Security News

Three of the world's largest manufacturers had some IoT devices running Windows 7 infected with a piece of malware in what experts believe to be a supply chain attack. TrapX Security reported this week that it had identified a cryptocurrency miner on several IoT devices at some major manufacturers, including automatic guided vehicles, a printer and a smart TV. Ori Bach, the CEO of TrapX, told SecurityWeek that the attacks appeared to be part of the same campaign.

In the 7 years since, threats have become exponentially more advanced, launched by well-funded cyber-criminal groups and nation-state proxies and leveraging automation and AI. And yet the people hacking into Ring cameras weren't highly-technical or using AI. They were Script Kiddies using credentials found and traded on the Dark Web to access devices that did not use 2FA or other additional security mechanisms. As a threat analyst, I have helped companies identify hundreds of IoT devices, from insecure smart refrigerators and CCTV cameras, to compromised video conferencing systems and biometric scanners.

In 2019, security teams made progress in the adoption of perimeter-less security while hackers increased the use of fileless malware and IoT malware. The 2020 SonicWall Cyber Threat Report highlights tactics hackers are using to get unauthorized access to data as well as what security teams are doing to protect it.

Two researchers have created a solution that could help security researchers and IoT manufacturers with detecting zero-day exploits targeting internet-connected devices more speedily than ever before. It's called honware, and it's a virtual honeypot framework that can emulate Linux-based Customer Premise Equipment and IoT devices by using devices' firmware image.

Shadow IoT devices pose a significant threat to enterprise networks, according to a new report from Infoblox. Shadow IoT devices are defined as IoT devices or sensors in active use within an organization without IT's knowledge.

Printers, smart TVs and automated guided vehicles that depend on Windows 7 have become the latest juicy targets for cybercriminals leveraging a "Self-spreading" variant of the malware Lemon Duck. In a report released Wednesday by TrapX Security, researchers warn manufacturers dependent on IoT devices are targets in a new global campaign leveraging the malware variant.

Mobile data roaming traffic generated by consumer and IoT devices reached 737 Petabytes in 2019, according to Kaleido Intelligence. Driven by the significant increase in roaming data traffic across key regions including Asia-Pacific, Middle East and Africa, Kaleido predicts that consumer inbound wholesale roaming revenues will reach $16 billion in 2024, with IoT adding a further $5.7 billion.

Cisco introduced an IoT security architecture that provides enhanced visibility across both IT and OT environments, and protects industrial processes. Cisco is delivering comprehensive security by converging the IT and OT within security operations centers to provide advanced anomaly detection with built-in threat intelligence.

The security proposals released Monday mainly focus on improving the security of passwords by ensuring that they are not resettable to any universal factory setting as well as refining the way IoT manufacturers disclose vulnerabilities in their connected devices. The goal of these proposals is to provide greater security protections as the number of connected devices, including security cameras, routers, smart home devices and autonomous vehicles, increase.

The British government has finally woken up to the relatively lax security of IoT devices, and is lurching forward with legislation to make gadgets connected to the web more secure. The Department of Digital, Culture, Media and Sport said it will require makers of IoT hardware to ship devices with unique passwords that cannot be reset to a factory default setting.