Category: Managing Threats & Attacks

1
Sony Smart TV’s ….clearly not smart enough, or secure!
2
Move over Mirai – Torii is tipped to be the new botnet boss
3
Tesco Bank fined £16.4 million for failing to protect account holders against an avoidable cyber-attack in 2016
4
2018 Trends in Cyber-crimes so far…
5
Cyber-attack on Bristol Airport – Ransomware leaving travellers in the dark about their flights!
6
Cyber-criminals outspend organisations more than 10 times in bid to find cybersecurity weaknesses – who says cyber-crime doesn’t pay?
7
IoT devices, they’re smart, stylish but not secure! Now they can melt down the power grid.
8
Former MasterChef contestant falls victim to online fraud attack
9
Research reports say risks to smartphone security aren’t phoney
10
Report savages US Government agencies’ cybersecurity efforts

Sony Smart TV’s ….clearly not smart enough, or secure!

By Cameron Abbott and Jessica McIntosh

Security researchers at Fortinet have found flaws in eight Sony Bravia Smart TV models and consequently have got us all thinking…… just how vulnerable does having a smart TV make us?

According to Fortinet the flaws found can facilitate complete ‘remote code execution with root privilege’, in other words – those with a Sony Smart TV are left totally exposed to an attack!

Read More

Move over Mirai – Torii is tipped to be the new botnet boss

By Cameron Abbott and Jessica McIntosh

It’s been hailed a true example of the evolution of IoT malware with researchers from security vendor Avast last week explaining in detail just how persistent and powerful this “new” strain of botnet can be. According to Avast, Torii is a “level of sophistication above anything they have seen before”.

For us, it’s newly found cutting-edge techniques and features mean it is a threat to EVERY type of computer and device…it’s a threat to all of us.

Read More

Tesco Bank fined £16.4 million for failing to protect account holders against an avoidable cyber-attack in 2016

By Cameron Abbott and Colette Légeret

The UK’s banking watchdog, the Financial Conduct Authority (FCA), has fined Tesco Bank, the banking arm of UK supermarket chain Tesco, £16.4 million (approximately AU$29.5 million) for failing to exercise due skill, care and diligence in protecting its personal current account holders against a cyber-attack that occurred in 2016.

This cyber-attack affected thousands of account holders and netted the cyber-criminals £2.26 million (approximately AU$4.07 million) in 48 hours. It was described, at the time, as an unprecedented assault against a UK regulated bank.

Read More

2018 Trends in Cyber-crimes so far…

By Cameron Abbott and Colette Légeret

The first half of 2018 has been busy for cyber-criminals and cyber-security alike. According to Trend Micro, cryptocurrency mining detections have jumped 96% in this six month period compared to the total number detected in 2017.

In that same time, over 20 billion threats were blocked by Trend Micro’s Infrastructure, a few billion threats less than in the first half of 2017. Of these threats, less were “spray and pay” ransomware attacks and breaches, as cyber-criminals are flying under the radar with crypto-jacking, along with fileless, macro and small file malware techniques.

Read More

Cyber-attack on Bristol Airport – Ransomware leaving travellers in the dark about their flights!

By Cameron Abbott and Colette Légeret

In response to a cyber-attack on the administrative systems of Bristol airport, believed to be ransomware, the airport took a number of applications down as a precautionary measure, including the application that provides flight data for flight information screens.

Read More

Cyber-criminals outspend organisations more than 10 times in bid to find cybersecurity weaknesses – who says cyber-crime doesn’t pay?

By Cameron AbbottRob Pulham and Colette Légeret

Cyber attackers are able to search for that one weak link in corporations defences whereas corporates have to create a completely strong chain of defence against every possible scenario.  This asymmetrical fight would you think mean organisations would have to outspend attackers by many multiples.

However, according to software company, Carbon Black, the situation is worse than that because it appears that cyber criminals are outspending corporation!  Cyber-crime is big business, and as such, cyber-criminals are spending an estimated $1 trillion each year on finding weaknesses in the cyber defences of organisations and developing new ways of attacking them, in comparison to the $96 billion spent by organisations in an attempt to secure themselves from these cyber-attacks.

Read More

IoT devices, they’re smart, stylish but not secure! Now they can melt down the power grid.

By Cameron Abbott and Jessica McIntosh

Internet-of–things (IoT) devices are considered part and parcel of modern day living, however it can no longer be overlooked, this so called ‘smart technology’ continues to spark serious security concerns. Until recently concerns centred on individual security and privacy, now Princeton University has widen the scope and found (if compromised) IoT devices have the potential to disrupt the power grid. It’s worth repeating, researchers at Princeton University last week presented at the 27th USENIX Security Symposium in Baltimore (US) and stated high – wattage IoT devices, dubbed BlackIoT, pose a significant risk to power grids. As a result, local power outages and large-scale blackouts could be a likely consequence of compromised IoT devices.

This new type of attack, labelled the ‘manipulation of demand via IoT’ (MadIoT) involves attackers leveraging a botnet, powered by Wi-Fi enabled high- wattage devices such as air conditioners and heaters to manipulate the power demand in the grid. This allows an attacker to hijack the devices in totality and simultaneously switch them on or off.

The scenario played out was ‘if the sudden increase in demand is greater than the threshold, it can cause the system’s frequency to drop considerably before primary controllers can react’. This instability can result in the activation of the generators’ protective relays, loss of generators and finally a blackout. Whilst it is estimated an attacker would need a botnet of approximately 90,000 air conditioners and 18,000 heaters within a specified geographical area, experts say this is by no means an impossible task.

The newly discovered vulnerability reinforces how important it is that consumers and companies alike perform their own due diligence with respect to integrating IoT devices, time and time again we are seeing these devices being stylish and trendy but not well secure. Therefore, assumptions can no longer be made regarding the adequacy of in built security – instead manufactures must recognise the importance of secure coding practices so this new type of abuse can be easily detected and dealt with. Government sponsored attacks would find these forms of vulnerability very attractive.

Research reports say risks to smartphone security aren’t phoney

By Rob Pulham, Warwick Andersen and Sarah Goegan

Beware! Your favourite apps may be putting your phone and data at risk. Reports from Allot and BitSight have examined rising threats to the security of our mobile devices.

Read More

Report savages US Government agencies’ cybersecurity efforts

By Cameron Abbott and Sarah Goegan

You would think government agencies would have a keen focus on cybersecurity risks, but apparently not! A report by the United States Office of Management and Budget (OMB) has found that nearly three-quarters of Federal agencies reviewed have either “at risk” or “high risk” cybersecurity arrangements. 71 of 96 agencies assessed were either missing, had insufficiently deployed or had significant gaps in their fundamental cybersecurity policies, processes or tools.

Read More

Copyright © 2018, K&L Gates LLP. All Rights Reserved.