The holidays in security: US govt takes IoT security stand as 2017 promises ransomware, DDoS escalation

Internet of Things (IoT) device hackers would be salivating at the opportunities shown by the latest gadgets at the annual Consumer Electronics Show (CES), where new opportunities to exploit connected devices promise to fulfil predictions that 2017 will be loaded with malicious machine learning and filled with “lucrative chaos” from profit-minded cybercriminals plundering the online world and filling it with, among other things, problematic fake news.

Experts were advising that IoT vendors start treating LAN environments as hostile operating spaces, while vendors were put on notice to improve wearable device security if they were to have any hope of avoiding damaging breaches. The US Federal Trade Commission sees the issue as so important that it launched a landmark case against for poor security in its routers and cameras, and offered a $US25,000 ($A34,000) prize for automatic IoT patching techniques.

Even as the world saw the first reports of Android-based TVs being infected with ransomware, experts were warning of ‘ransomworm’ code that will add worrying new elements to the ransomware scourge, which netted over $US1 billion last year by some accounts. This ratchets up the pressure on businesses that have several choices to make when their data is taken hostage – as happened to what began as hundreds and, ultimately, saw more than 10,000 MongoDB installations erased and held for ransom, in part of a growing trend that is seeing cyber-sabotage tools adopting ransomware techniques as well.

Speaking of being taken hostage: after a period of uncertainty, revelations that Russia did in fact hack the US election in favour of Donald Trump led to a flurry of recriminations. US government authorities recommended a range of retaliatory cyberattacks against Russia, which said the allegations were fuelling a ‘witch hunt’. And while there were doubts about the FBI’s investigation of Democratic National Committee servers, even Trump, who originally denied the plausibility of the allegations, eventually came around by warning that ‘no computer is safe’ from hackers.

Questions of safe havens led some to suggest that the cloud is the only safe place for data. Yet with DDoS marketplaces thriving and even some security products failing to stop man-in-the-middle attacks, the threat is hardly going to go away.

Meanwhile, Apple stepped away from a mandate that iOS developers encrypt their applications’ communications by the end of 2016, while the makers of the Plone content management system were rejecting claims that a flaw in their system was used to hack the FBI.

US immigration authorities are collecting social-media details from certain visitors. But that wasn’t the only travel news, with warnings that despite supposed security measure it is still far too easy to change other people’s flight bookings.

Financial clearinghouse SWIFT was taking a new, multi-pronged approach to reduce interbank messaging fraud, while security experts were reinforcing the importance of the ‘endpoint plus network’ security architecture.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags malwareransomwareConsumer Electronics Show (CES)Internet of Things (IoT)CSO Australia2017 predictionsChristmas Securitymalicious machine learning

More about AppleConsumer ElectronicsFBIFederal Trade CommissionLANUS Federal Trade Commission

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by David Braue

Latest Videos

More videos

Blog Posts