DDoS attacks are on the rise, and one of the reasons is the plethora of service providers that make it easy to mount your attacks, especially if you are a lazy or inexperienced criminal. A blog post this past summer says, “potential hackers do not have to know the first thing about conducting a DDoS attack. They can simply purchase attack services to carry one out for them. Today, attackers are now abandoning GUI and script tools and opting to pay for attack services.” It is a big growth industry.
The Internet of Things (IoT) has been in the news lately for facilitating numerous DDoS exploits across the planet. A global non-profit think tank called the Online Trust Alliance (OTA) has published a paper entitled IoT, a vision for the future. It outlines how the IoT can grow and thrive, especially given that “users’ confidence that their data is secure and private is at an all-time low.” The paper lays out some of the unique challenges posed by securing the IoT and how the network of things can become more sustainable and protect users’ privacy. It is based on an OTA framework of interlocking trust relationships that was released earlier this year.
Modern content delivery technology minimizes the significance and impact of the network edge, thanks in large part to the benefits and capabilities of cloud computing.
Computer chips have vulnerabilities. Some 900 million Android devices including tablets and smartphones are vulnerable to attack due to Qualcomm chipsets that have four flaws in the associated chipset code. If companies / users don’t or can’t apply patches, hackers could gain root-level control of the devices using a malicious app without the app requiring any special privileges from the user.
Bug bounties have become more popular, but that isn’t surprising given they have been around for more than a generation. The first bug bounty hunting program originated with computer science professor Don Knuth decades ago. It was for reporting errors in his classic book series the Art of Computer Programming, and in catching bugs in several of his landmark software applications. Since then, these modest rewards of a few dollars have turned into a big business, with dozens of big-name vendors offering their own programs that have significant payouts. For example, a verified iOS remote control hack can receive up to $1.5 million in reward money.
As of August, the New York Times (NYT) and other U.S. publications had fallen victim to cyber attacks. The FBI is investigating these attacks, which likely Russian intelligence hackers perpetrated on several reporters and journalists who work for U.S. news organizations, including the NYT.
When it comes to protecting data, documents, and other key assets, providing proper protection and
end users and their digital devices hold the keys to mitigating threats outside the network core.
Here is a fascinating story of how one healthcare operation used a very simple method to heighten their HIPAA security. And the irony here is that they did it without buying any IT gear whatsoever.
With the increasing mobility of the workforce, and an equal boost in the type and number of personal and company-owned devices used for work outside the offices, companies and organizations would do well to pay heed to securing and monitoring what access they permit outside the firewall. Ultimately, this boils down to a well-defined and universally-applied set of rules and tools to govern who gets remote access, how it’s established, and what’s made accessible for remote access and use.