Tag: IoT
So far, we’ve seen IoT Distributed Denial-of-Service (DDoS) attacks on a Death Star scale. Even if your organization wasn’t a direct target of these giant barrages, many others were caught up as collateral damage because they had services adjacent or dependent on the direct target. Because of this, many organizations are preparing or strengthening their…
Read MoreMarcher targets focused on European, Australian, and Latin American banks, along with PayPal, eBay, Facebook, WhatsApp, Viber, Gmail, and Yahoo—all in the month of March. Source link lol
Read MoreAll businesses watch their bottom line. That’s unsurprising. Those that provide technology to consumers (whether IoT device manufacturers or your local ISP that provides your home router) are particularly careful about balancing product support with ease of use. That can lead to what the inventors no doubt believe is an ingenious method of determining passwords…
Read MoreExecutive Summary The Internet of Things (IoT) and, specifically, the hunt for exploitable IoT devices by attackers, has been a primary area of research for F5 Labs for over a year now—and with good reason. IoT devices are becoming the “cyberweapon delivery system of choice” by today’s botnet-building attackers. And, why not? There are literally…
Read MoreOn the shoulders of manufacturers lies the responsibility to address vulnerabilities, because the next generation of thingbots is taking advantage of known vulnerabilities to gain control of devices. Persirai is an adaptation of Mirai that shares code as well as command and control servers, but targets all models of IP cameras from a single Chinese…
Read MoreFigure 5. 60 seconds C&C polling interval However, although the malware is still evolving, it has good market differentiation in its HTTP functionality. Being based on Android’s WebView class, the thingbot is better equipped with browser-like functionality, making it more resistant to various bot challenges, such as cookie support, redirects, and JavaScript, which are…
Read MoreCybercrime in general—and most recently, crime perpetrated using IoT devices—has become a serious problem. Legislatures around the world have struggled to write laws to rein things in. The problem has been that governments have issued cybersecurity laws that are either too burdensome or ineffective. We’ve seen various breach disclosure acts designed to “name and shame”…
Read MoreAnother week, another threat. This week dawned with a spate of twitchy fingers telling us about the latest monster to emerge from the closets: KRACK. KRACK stands for Key Reinstallation Attack. You can read the details of this one on a variety of sites including Arstechnica,1 Verge,2 and, as befitting the seriousness of this one, its own website.3…
Read MoreI recently had the opportunity to sit down with two of F5’s top threat researchers, Sara Boddy and Justin Shattuck, to pick their brains about IoT, its current state of “security,” and what we can expect to see in terms of threats, attacks, and mitigations in the future. Justin and Sara are co-authors of three IoT threat research…
Read MoreThis isn’t your mama’s botnet. This is a proper botnet. If you were the world’s best IoT botnet builder and you wanted to show the world how well-crafted an IoT botnet could be, Reaper is what you’d build. It hasn’t been seen attacking anyone yet, and that is part of its charm. But, what is…
Read More