Category: Managing Threats & Attacks

1
IoT devices, they’re smart, stylish but not secure! Now they can melt down the power grid.
2
Former MasterChef contestant falls victim to online fraud attack
3
Research reports say risks to smartphone security aren’t phoney
4
Report savages US Government agencies’ cybersecurity efforts
5
Not so happy families: Online genealogy website suffers data breach
6
Proposed anti-terror laws to give law enforcement access to personal data
7
North Korean cyberattacks increase ahead of summit
8
Chubb’s new personal cyber security coverage
9
Foreign Hackers Take Down Triple Zero Network
10
Study reveals massive cost of cybercrime for Asia Pacific businesses

IoT devices, they’re smart, stylish but not secure! Now they can melt down the power grid.

By Cameron Abbott and Jessica McIntosh

Internet-of–things (IoT) devices are considered part and parcel of modern day living, however it can no longer be overlooked, this so called ‘smart technology’ continues to spark serious security concerns. Until recently concerns centred on individual security and privacy, now Princeton University has widen the scope and found (if compromised) IoT devices have the potential to disrupt the power grid. It’s worth repeating, researchers at Princeton University last week presented at the 27th USENIX Security Symposium in Baltimore (US) and stated high – wattage IoT devices, dubbed BlackIoT, pose a significant risk to power grids. As a result, local power outages and large-scale blackouts could be a likely consequence of compromised IoT devices.

This new type of attack, labelled the ‘manipulation of demand via IoT’ (MadIoT) involves attackers leveraging a botnet, powered by Wi-Fi enabled high- wattage devices such as air conditioners and heaters to manipulate the power demand in the grid. This allows an attacker to hijack the devices in totality and simultaneously switch them on or off.

The scenario played out was ‘if the sudden increase in demand is greater than the threshold, it can cause the system’s frequency to drop considerably before primary controllers can react’. This instability can result in the activation of the generators’ protective relays, loss of generators and finally a blackout. Whilst it is estimated an attacker would need a botnet of approximately 90,000 air conditioners and 18,000 heaters within a specified geographical area, experts say this is by no means an impossible task.

The newly discovered vulnerability reinforces how important it is that consumers and companies alike perform their own due diligence with respect to integrating IoT devices, time and time again we are seeing these devices being stylish and trendy but not well secure. Therefore, assumptions can no longer be made regarding the adequacy of in built security – instead manufactures must recognise the importance of secure coding practices so this new type of abuse can be easily detected and dealt with. Government sponsored attacks would find these forms of vulnerability very attractive.

Research reports say risks to smartphone security aren’t phoney

By Rob Pulham, Warwick Andersen and Sarah Goegan

Beware! Your favourite apps may be putting your phone and data at risk. Reports from Allot and BitSight have examined rising threats to the security of our mobile devices.

Read More

Report savages US Government agencies’ cybersecurity efforts

By Cameron Abbott and Sarah Goegan

You would think government agencies would have a keen focus on cybersecurity risks, but apparently not! A report by the United States Office of Management and Budget (OMB) has found that nearly three-quarters of Federal agencies reviewed have either “at risk” or “high risk” cybersecurity arrangements. 71 of 96 agencies assessed were either missing, had insufficiently deployed or had significant gaps in their fundamental cybersecurity policies, processes or tools.

Read More

Not so happy families: Online genealogy website suffers data breach

By Cameron Abbott, Rob Pulham and Sarah Goegan

Online genealogy platform MyHeritage suffered a major data breach in which email addresses and hashed passwords of over 92 million users were leaked. The data breach occurred in October 2017, but was not discovered until 4 June 2018.

MyHeritage became aware of the breach after a security researcher found a file named “myheritage” on a private server. The file contained all the email addresses of MyHeritage users who signed up through to 26 October 2017, and their hashed passwords.

Read More

Proposed anti-terror laws to give law enforcement access to personal data

By Warwick Andersen, Rob Pulham and Sarah Goegan

Last week, the Australian Government announced that it would propose new anti-terror laws that force telecommunications and multinational tech companies to give law enforcement agencies access to encrypted data of suspected criminals and terrorists.

Cyber Security Minister Angus Taylor said the laws would give police, intelligence and security agencies the ability to bypass encryption on messaging (such as private messages sent on Whatsapp and Facebook), phone calls, photos, location and apps.

Read More

North Korean cyberattacks increase ahead of summit

By Cameron Abbott and Sarah Goegan

North Korean cyberattack activity appears to have ramped up ahead of the highly anticipated US-North Korea summit, which is expected to take place on 12 June 2018.

North Korean hackers known as Group 123 have been identified as the party responsible for new malware activity targeting users in South Korea.

Read More

Chubb’s new personal cyber security coverage

By Cameron Abbott and Georgia Mills

Chubb has recently released a new cyber security insurance coverage for individuals in North America. The product intends to provide greater protection from cyberattacks that lead to extortion and ransomware, financial loss, cyber disruption and breaches of privacy.

Read More

Foreign Hackers Take Down Triple Zero Network

By Cameron Abbott and Georgia Mills

The triple zero emergency call service, operated by Telstra, was subjected to an onslaught of more than 1000 offshore calls on Saturday morning, leading to a number of genuine emergency calls being unanswered and sparking a government investigation.

Read More

Study reveals massive cost of cybercrime for Asia Pacific businesses

By Cameron Abbott and Sarah Goegan

We all know that cybersecurity incidents can cost your organisation a lot of money, but exactly how much? A report by Frost and Sullivan has found that losses from cyberattacks in the Asia Pacific region (APAC) could reach a staggering US$1.75 trillion, nearly 7 per cent of the region’s gross domestic product in 2017. As covered in our blog last week, the cost of cyber scams alone in Australia totalled $340 million AUD last year.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.