Cyber Security Watch March 2020
The new decade has brought more viruses than anyone could have predicted, but coronavirus Covid-19 is not the only one we need to watch out for. Infected software and hacked hardware are making it difficult for businesses all around the world. Any system is only as strong as its weakest link, cyber is no different. Your network could be as difficult to break into as the Bank of England but if someone leaves a key behind the bins then…..
Read on to find out what else has been happening in the world of cybersecurity.
IoT devices infected with crypto-miner software
Even the most basic technology can be infected with malware, proved by the revelation that some IoT devices running Windows 7 have been infected with crypto-miner right at the source of manufacturing. After the malware scans the network for other devices it can infect, it can spread across devices to maximise the damage. Over 50 sites have been identified with this disruptive software, and even though Windows 7 has officially reached the end of life, there are still millions of devices using this operating system. Our CEO Paul Hague will be releasing a more in-depth analysis of the weakness of WiFi routers on SC Magazine, coming soon.
Linux and Windows exposed to hackers
Any network is only as strong as it’s weakest link. As if we needed more proof on this, security firm Eclypsium has discovered that many of the devices on the edge of our networks are not implementing security checks on installation of firmware, giving anyone the option to add malware to devices we use every day. These peripheral devices are the weak links that will break a network and permit hackers to enter into networks and wreak havoc, steal data, or worse.
Ring forced to enforce 2FA
It’s not been a good month for Ring. The connected doorbell product has been hit with a number of attacks and security issues, many of them deeply concerning to the cybersecurity industry. When such a basic device doesn’t have two factor authentication (2FA), it’s just an invitation to hackers and malware, which is why Ring is now enforcing 2FA – something that it should have done from the very beginning. We expect other smart device manufacturers to start ensuring this is standard practice to avoid the problems Ring – and their customers – have endured.
$41m fine for slowing down technology
If you were one of the millions of people convinced that their Apple technology always seemed to degrade right at the two year mark, you have been proved correct. Apple has been fined $41m by the French consumer watchdog for ‘a lack of transparency’ in this practice, and while conspiracy theorists can pat themselves on the back, it’s still a practice that many hardware manufacturers are undoubtedly following, leaving backdoors open for consumers who have purchased devices trusting that their technology will continue to perform.
Legislation attempts to keep up with IoT security
Governments of the world are supposed to protect their citizens, but how can they if they don’t fully understand what they are protecting them from? While the UK government has only now (finally) said that they will require makers of IoT hardware to ship devices with unique passwords, legislation is just so far behind the technology it’s almost worthless. How about a zero trust model where the IoT devices have to 2FA authenticate to the router or hub? Once to get attached to the network, and then once to be approved. No password would be required as the router trusts nothing until told otherwise. Not a perfect solution perhaps, but much better than the current system which the government until now has allowed…
You are being watched – even if you don’t know it
A new study has been released by Brave revealing that private companies are gathering data from council websites across the UK. In Surveillance on UK council websites, the report demonstrates that an understanding of data and consent is either severely lacked or just plain ignored. Everybody appears to be at it, but the sinister side here is about selling data that you’ve been to particular parts of the site. Could this be insurance companies looking for trends? Whoever it is, the practice is outdated and gives citizens no ability to consent or withdraw consent – worrying in this age of GDPR.
Want to stay in the loop? Join our newsletter here.