Easy Hacker Targets: Bad Password, IoT Devices, and no 2FA. Let’s Make It Harder In 2019!

This is excellent advise from the team at KnowBe4.  It is a great start to the new year, especially considering all the devices and gadgets received and/or purchased over the holidays.

https://blog.knowbe4.com/easy-hacker-targets-bad-password-iot-devices-and-no-2fa.-lets-make-it-harder-in-2019

Rash of in-the-wild attacks permanently destroys poorly secured IoT devices

This article is both very intriguing and a little scary.  Please take a moment to consider the implications of relying on IoT devices in your daily life and not properly managing and rotating those default credentials.

Kudos to Bruce Schneier and his blog post for the original heads up.

https://arstechnica.com/security/2017/04/rash-of-in-the-wild-attacks-permanently-destroys-poorly-secured-iot-devices/

St. Jude Faces New Claim Heart Implants are Hackable

Threats and vulnerabilities associated with The Internet of Things (IoT) are not just focused on wireless cameras, home routers, and DVRs.  There are a myriad of life saving medical devices that communicate via some form of wireless protocol including insulin pumps, pacemakers, and spinal stimulators among others.  These devices, if compromised, can cause problems much larger than a simple DDOS attack.  A compromised medical device can lead to death.  Security must be taken more seriously for these devices in the immediate future.

https://threatpost.com/st-jude-faces-new-claim-heart-implants-are-hackable/121504/

Mirai-Fueled IoT Botnet Behind DDoS Attacks on DNS Providers

This info concerning the Dyn attack was to be expected.  Attacks associated with large IoT botnet farms are only going to increase in the immediate future given the effectiveness demonstrated in the DDOS attack against Brian Krebs.  For the foreseeable future, this will be a defensive struggle simply because patching options for the IoT devices in question are largely non-existent.

https://threatpost.com/mirai-fueled-iot-botnet-behind-ddos-attacks-on-dns-providers/121475/

We Need to Save the Internet from the Internet of Things

This is a very straight-forward and timely article by Bruce Schneier concerning the Internet of Things, framed in the light of the attack against Brian Krebs.  There are no simple solutions to this problem, this threat, but it is a threat that should be addressed and the solution or solutions will take time.  We need to starting working diligently.

http://motherboard.vice.com/read/we-need-to-save-the-internet-from-the-internet-of-things

SANS Institute in IoT Botnet Warning

Threats associated with the “Internet of Things” are very real and a serious concern.  Take a moment and simply count in your head the number of devices active on the Internet in your home – your computers, laptops, gaming consoles, smartphones, handheld games, printers, camera systems, doorbells, thermostats, kitchen appliances – the list goes on and on.  All of these devices are potential bot nodes or network entry points.

Think about the firewall at the edge of your DSL or cable modem.  Is it secure?  Is it properly configured?  How often do you connect to it and verify the active connections and associated devices?  Take the time to secure your home network just as you would your physical doors and windows.  You may have a “door” standing wide open that you never considered.

http://www.infosecurity-magazine.com/news/sans-institute-in-iot-botnet/

https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/