. The nature of such attacks is worsened by the fact that hospitals deal with life-or-death scenarios. In 2016, CNBC reported that a hospital in Los Angeles became the victim of ransomware, thus forcing the transfer of emergency room patients to other hospitals. The ransom itself was reported to be equivalent of $3.7 million in Bitcoin—the currency of choice for hackers.  

Many hospitals are victims of ransomware due to poor IT infrastructure. In 2016, Sean noted that “many hospitals still have computerized IV pumps, MRI machines, monitors, and other devices that are running on old, unpatched embedded OSes because the manufacturers have been slow to update them”. Tudor Drugan and Dan Istrate of Iuliu Haţieganu University of Medicine and Pharmacy suggest that the manufacturers decrease production costs and speed up product placement by foregoing any measures to ensure the security of their devices. Although forcing manufacturers to update their embedded OSes may not be feasible for hospitals and clinics, they can still take measures to prevent ransomware attacks. IT Modernization—such as that provided by SD Solutions, LLC—can reduce the likelihood of ransomware attacks. This is accomplished by updating the legacy systems that can be updated, replacing both old hardware and software, as well as ensuring that IT staff members receive proper training. 

What are SIEMs and what do they do?

For cyber security experts, network security is one of the most important they must monitor on a day to day basis. Now, more than ever, we are seeing more targeted threats to networks than ever before. However, there are many tools that can help a cyber security expert keep a network secure and safe. One of those tools is called Security Information and Event Management or SIEM for short. What a SIEM does is help security professionals see what actions and activities are going on. It will also log activities as well so security professionals can see them as well. SIEMs have been around for a little while in the industry, but SIEMs have been changing over those years to help protect against ever changing threats. Newer models are introducing threat intelligence. The SIEM will look at both user and network behavior to gather more intelligence whether the actions are malicious or not. Newer SIEMs can also allow network security professionals to define how systems behave.  Continue reading

The WannaCry Attacks

In May of 2017, a worldwide cyberattack occurred. This attack was a ransomware crypto worm called WannaCry. Before we dive into the specifics of WannaCry, we must understand what ransomware and crypto worms are.  Ransomware is a malicious software that threatens the user that it will make their sensitive information public or will display a fake FBI threat. The attacker will demand payment from the user so that the software can be removed from the computer. However, the attackers will get the victim’s information either way. Another technique an attacker will use is called a crytoriral extortion. This attack encrypts the user’s files to make them inaccessible and demands that the victim pays them money to decrypt their information. A crypto worm is another name for a worm. A worm is malware that can replicate itself without user intervention.

Continue reading

BIOS and UEFI firmware attacks

Attacks can come from anywhere. You will see viruses, ransomware, spyware, worms, Trojans and many more on the internet daily. Of course, some of them are more harmful than others, but there are general ways that you can get rid of them on your computer. You could erase the operating system and then reinstall it back onto your device, or you could reformat your hard drive. As we progress into the future, attacks are becoming more and more sophisticated. They are now harder to detect and figure out how they work. Thus, making them harder to deal with. Fortunately, there are still ways to deal with these threats. However, there has been one attack that has been always lurking in the shadows. Something that has been around for a while that many people are unaware of. This attack is called BIOS and UEFI attacks. The fact of the matter is, these attacks have been around for a long time. It has just been over looked by so many cyber security experts. 

Continue reading

The Panama Papers Leak

In 2015, a personal information leak took place that affected over 214,488 entities and over 19 countries. This event is regarded as the Panama Papers leak. This leak released over 11.5 million documents that dealt with the e-mails, pdf files, photo files, and excerpts of an internal Mossack Fonseca database. Mossack Fonseca was a Panamanian law firm and a corporate service provider that used to be the fourth largest provider of offshore financial services. This leak gave detailed personal client-attorney information and personal financial information. One would think that a huge event like this would have a person who is responsible; however, the source remains anonymous. The attacker remained anonymous because he contacted a well-known German newspaper known as the Süddeutsche Zeitung (SZ). The SZ, along with the Consortium of Investigative Journalists (ICIJ), are responsible for breaking this story to the public. So, this begs the question; why did the attacker do such a thing like this? Well, as reported by the SZ, it is said that the anonymous hacker’s motives simply because was he “understood enough about their contents to realize the scale of the injustices they described.” This is because Mossack Fonseca dealt with shell companies which are companies that have no office or employees so that they can be used as money laundering and tax evasion. Mossack Fonseca also dealt with tax havens. The Panamanian government have denounced the name since it deals with more of the company Mossack Fonseca.

Continue reading

The Deep Web and the Dark Web

The Internet, something that we all think we know. We think we know how it works, what all is on the internet and the uses of it. I mean, we use it every day, shouldn’t we know all about it?  However, you may not know as much as you should about the internet. The truth is, the internet that we use only makes up about 4%. Yes, this includes all our social media, search engines, and gaming sites. You may think that these websites are so big, why do they only take up so little of the internet? This is because the for rest of it we do not have access. The other 96% is known as the deep web and the dark web. This is where business and government agencies have their information. The reason why the deep web is so large is because of how extremely large business and government data bases are. They span several years long and an incredible amount of data in them. However, a small part of the deep web is the dark web. On the dark web, there is more sinister items stored there. In this post we will look at both the deep web and the dark web respectively. Will see what kinds of threats come from both. We will look at how we must be more aware what we share on the internet.

