The Department of Homeland Security warned firms in the energy sector about new, targeted malware infecting industrial control systems and stealing data. DHS’s ICS CERT, the Industrial Control Systems Computer Emergency Response Team, said it is analyzing malware associated with an ICS-focused malware campaign. The malicious software, dubbed “Havex” that was being spread by way of phishing emails and so-called “watering hole” attacks that involved compromises of ICS vendor web sites. DHS was alerted to the attacks by researchers at the security firms Symantec (which dubbed the malware campaign “Dragonfly”) and F-Secure (“Havex”) -a remote access trojan (or RAT) that also acts as an installer (or “downloader”) – fetching other malicious applications to perform specific tasks on compromised networks. One of those additional payloads is a Trojan Horse program dubbed Karagany (by Symantec) that has been liked to prior attacks on energy firms. According to Symantec, the malware targeted energy grid operators, major electricity generation firms, […]
Software
The Internet Of Things Will Need Millions Of Developers By 2020 – ReadWrite
Matt Asay over at ReadWriteWeb has an interesting piece that’s worth reading on the (coming) shortage of qualified application developers engendered by The Internet of Things. Asay cites a new report out from the firm VisionMobile that projects a shocking 57% CAGR (compound annual growth rate) in developers between now and the end of the decade. Much of that will be driven by opportunities in the IoT. Like past gold rushes, the riches in the IoT gold rush won’t go to the “miners” (read: thing makers) but to their suppliers – the 21st century Levi Strauss’s of the world who figure out a way to “stitch” Internet enabled devices together, Asay writes. In other words: value in the age of the IoT is created not by generating data, but by making sense of the (low value) data spewed out by billions of connected devices. (This isn’t exactly ground breaking – […]
Is HyperCat An IoT Silo Buster? | ZDNet
Steve Ranger over at ZDNet has an interesting write-up on HyperCat, a UK-funded data sharing open specification for Internet of Things devices. The new specifications has the backing (or at least interest) of major players and could become an alternative to proprietary standards such as Apple’s HomeKit or Google Nest. HyperCat is described as an “open, lightweight, JSON-based hypermedia catalogue” that is designed to “expose information about IoT assets over the web.” The goal is to provide a set of open APIs and data formats that startups and other smaller firms can use to built ecosystems of connected objects. Smart devices are typically developed using common technologies and platforms: RESTful APIs, JSON (Javascript Object Notation) for data formatting and HTTP (or secure HTTP) as the main communications protocol. However, the Internet of Things is badly “silo’d” – meaning that interoperability between IoT devices happens only when those smart devices happen to use the […]
This Week In Security: Poking Holes In Two Factor Authentication
It was another busy week in the security world. There was big news on the legal front, as The U.S. Supreme Court took steps to protect the data stored on mobile devices from warrantless searches by police. (That’s good news.) But the week also plenty of concerning stories about the security of data stored on mobile phones, tablets and the like. One of the stories that gained a lot of attention was DUO Security’s report on a flaw in PayPal’s two factor authentication feature that could expose the accounts of security-conscious PayPal users. As The Security Ledger reported, DUO researcher Zach Lanier discovered a flaw in mobile APIs published by PayPal that would allow anyone with a valid PayPal user name and password to sidestep two-factor authentication when accessing PayPal accounts that had that option enabled. After DUO went public with information on the flaw, PayPal disabled two factor authentication […]
Goldman Sachs: Security Worries Could Hamper Internet of Things
A report from the financial service giant Goldman Sachs is bullish on the growth of Internet of Things, calling the explosive growth of connected devices a third phase in the development of the Internet – and perhaps the biggest yet. Those are heady words – especially considering the market hype and hysteria that surrounded the first “dotcom” phase. But there’s a catch, apparently: security. According to the web site Valuewalk, concerns about security and privacy are real obstacles to IoT technology adoption. “Security concerns escalate to a whole new level with the Internet of Things,” the Goldman Sachs report notes, citing high profile incidents of hackable home monitoring cameras. (See our coverage of vulnerabilities in the IZON cameras as one example.) Alas, the solution to the insecure devices problem is not simple. Problems range from poor application security during the design phase, to insecure default configurations that leave devices exposed to […]
