Security News

IoT has been part of our reality for quite some time, but what about the security of these devices? Is it becoming a priority? We've seen the concern and prioritization of IoT security growing, this is due both to the growing popularity of these devices and the push we are seeing from the public sector to strengthen America's cybersecurity.

Common IoT devices include security cameras, industrial lighting systems, and manufacturing controllers managed by a web-based solution. Some commonly overlooked IoT devices include multi-function printers, security scanners, and inventory scanners.

Current challenges and risks entailing 5G / IoT. A key differentiation between 5G and its predecessor networks is that 5G entails an untrusted core network between the subscriber end and the unified data management environment, whereas predecessor networks had a hierarchical trust model. A 2021 report by the Cybersecurity and Infrastructure Security Agency regarding Potential Threat Vectors to 5G Infrastructure listed supply chain risks as a particularly dangerous threat in the 5G space.

Cloudflare shows flair with new products for mobile and IoT security. Cloudflare holds the view that while corporate organizations have made moves to deploy zero-trust security solutions at the software level of their desktops, mobile devices have not received similar attention.

IoT embedded systems combine hardware, firmware, and internet connectivity to carry out particular functions. These devices transfer real-time data via the internet for various purposes, including tracking, monitoring, and analysis.

The Atlantic Council has published a report on securing the Internet of Things: "Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem." The report examines the regulatory approaches taken by four countries-the US, the UK, Australia, and Singapore-to secure home, medical, and networking/telecommunications devices. The report recommends that regulators should 1) enforce minimum security standards for manufacturers of IoT devices, 2) incentivize higher levels of security through public contracting, and 3) try to align IoT standards internationally.

In general, IoT refers to devices with embedded software, sensors, network connectivity, and other technologies, allowing them to exchange data with other devices connected to the Internet. IoT devices are particularly common in the healthcare and manufacturing industries, where business-critical operations and data pass through internet-connected devices like monitors, tablets, scanners, and more.

AT&T cybersecurity researchers have discovered a sneaky piece of malware targeting Linux endpoints and IoT devices in the hopes of gaining persistent access and turning victims into crypto-mining drones. Popular adventure clothing brand The North Face and shoe company Vans, subsidiaries of the same parent company, have admitted to a credential stuffing attack that netted its attacker 194,905 user's worth of PII. Most every piece of PII stored on the two websites were compromised, with the exception of credit card numbers, which the brands' parent company VF Outdoors said it doesn't store on its sites.

A new piece of stealthy Linux malware called Shikitega has been uncovered adopting a multi-stage infection chain to compromise endpoints and IoT devices and deposit additional payloads. The findings add to a growing list of Linux malware that has been found in the wild in recent months, including BPFDoor, Symbiote, Syslogk, OrBit, and Lightning Framework.

Vulnerability disclosures impacting IoT devices increased by 57% in the first half of 2022 compared to the previous six months, according to a research by Claroty. The report also found that over the same time period, vendor self-disclosures increased by 69%, becoming more prolific reporters than independent research outfits for the first time, and fully or partially remediated firmware vulnerabilities increased by 79%, a notable improvement given the relative challenges in patching firmware versus software vulnerabilities.