#CyberFLASH: Researchers hack Philips Hue lights via a drone; IoT worm could cause city blackout


Every once in a while, you read about an attack which has the potential for especially concerning consequences. Since reading about an IoT worm that could unleash all sorts of chaos, it’s come to mind again and again. Then it hit the radar of cryptographer and security pro Bruce Schneier. He wrote, “This is exactly the sort of Internet-of-Things attack that has me worried.”

Researchers from the Weizmann Institute of Science in Israel and Dalhousie University in Canada didn’t just theorize about the possibility of an IoT worm; using a few hundred dollars of readily available equipment, they created a proof of concept attack to exploit Philips Hue smart light bulbs.

Researchers have been taking aim at both ZigBee and Z-Wave wireless protocols for years. Hue light bulbs communication via the ZigBee protocol. Any new firmware is delivered via Over The Air (OTA) updates. In the researchers’ attack, the worm replaces the firmware.

In the paper, “IoT Goes Nuclear: Creating a ZigBee Chain Reaction” (pdf), researchers “describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction.”

Read more here

#CyberFLASH: Hackers used ‘internet of things’ devices to cause Friday’s massive DDoS cyberattack


Could millions of connected cameras, thermostats and kids’ toys bring the internet to its knees? It’s beginning to look that way.

On Friday, epic cyberattacks crippled a major internet firm, repeatedly disrupting the availability of popular websites across North America and Europe such as Twitter, Netflix and PayPal.

The hacker group claiming responsibility says that the day’s antics were just a dry run and that it has its sights set on a much bigger target.

And the attackers now have a secret weapon in the increasing array of internet-enabled household devices they can subvert and use to wreak havoc.

Major cyberattack knocks Twitter, Paypal, Spotify offline Friday

Overwhelmed by ‘junk data traffic’

Manchester, N.H.-based Dyn Inc. said its server infrastructure was hit by distributed denial-of-service, or DDoS, attacks. These work by overwhelming targeted machines with junk data traffic — sort of like knocking someone over by blasting them with a fire hose.

Jason Read, founder of the internet performance monitoring firm CloudHarmony, owned by Gartner Inc., said his company tracked a half-hour-long disruption early Friday affecting access to many sites from the East Coast. A second attack later in the day spread disruption to the West Coast as well as some users in Europe.

Members of a shadowy hacker group that calls itself New World Hackers claimed responsibility for the attack via Twitter, though that claim could not be verified. They said they organized networks of connected devices to create a massive botnet that threw a monstrous 1.2 trillion bits of data every second at Dyn’s servers. Dyn officials wouldn’t confirm the figure during a conference call later Friday with reporters.

Read more here

#CyberFLASH: National Cyber Security Awareness Month: 10 Tips For Businesses


In a world that is more connected and accessible than ever, the declaration of October as national Cyber Security Awareness Month by governments and business leaders in several countries including Canada, the United States and Australia, is a strong statement that cybersecurity is an international safety concern.

The campaign aims to bring awareness to the wide scope of concerns that the term cybersecurity covers, including internet security, privacy, mobile safety, distributed denial-of-service (DDoS) attacks, botnets, hacking, data breaches, malware, pharming and phishing to name a few.

Now is a good time for businesses to review their cybersecurity practices. It is tempting to think that “it can’t happen to me”, but in the wake of Yahoo’s recent admission that personal data was hacked, it is clear that this can happen to anyone.

Of course, technological safeguards are critical to security, however operations and policy play a crucial role as well. The steps outlined below focus on tips that involve measures that go beyond technology.

  1. Plan on a Prudent Response. In a 2015 study commissioned by the Office of the Privacy Commissioner of Canada, only 41% of surveyed companies stated that they had policies or procedures in place that dealt with data breaches where there was a compromise of customer personal information. If an Incident Response Plan is made ahead of time in order to deal with a cybersecurity breach, a company will be in a position to respond quickly in a manner that mitigates harm to the business and to third parties (such as customers). Companies who do not make such a Plan are often caught flat-footed and fumble through an incident, and increase the risk of complaints to regulators and class action or other lawsuits.
  2. Build an Effective and Safe Cybersecurity Workforce. Robust recruitment processes that properly vet candidates will help ensure that the hiring of problematic employees is avoided. Unfortunately, many attacks come from inside an organization. Background checks are an important tool in the screening process. Employees play a key role in helping to prevent cybersecurity incidents. Proper training is key, and will enable employees to spot suspicious activities and events, and report them to the appropriate personnel. Employees are the single most important group of people who can help to reduce unintentional errors and technological vulnerabilities.

Read more here

#CyberFLASH: DDoS attacks on the rise – touching 500gbps

a-woman-uses-her-computer-keyboard-to-type-while-surfing-the-internet-in-north-vDDoS attacks are on the increase and getting bigger and more widespread, according to research released by Arbor Networks.

In its Worldwide Infrastructure Security Report, Arbor Networks concluded that the size of the largest DDoS attack it recorded in 2015 was 500gbps, up from 400Gbps in 2014. Other respondents to the survey reported attacks of 450, 425 and 337gbps.

