July 8, 2016
Uh-oh Cyber-News: The Future’s Arrived, and Malware Back from the Dead.
As always for this ‘column‘, I’ll be giving you a round-up of some of the most eek recent items of cybersecurity news, which might not have made the headlines but which are no less eek for that. And as usual, it’s all mostly bad news. There are still a few reasons to be optimistic though – but only a few. Eek!
Uh-oh Cyber-News Item No. 1: The Future’s Arrived.
A screenshot from Blade Runner
Many authors like to fantasize about how things will be in the future. Often, science fiction writers come up with deep philosophical reflections upon man and his place in the Universe. There’s Russia’s Strugatsky brothers, there’s Philip K. Dick, and there’s Arthur C. Clarke (plus his ‘translator’ to the silver screen Stanley Kubrick), for example. And very often such deep philosophical reflection is rather bleak and scary.
Other times, the reflection is a little less deep and philosophical, but no less likely to one day lead to reality – in fact, oftentimes more so. This is where I make appearances!…
So. Back in the first decade of this century, during my presentations your humble servant liked to tell fun ‘scare’ stories about what could happen in the future. Example: a coffeemaker launches a DDoS attack on the fridge, while the microwave works out the factory PINs of the juicer so it can then show text-adverts on its digital display.
Fast forward less than a decade and such ‘sci-fi’ is coming true…
A small jeweler’s store was knocked offline for days recently by a DDoS attack. However, it wasn’t a botnet of computers that was used but a botnet of 25,000 Internet-enabled CCTV cameras! And there’ve been other cases: IP cameras have been used in botnets for DDoS attacks before, and not just once. And as far back as late 2013 there was an incident involving 750,000 spam emails being sent from… a FRIDGE!
I fear know that more and more crazy tales like these will be appearing in future, especially when you consider that by 2022 it’s expected that a typical family home could contain more than 500 smart devices connected to the Internet. That’s 500 ways for cyber-baddies to do very bad things (including using ransomware) for every home. Eek. Yes, we (KL) will have our work cut out for us in the coming years…
Uh-oh Cyber-News Item No. 2: Computer Worms Rising from the Dead.
Just a few months ago I was fairly bowled over by the news that the Kido/Conficker worm had risen from the dead to infect a German nuclear power plant. I say ‘back from the dead’ as this worm was first discovered as far back as in 2008, reached the peak of its nastiness and noxiousness in 2009 (infecting scores of millions of computers worldwide in practically every country on the planet), and then kinda disappeared by 2010, becoming, it was thought, of interest only to cyber-paleontologists.
But then, just like in a horror movie, these ‘dead’ beasts came back to life, and started terrorizing perfectly innocent citizens.
The cybercriminals behind the resurrection campaign used the worm for attacks on medical equipment and stealing patients’ personal data. It seems the baddies chose specifically the Conficker worm because of its particular talent for successfully attacking ancient unpatched Windows XP (!) computers, on which often runs such medical equipment (!).
Incidentally, there’s a growing market for cyber-stolen patients’ personal data. But that’s not the main problem. Even more serious is the way cyber-swine seems to be able to easily access medical devices remotely: of course, human lives often directly depend on these.
So, as you can see, the cyber-villains are taking direct aim at healthcare, including hospitals. This surely shows how these people know no moral limitations to the crimes they commit.
Uh-oh Cyber-News Item No. 3: Everything Changes – Even Apples.
Tim Cook introducing iOS 10. Photo from here.
Everything changes, evolves… even the company Apple. Its famously closed nature when it comes to practically anything (especially cybersecurity) seems to be showing signs of change: for the first time ever it’s releasing the latest incarnation of its iOS with the kernel unencrypted.
This step will be applauded by a great many folks around the world, while also making a lot of folks’ lives much easier: for example software developers for iOS, and also security researchers, who will be able to find vulnerabilities and help Apple patch them.
Unfortunately, this move will also make the lives of the cyber-baddies easier by making the hunt for vulnerabilities more straightforward to them too.
Apple itself says unencrypted kernels won’t negatively affect security. If that is the case, why have they encrypted everything until now? And what made them suddenly change their approach to that of more openness and Android-ness? Is it the first ever fall in sales? Or the stark fact that 80% of the smartphone market is taken up by Android?
We’ll just have to wait and see. Interesting times ahead!…