Pyramid Graphic

We will first talk about what the deep web is all about. As I said before, this part of the internet is inaccessible to you and me. This part of the web cannot be indexed by regular search engines or methods. This is where big companies like IBM and Google store all their data. It is estimated that 54% of the world’s data bases are stored there. The deep web also holds private intranets for colleges and universities. These intranets hold private message boards, personal files and so on. It is estimated that these take of 13% of the deep web. The deep web also includes online banking, video on demand and email applications. It may seem like you do have access to things while using a browser, but you don’t.  The only way you have access to these places is that you have a password and user name that accepts you onto the private network. You cannot have access without these things and just get on and see the information. This brings us to how these places can be hidden from people on the internet. These sites on the deep web use special routers. These special routers reject traffic that is coming from an unauthorized device, or the device does not meet certain requirements, or they do not present the correct user name and password assigned to that device. Another way these places stay hidden is with private intranets. These networks are only accessible at a certain site or you must have login information to be able to join.

The darker part of the deep web is called the dark web. The dark web is inaccessible to you and I like the deep web, but it uses different methods to stay hidden from the public. The dark web is like the black market of the internet. This is where people sell drugs, credit card numbers, social security numbers and much worse. These sites use something called an onion router. The onion router works only with other onion routers. The routers are all over the world and the owners are unknown. These routers are accessed by special search engines. These search engines will use strong encryption software so that transmissions are secure. The dark web is most likely the place where stolen data ends up. Like mentioned before, people will sell this stolen information to the highest bidder. This is yet another reason why we must protect our data.

Speical Routers

As we roam the internet, we must be careful of what we share. The internet is a big place and it is ever- expanding like our universe. So, as we spend hours on social media or visiting different sites, we must realize that we never know where our data will end up. Maybe they will go into a large data base where a company is collecting data to see what trends young people present the most or, it could fall into the hands of a person who will impersonate you to get even more of your personal information and sell it on the dark web. As we go through our day to day lives, we must always be cautious of who is lurking in the shadows in the real world and the cyber world.

Interested in discussing the challenges and solutions on this topic? Please contact us at or call 540-860-0920.


Mobile Security

We all have them, resting there in our pockets, laying around close to you or even in your hand right now. That’s right, it’s your mobile devices. These devices seem essential now. It seems like we can’t live without them anymore. They seem to dictate what we do daily. Mobile devices are clearly an important innovation and a token of the forward progress of technology. As it may seem, mobile devices can be a person’s best friend, but also their worst nightmare. You might ask “why are they our worst nightmare if you have said all of these great things about them?” Well, as you see, technology that is created always has a good positive side to it, while it also has a negative side to it as well, and mobile devices are no different. What we have on us is potentially a life changing device or a diamond mine for attackers. As we do more and more things on our devices like online banking, sending corporate emails, using our devices to pay for items because we stored our credit card information on it, etc., we find ourselves less protected than ever before. This is because of the amount of personal data found on our mobile devices are not protected as much as they should. After reading this article, I hope to help you be more aware of the security of your mobile device, how you can protect your device and what to stay away from.

Continue reading

Continuous Diagnostics and Mitigation

Every day, we connect to networks to get into databases, different webpages and other such things without us even knowing it. For example, when we start up our phones and use the internet on them, send text messages, and make calls, we use a network that has been set up by a mobile carrier. Another example is when we go to work and use a computer located in the work place. The computers all located in our workplace are connected to a network. You can access information from the workplace’s data base or communicate to other computers that are connected to this network. These instances aren’t any different when we move up into the government level. The government uses networks to do about the same thing we do and more. These government networks are highly protected and secured because they hold sensitive information. Since we all use networks, they need to be protected highly just like our data. There are many ways one could secure a network. A business could use firewalls, strong encryption and so on. However, the government uses all those basis ways, but they also have a method to securing their network. The government uses Continuous Diagnostics and Mitigation (CDMs) to secure networks and the systems in their position.

Continue reading

Security Information and Event Management

Target, Equifax, Wendy’s, what do all these companies have in common? They are different yet, they all have experienced the same thing. That is right, all these companies have experienced a breach in their security resulting in millions of credit cards, social security numbers and other personal information being exposed on the internet. I am sure that many of you have heard of these security breaches on the news, in a paper, or on other social media outlets. The breaches were the top headliner on many different news outlets for days on end and rightfully so. After each type of these incidents reported, I am always left wondering to myself, “could they have possibly done more to protect our information?” As are living in the aftermath of what is regarded as the digital explosion, more and more of our personal information is being stored in big data bases and not in locked filing cabinets. Our world has changed and so have we. We have accepted the fact that our information will be on the internet whether it being our choice to put it there or not. Because of this reality, our businesses today must continue to be progressive in cyber security. This could be installing the latest version of an OS, or making sure that they use strong encryption methods, or following good password creation. However, one of the best ways to improve this area is with Security Information and Event Management.

Continue reading