Are Smart Devices Getting Smarter?

Smart devices are everywhere, with the Internet of Things (the blanket term for any device that connects to the Internet for added functionality) growing larger each day. While this is great for convenience (and in many cases, the “cool factor”) it can have some chilling ramifications for cybersecurity.

Here’s a look at how this may be changing in the near future.

The Projections for the IoT

With 127 new IoT devices connected to the Internet each second, it should come as no surprise that estimates place their numbers at around 75 billion in total by 2025. This means that there are plenty of new opportunities for a cybercriminal to find and exploit a vulnerability… both in commercial IoT devices and in the devices classified as the Industrial Internet of Things.

There are already too many examples of how Internet-connected devices have been used to a hacker’s advantage. In 2017, the UK’s National Health Service was hobbled by a ransomware attack that affected, amongst other things, Internet-connected medical equipment. Video doorbells often stream data without any protections, and other smart home devices have been found to store Wi-Fi passwords in a similar fashion. 

As the IoT continues to grow, it only stands to reason that efforts to take advantage of such weaknesses will increase along with it.

What Can Be Done to Secure the IoT?

Fortunately, things are already in motion to help ensure the IoT is made to be more secure. For example, the signing of the Internet of Things Cybersecurity Improvement Act of 2020 in the US and the Australian government’s introduction of an IoT industry-specific voluntary code of practice shows that governments are starting to pay attention to the issues that the IoT has the potential to open up. However, this doesn’t mean that businesses can sit back and relax.

On the contrary, there are a few things that a business can and should do to help mitigate IoT-based attacks:

Encrypt Data

There are relatively few IoT devices out there today that feature encryption as one of their standard security protocols. Implementing encryption on a network level makes it so that your data is effectively indecipherable while in transit, rendering it more or less worthless to the cybercriminal targeting it.

Change Default Passwords on IoT Devices

Of course, ALL default passwords should always be changed, but the IoT makes this an even more important practice for a business. Take the few moments required to come up with a more secure password than the device is equipped with initially.

Use Devices from Security-Conscious Manufacturers

One other way your business and your users can help make a change while protecting your own assets is to try to deal exclusively with devices manufactured by companies that take a security-first approach. Voting with your dollars can quickly make a change if enough people do it. Otherwise, it may be wiser to stick with the “dumb” option if it serves your needs just as well.

There is little doubt that the IoT will have an increased presence in modern life in the years to come. Time will only tell if that presence is a secure one. In the meantime, you can trust us to help you ensure that your business is as secure as possible. Give us a call at 216-503-5150 to find out what we can do for you and your operations.

Protect Your Online Privacy With Private Browsers

If you see ads on your social media newsfeed that are suspiciously attuned to your preferences, it’s likely because your online activities are being tracked and analyzed by market researchers. These researchers likely get their data from the websites you visit as you surf the internet. If you want to stop third parties from collecting and using your data, private browsing can help you.

What is private browsing?

Your web browser — whether it’s Chrome, Edge, Firefox, Safari, or Opera — stores the URLs of the sites you visit, cookies that track your activity, passwords you’ve used, and temporary files you’ve downloaded.

This can be convenient if you can’t remember your login details or if you’re trying to recall a website you visited a few days ago. The feature also helps speed up the loading time of websites you frequently visit. But if someone else uses or gains access to your computer, your most private internet activities are exposed for that user to see and exploit.

Private browsing is a feature known by various names across different browsers. For instance, it’s called Incognito Mode in Chrome and InPrivate Browsing in Edge. When you use this feature, the browser does not record your browsing history, passwords, and temporary files. Instead, all this information is discarded as soon as you close the browser. You’re also instantly logged out of all accounts you accessed using the private window, which comes in handy when you’re using a public or shared computer.

Furthermore, tracking cookies are not stored when you surf the internet with a private browser. Such cookies are small bits of data used to identify your computer. Sites like Facebook use cookies to know your preferences based on your online behavior, such as which sites you visit. By doing this, they can personalize the ads on their platform, ensuring that the ads you see are for products and services you’re likely to take interest in.

What are the limitations of private browsing?

Although private browsing prevents your web browser from storing your data, it doesn’t stop anyone from snooping on your online activities in real-time. If your computer is connected to the company network, system administrators can still track what you’re browsing, even if you’re in Incognito Mode.

Also, if spyware or keylogger malware is installed on your computer, hackers will still be able to see what you’re doing online. Even though private browsing has quite a few benefits, you shouldn’t solely depend on it for online privacy. Instead, you should use a virtual private network (VPN) when you go online. This tool encrypts your internet connection and prevents anyone from intercepting your data. And don’t forget to use a strong anti-malware program to scan your computer and keep spyware and other malicious web monitoring software at bay.

If you want to know where you can get these solutions or learn more about web browser security, call us today. We have the tools and expert advice you need to prevent anyone from snooping on your internet browsing.

This New Malware Steals Passwords From Popular Browsers

A new threat has appeared on the horizon. Even if the name is not familiar to you, this malware strain is definitely bad news.

Called RedLine, it is an information-stealing malware that specifically targets popular web browsers including Opera, Microsoft’s Edge browser, and Chrome.

Unfortunately, many people have come to rely on their trusty web browser to store and remember their passwords for them. RedLine takes advantage of this and the group behind the code has found a way to crack the browser open and grab the passwords stored within.

Even worse is that RedLine isn’t just isolated to a single gang or group of cybercriminals.  Instead, it is being offered as a commodity on the Dark Web. That means anybody with about $200 USD can buy a copy and start harvesting the credentials of anyone they infect.

While it is true that passwords stored inside web browsers are encrypted, RedLine can programmatically decrypt those passwords if they are logged in as the same user which is very much the case here.  RedLine runs as the user who was infected, which means that all of their passwords are open to the person controlling the malware.

Even though it’s really convenient, the bottom line is that it’s dangerous to have all of your passwords stored inside your web browser.  If you insist on going that route, then your best bet by far is to enable two-factor authentication on every website you visit frequently that offers it. That’s so that at least if your passwords are compromised, the hackers who gain access to the information still can’t easily access your accounts.

Given how RedLine is being marketed on the Dark Web we can expect to see a surge in attacks using the malware in the months ahead.  It’s going to get a lot worse before it starts getting any better.