Friday, September 30, 2016

Tabula Rosa Systems Blog Of 9/30 - IoT assault, connected devices increasingly used for DDoS attacks

Tonight there is a Black Moon! By definition it is the second new moon. This is the opposite of a Blue Moon which is the second full moon in the same month.

September 23, 2016  SCMagazine
IoT assault, connected devices increasingly used for DDoS attacks
Researchers noted a significant spike in new malware designed to target IoT devices.
While the information stored in Internet of Things (IoT) devices is still valuable to attackers, Symantec researchers found they're becoming less interested in targeting the victims and more interested in targeting the connected devices to add to botnets used to carry out DDoS attacks.
Researchers noted a significant spike in new malware designed to target IoT devices in 2015, many of which remain active in 2016, with 34 percent of attacks originating in China and 28 percent originating in the U.S., according to a Sept. 22 blog post.
As the number of connected devices in the home increase, researchers expect to see more DDoS attacks stemming from multiple IoT platforms simultaneously as the poor security of these devices make them a prime target.
Infections are also easy to stay under the radar since most IoT malware targets non-PC embedded devices that are internet-accessible with limited features as they are often designed to be plugged in and forgotten leaving victims often not knowing they have been infected.

Several of the attacks used to take over these devices exploited the most common default passwords which are often left unchanged and the most common method of attack often consisted of a scan for IP addresses with open Telnet or SSH ports, researchers said in the post.
Popular IoT malware families include Linux.Darlloz, Linux.Aidra, Linux.Xorddos, Linux.Gafgyt , Linux.Ballpit, Linux.Moose, Linux.Dofloo, Linux.Pinscan, Linux.Kaiten, Linux.Routrem, Linux.Wifatch, and Linux.LuaBot.
Researchers recommend users protect themselves by ensuring their IoT products are secured before purchasing them, auditing IoT devices used on their network, always change default credentials, use strong encryption methods when setting up Wi-Fi networks, disable unnecessary features, use SSH whenever possible.
They also recommend users disable or protect remote access to IoT devices when not needed, used wired connections instead of wireless whenever possible, regularly update firmware and Ensure that a hardware outage does not result in an unsecure state of the device.
Your home router is the equivalent to your front door in the cyber world, prpl Foundation, Chief Security Strategist Cesare Garlati told via emailed comments.
"But while no homeowner in their right mind would leave their physical front door open, many are doing the equivalent with their smart home by failing to take care of their router,” he said. “Failure to patch vendor updates, for instance, could leave critical vulnerabilities present which hackers can take advantage of to eavesdrop on traffic and hijack smart devices.”
Manufacturers' failure to equally prioritized security performance could lead some vendors to run out of business as security becomes more of a priority among consumers, Reiner Kappenberger, head of global product management, enterprise data security for HPE Security-Data Security, told
“The IoT space has become a hot market where companies need to enter quickly with functionality to be considered leading the space,” Kappenberger said. “However with that approach where functionality is the leading indicator comes the risk that security measurements are pushed to the back of the development cycle and frequently then dropped in order to release a product.”
Manufacturer may need to install security monitoring and prevention tolls at the network lever to monitor their network to prevent potential attacks, Shankar Somasundaram, a senior director at Symantec, told via email comments.
“Manufacturer should at first realize that there is a potential brand impact to them if they don't do anything about security on their devices,” he said. “A lot of basic things like identity, authentication and code protection can be done without a significant effort.”
Somasundaram added that not securing devices could also impact consumers more broadly since many devices are now connected.
Norton IoT Solutions General Manager Ameer Karim warned that users should rethink purchasing connected IP cameras, alarm systems, wearables and routers as they often lack basic security features.
For a great satire on email, please see the following:
Good Netiquette And A Green Internet To All! 

Special Bulletin - My just released book

"You're Hired. Super Charge our Email Skills in 60 Minutes! (And Get That Job...) 

is now on sales at 

Great Reasons for Purchasing Netiquette IQ
·         Get more email opens.  Improve 100% or more.
·         Receive more responses, interviews, appointments, prospects and sales.
·         Be better understood.
·         Eliminate indecision.
·         Avoid being spammed 100% or more.
·         Have recipient finish reading your email content. 
·         Save time by reducing questions.
·         Increase your level of clarity.
·         Improve you time management with your email.
·        Have quick access to a wealth of relevant email information.
Enjoy most of what you need for email in a single book.


**Important note** - contact our company for very powerful solutions for IP
 management (IPv4 and IPv6, security, firewall and APT solutions:

Another Special Announcement - Tune in to my radio interview,  on Rider University's station, I discuss my recent book, above on "Your Career Is Calling", hosted by Wanda Ellett.   

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has just been published and will be followed by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

In addition to this blog, I maintain a radio show on BlogtalkRadio  and an online newsletter via have established Netiquette discussion groups with Linkedin and  Yahoo I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and  PSG of Mercer County, NJ.

I am the president of Tabula Rosa Systems, a “best of breed” reseller of products for communications, email, network management software, security products and professional services.  Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.

Over the past twenty-five years, I have enjoyed a dynamic and successful career and have attained an extensive background in IT and electronic communications by selling and marketing within the information technology marketplace.Anyone who would like to review the book and have it posted on my blog or website, please contact me

No comments:

Post a Comment