Need tech support? :

Talk to an Expert: : 512.693.8743 x 1


Month: September 2019

Fake Browser Update is Ransomware

A recent trend in cyber attacks have taken the form of browser updates. When you open your browser it informs you that it is out of date and needs to be updated, when you click on update the malware is deployed. This attack can take the form of Chrome (pictured above) , Internet Explorer, Opera, …

Continue Reading

The rise of Hacking as a Service (HaaS)

Criminal enterprises have taken note of the growth in popularity of as-a-service products, copying this tactic to create Hacking-as-a-Service (HaaS). HaaS have provide some of the same services as the legitimate as-a-service offerings such as: live chat support, 24/7 phone support, monthly payment plans, discounts for purchasing year long subscriptions, and even marketing campaigns to …

Continue Reading

Phishing; Why does it still work?

In a recent Webroot Report nearly half of employees confess to clicking links in messages from Unknown senders while at work. Phishing emails are one of the most common vehicles for attacks. With employees receiving high volumes of emails each day, and the pressure to maintain high performance and efficiency, professionals are becoming even more …

Continue Reading

Importance of a HIPAA risk assessment

For health care organizations, failing to comply with or maintain HIPAA guidelines and standards can lead to large fines. The first step to securing electronic protected health information (e-PHI) is performing a Security Risk Assesment. According to the Health & Human Services HIPAA Security Series, these are the eight steps to performing a Risk Assesment. …

Continue Reading

What will 5G mean for business Cyber Security?

The coming switch to 5G cellular networks will be a boon to businesses in many ways, but it will also create a vast new “attack surface” for hackers.

The main attraction to 5G — “lightning-fast” internet speeds — is also what creates the risk. Why? Because it will fuel a huge influx of “smart” devices that can connect more easily and efficiently to the web through 5G than they are able to today with WiFi and 3G/4G.

We’re still in the early days of the Internet of Things revolution, but 5G will make this field explode. In just a few years, we can expect to see billions more of these devices enter the market, from workplace-specific gadgets to smart buildings, robocars and home appliances.

There’s just one problem — the Internet of Things is mostly comprised of insecure devices, which are extremely easy to hack.

Consequently, 5G will essentially flood the market with countless new vulnerable endpoints, many of which will put businesses at risk of data breaches, sabotage, extortion and other threats.

Sneaking into your network

The primary danger for businesses is that the surge in IoT devices will create a plethora of new backdoors that hackers can use to sneak inside their networks. These attacks will totally blindside companies.

Consider this example: In 2018, a Las Vegas casino was breached after hackers snuck in through a vulnerable ‘smart’ thermometer in a lobby fish tank.

This type of peripheral attack will be difficult for businesses to contain in the coming years. Remember, as smartdevices replace traditional products (like door locks, thermostats, lightbulbs, etc.) and create whole new product categories (e.g., smart speakers, smart desks, remote sensors), they are essentially adding a ton of new endpoints to the periphery of the business network. These devices are often insecure by design, and they’re more likely to be overlooked because they reside on the edge of the network.

This makes IoT devices an ideal target for hackers. It’s an easy way for them to bypass a company’s cybersecurity and get a foothold on the network. Once inside, they can look for other devices on the network and gradually move into the core business.

Physically disruptive attacks

This large IoT attack surface has other consequences for companies besides data breaches. It can also lead to “kinetic” cyber attacks — a digital attack that has a physical consequence.

That is because IoT devices are now increasingly controlling important physical functions, like power flow, air conditioning, door locks, building systems, vehicle operations, etc.

If one of these devices is hacked, it could be “weaponized” to commit an act of physical sabotage. However, even just disabling it with malware — such as ransomware — would be enough to cause a disruption to a business. Take the 2017 WannaCry ransomware attack. This disrupted IoT devices around the world, including MRI scanners, blood-storage refrigerators and police traffic cameras.

Super botnets

For years, businesses have faced cyber extortion from a type of attack known as distributed denial-of-service (DDoS). As the Internet of Things grows bigger, these attacks will get much worse.

In a DDoS attack, the hacker knocks a company’s website offline or disrupts its connection to the Internet by flooding it with traffic. To do this, the hacker needs to harness the power of thousands of other devices, in what is called a “botnet.” In the past, botnets were made up of infected computers, but now hackers are starting to create them from IoT devices, as in the case of the 2016 Mirai botnet or this 2017 attack on a university which used infected vending machines and lightbulbs.

IoT botnets can be significantly larger and more powerful than computer botnets, and 5G data speeds will make this problem even worse.

Limiting business risk

As 5G expands the attack surface, businesses need to change their thinking in order to keep up.

To start with, companies should treat IoT devices the same way they do computers. This means keeping them updated and patched, monitored for threats, and including them in preventive measures like firewalls and anti-virus. Segment the network as much as possible too, in order to isolate IoT devices from more sensitive areas of the network. Companies also need to prioritize post-breach contingency planning. Know what to do and who to call in the event of a successful attack. Cyber insurance is also critical.

Jason Glassberg is co-founder of Casaba Security (, a cybersecurity and ethical hacking firm that advises businesses ranging from startups to Fortune 100s. He is a former cybersecurity executive for Ernst & Young and Lehman Brothers.

Article Source: CLICK HERE

Cyber Attacks Rapidly Increasing

In the past year hackers have been launching cyber Attacks against SMB ports and IoT devices at record pace, more than tripling in the past year. TCP ports primarily used on IoT devices were highly targeted. Exploits like Eternal Blue which targets a flaw in SMB protocol through port 445, has been widley used for …

Continue Reading
Scroll to top