7 security threats to technology that scare experts
“Ransomware surfaced more than 20 years ago, but has since evolved into a frightening form of malware
What happens if a hacker turns off your heating, then demands £1,000 to turn it back on? Or even holds a town’s power for ransom? Those kinds of attacks to personal, corporate and infrastructure technology were among the top concerns for security experts from the SANS Institute. Here are the seven biggest threats, according to SANS, and what, if anything, you can do about them.
1. Ransomware
Ransomware surfaced more than 20 years ago, but has since evolved into a frightening form of malware: crypto-ransomware, which encrypts your files and demands payment to unlock them. It’s an ideal way for hackers to attack: ransomware spreads like a virus, locks up your data independently, and forces you to contact the criminals for payment and recovery.
What you can do:
Practice ‘network hygiene:’ patching your system, using antimalware, and setting permissions and network-access controls to limit exposure.
2. The Internet of Things
The next stage of the evolution in consumer products is connectedness: everything from baby cameras to toothbrushes are using wireless protocols to connect to each other and the internet. That, in turn, has left them vulnerable to hacks. Worse still, IoT devices are now attack platforms, as the Mirai worm demonstrated.
What you can do:
Change the default passwords. You can also insulate connected devices by disabling remote access, using a separate dedicated home LAN for IoT devices, as well as a dedicated cloud account for controlling them.
3. The intersection of ransomware and IoT
Last year, an Austrian hotel was hacked, disrupting its keycard system. Such attacks could eventually migrate to your home, holding your smart thermostat hostage until you pay up.
What you can do:
This sort of attack is more theoretical than anything else, but it’s something to think about as you start fitting out your home.
4. Attacks against the industrial IoT
In 2015 and again in 2016, unknown hackers took down power stations in the Ukraine, leveraging the growing trend of automated, distributed systems against the power company. Fortunately, first responders were able to manually flip the breakers and restore power, but there’s no guarantee that will always be the case.
What you can do:
As consumers, not much. Infrastructure organisations are going to have to decide whether to operate with intelligent systems or shut them down. Scaling up with increased automation can lower your bills, but the penalty may be increased vulnerability to attacks.
5. Weak random number generations
Truly random numbers are the basis of good encryption, but ‘random’ number generators aren’t truly random, which makes the encryption they’re based upon easier to crack. This gives an edge to criminals, who may exploit this and unlock ‘secure’ encrypted connections.
What you can do:
This is a problem for device manufacturers to solve. Keep in mind that your ‘secure’ network may be weaker than you think.
6. Over-reliance on web services
More and more, apps and software are talking to and incorporating third-party services, such as Docker or Azure. There is, however, no real certainty that those apps are connecting to the expected entity, or whether an attacker is stepping in, stealing data, and returning false information.
What you can do:
Again, this is a problem for developers, but mobile apps are becoming increasingly vulnerable, so even if an app isn’t trying to steal your data, the ‘service’ that it thinks it’s connecting to may be.
7. SoQL attacks against NoSQL databases
This is another developer problem, but it could affect data collected about you. For years, SQL injections, where executable code was forced inside of a SQL database entry field, were one of the scourges of the internet. Now, as developers move away from SQL to NoSQL databases like MongoDB, they’re finding that those databases aren’t as secure as they should be.