Tag Archive for: connected

74% say connected cars and EV chargers need cybersecurity ratings

/in


74% say connected cars and EV chargers need cybersecurity ratings

Aurich Lawson | Getty Images

Almost 3 in 4 people think that connected cars and electric vehicle chargers should be rated for their ability to resist cybersecurity threats. That’s the finding from a survey conducted last week by BlackBerry to see whether people consider Internet-connected devices (also known as the Internet of Things) to be secure from hacking threats.

The survey was commissioned in response to a new White House initiative announced on Wednesday. The Biden administration plans to launch a labeling program for IoT devices in 2023, similar to the EnergyStar ratings that tell consumers how much electricity a TV or appliance will use.

The White House wants the National Institute of Standards and Technology and the Federal Trade Commission to come up with a basic set of security standards so that Americans can tell at a glance whether that new speaker or washing machine is in danger of joining a botnet or getting hit with ransomware.

Perhaps alarmingly for Ars readers, only 54 percent of the 1,008 people surveyed said they are concerned about Internet-connected devices in their homes being hacked. And just 32 percent said they own IoT devices that they do not let access the Internet due to security concerns. But 82 percent agreed that a cybersecurity rating like EnergyStar would make them feel more informed about connected devices.

BlackBerry also asked, “Do you think a cybersecurity/’star rating’ system should be extended to connected cars and electric vehicle charging stations?” Overwhelmingly, respondents did, with 74 percent agreeing with that statement.

There’s no indication yet that the White House, NIST, or the FTC plan to include connected cars or EV chargers in the new labeling scheme, but there’s probably a better chance of that happening than every connected car being fitted with a physical kill switch to disconnect it.

Source…

Forescout Reports on The Riskiest Connected Devices in Enterprise Networks at GITEX 2022

/in


  • Manufacturing sector has the highest number of affected devices

Dubai, United Arab Emirates: Forescout Technologies, the global leader in automated cybersecurity, released its findings about the riskiest devices in enterprise networks in 2022 at GITEX.

In this region, network-attached storage is the riskiest and these devices often have both easy-to-exploit vulnerabilities and internet connectivity, thus they are constantly targeted by threat actors for ransomware, botnets, crypto mining, or simply data destruction.

“At Forescout, we are keen to raise awareness and let government entities and businesses know exactly where the vulnerabilities lie with their network. Our research team has done a fantastic job identifying which industry verticals are being targeted relentlessly and which connected devices are most at risk, globally and here across the region,” commented Ihab Moawad, Vice President, Forescout, Middle East, Turkey, and Africa.

Manufacturing has the highest percentage of devices with high risk (11%), while government and financial have the top combinations of medium and high risk (43% for government and 37% for financial). Healthcare and retail have the lowest risk overall, with 20% of devices having medium or high risk in healthcare and 18% in retail.

The ranking of riskiest devices does not change considerably per industry, which shows that almost every organization nowadays relies on a combination of IT, IoT, and OT (as well as IoMT for healthcare) to deliver their business. It also means that almost every organization is affected by a growing attack surface. The riskiest IT and OT devices remain nearly constant across different regions, while the riskiest IoT devices change slightly and the riskiest IoMT devices change considerably.

“GITEX gives us this global platform to showcase our Automated Cybersecurity Solutions that protect any digital terrain. Forescout is here to help companies understand and mitigate risks that come with digital transformation, the rapid growth of IoT devices across organizations, and the convergence of IT and OT networks that is encouraging the rise of ransomware-as-a-service gangs,” added Moawad.

At GITEX 2022, organizations and…

Source…

Raspberry Robin Malware Connected to Russian Evil Corp Gang

/in


Raspberry Robin, a widespread USB-based worm that acts as a loader for other malware, has significant similarities to the Dridex malware loader, meaning that it can be traced back to the sanctioned Russian ransomware group Evil Corp.

Researchers from IBM Security reversed engineered two dynamic link libraries (DLLs) dropped during a Raspberry Robin infection and compared them to the Dridex malware loader, which is a tool that has been definitively linked to Evil Corp. in the past — in fact, the US Department of the Treasury sanctioned the Russia-based Evil Corp for developing Dridex in 2019.

They found that the decoding algorithms worked similarly, using random strings in the portable executables as well as having an intermediate loader code that decoded the final payload in a similar manner and contained anti-analysis code.

“The results show that they are similar in structure and functionality,” Kevin Henson, a malware reverse engineer at IBM Security, wrote in the analysis. “Evil Corp is likely using Raspberry Robin infrastructure to carry out its attacks.”

Raspberry Robin Takes Flight

Security firm Red Canary first analyzed and named Raspberry Robin in May. Soon after, it came to the attention of other researchers, including IBM Security.

The worm spreads quickly throughout internal networks, hitchhiking on USB devices passed between workers. While Raspberry Robin relies on social engineering techniques to convince victims to plug in an infected USB device, infections took off during the summer, with 17% of IBM Security’s managed clients in targeted industries seeing infection attempts.

However, the malware puzzled researchers initially, because it simply hibernated on infected systems and appeared to have no second-stage payload. In July that changed: IBM and Microsoft researchers discovered that infected systems had begun downloading the FakeUpdates malware, typically a precursor to ransomware used by Evil Corp.

FakeUpdates, also known as SocGhoulish, masquerades as a legitimate software update, but installs popular attack software such as Cobalt Strike and Mimikatz, or ransomware, on the victim’s computer.

Microsoft noted at the time that FakeUpdates is usually attributed…

Source…

ConnectNationwide.com Helping Thousands of Customers Get Connected

/in


Compare and shop for Home and Business Internet, TV, Phone, Security and Solar Services

In a world where digital technologies and innovations have created a significant change in the way people live and communicate, having the right TV, Internet, and phone service provider is crucial. With the variety of service providers available today, it is easy to get overwhelmed and confused as to what company suits one’s needs the best. At ConnectNationwide.com, they make the selection process convenient by bringing all possible options in just one platform – shop, compare, and save on Internet, TV, Phone, and Home Security services in just a few clicks.

Through ConnectNationwide.com’s services, residential and business owners have access to the easiest way of getting connected to the best service provider in their area. All they need to do is request a personalized pricing quote with a home connection specialist. It is a hassle-free service that one can do right at the comfort of their homes.

ConnectNationwide.com covers different types of service providers for every connection request. For instance, they carry various kinds of high-speed Internet services such as Cable Internet, DSL, Fiber, and Satellite. Let’s say a household does not have a telephone line, so the best recommendation for them is to get a Cable Internet provider, while those who are keen to maintain a budget can opt to avail of a DSL service provider since it’s one of the less expensive options. This kind of information and more will be provided by ConnectNationwide.com in every quote, making it easier to differentiate what service is worth it for one’s needs. Additionally, they also make sure to include the best promotions in the chosen location. No wonder their clients are not just able to stay connected and save time, but they get to save money as well.

Since its founding in 2009, ConnectNationwide.com has already helped thousands of customers find the right connection for their household or business. They pride themselves on their excellent customer service through their reliable billing and technical support, guaranteeing that every transaction with them is worthwhile.

Those who are looking to…

Source…