The firm interviewed 354 global network operators from the US, Canada, Latin America, Europe, Middle East, Africa, Asia Pacific and Oceania.

Many respondents from enterprises and datacentres said that as a result of a DDoS attack, firewall and IPS devices had failed. Around half of datacentres suffered DDoS attacks which maxed out their entire Internet bandwidth – an increase from 33 percent last year.

DDoS attacks on DNS servers were up from 17 percent last year to 30 percent this year. But the research showed that despite the increase in this type of attack, 17 percent of service providers and 26 percent of enterprises still had no dedicated DNS security resources. 

The cloud didn’t escape the attentions of hackers: attacks on cloud-based services are up by a third over the previous year.

According to the report, the top motivation behind DDoS attacks is “criminals demonstrating attack capabilities,” with “gaming” and “criminal extortion attempts” in second and third place respectively.

Read more here

#CyberFLASH: Canadian data breaches in 2015: Big firms weren’t the only targets


Of all the publicly-disclosed data or privacy breaches in this country in 2015, one topped them all by a wide margin: Ashley Madison.

With over 30 million records exposed from the dating site, a $578 million class action suit filed against parent Avid Life Media, the CEO resigning after his emails were published, the attack is easily one of the largest reported in Canadian history.

But it’s easy for infosec pros to sit back and think, ‘Thank Gawd my company isn’t such a big fat target.’ Instead, they should remember all of the smaller breaches that happened this year as a lesson that corporations and government departments aren’t the only targets. Here’s just three of them:

— A successful phishing attack in September against the Association of Professional Engineers and Geoscientists of Alberta (APEGA) yielded members’ names, email addresses and association ID numbers. The vehicle was an email supposedly from CEO Mark Flint. The association has 75,000 members, but it didn’t say how many names were exposed;

–This month a Calgary wine store had to pay $500 in Bitcoin to meet a ransomware demand or lose access to its database. According to the CBC, after paying the company an unofficial receipt thanking it for the involuntary “purchase;”

–Worried about insider threats? Here’s one you weren’t thinking about: Senior bureaucrats at British Columbia’s District of Saanich approved the installation of monitoring software on certain computers — including the mayor’s. Somehow he didn’t get told. Among other things, staff were afraid he might discover IT security shortcomings.

These are some of incidents involving better-known organizations:

–A Rogers Communications staffer was the victim of a phishing attack that led to the loss of a “small number” of business agreements, which included business name, address, phone number and pricing details of the corporate customers, but not personal or financial information;

Read more here

#CyberFLASH: Web Hosting Canada adds expanded cybersecurity protection to its small business web hosting solutions

Q9DataCentreMONTREAL – Web Hosting Canada has selected the .CA D-Zone Anycast DNS from the Canadian Internet Registration Authority (CIRA) to deliver a Canadian-first DNS service for small businesses.

Key facts

  • This made-in-Canada DNS solution, combined with a newly built cloud server infrastructure and web hosting solutions with datacentres on both the east and west coast of Canada, completes Web Hosting Canada’s portfolio of Canadian-focused hosting services.
  • Web Hosting Canada is delivering their Canadian customers enhanced protection from DDoS attack against their DNS. With a global network of servers and an expansive Canadian footprint, the .CA solution also helps to reduce latency for websites and improves the performance of web applications for Canadian users.
  • Although the Internet is a global market, according to research from the Strategic Council published in the 2015 .CA Factbook, 77% of Canadian Internet users support Canadian business whenever possible. Creating a compelling and Canadian web presence can help give companies an advantage and with .CA domains, Canadian-based servers, and made-in-Canada DNS, Web Hosting Canada can help small businesses ensure that their Internet footprint is firmly rooted in Canada.

Executive quotes

“As Canadian entrepreneurs ourselves, the Web Hosting Canada team is keenly aware of the unique needs that many Canadian businesses have. We have designed hosting, cloud and DNS solutions that are not only based in Canada, but designed to help Canadian businesses succeed online.”

– Emil Falcon, CEO at Web Hosting Canada

“Many global DNS and hosting providers ignore the Canadian market. As part of our role in encouraging a better Canadian Internet, CIRA has been a long-time champion of infrastructure options built for Canada first. We are pleased that Web Hosting Canada sees the value in investing in Canada and is helping small businesses choose technology solutions that are closer to home.”

– Dave Chiswell, vice president of product development at CIRA

Read more here

#CyberFLASH: Group stages ‘digital sit-in’ to take down government websites over Bill C-51

3e8bbf09abde7c2cb8cd80f03584f864The members of a group claiming credit for causing a series of government and political party websites to go down on Wednesday afternoon described it as a “digital … sit-in” to protest Bill C-51 and a handful of arrests in Halifax.

“Honestly, we just want people talking about what’s happening here with C-51,” one of the members told the Citizen.

Members of the group, calling itself Op Cyber Privacy, were contacted in an online chat group.

Through the afternoon, a series of denial of service attacks, which overload website servers, brought down a number of government websites.

“(It’s) the digital form of a sit-in protest,” the member said. “We are taking up all the seats of these sites so no one can access them temporarily.”

“It does not damage the website nor do we access information on said websites.”

The group said it had taken down the Conservative party website, the Liberal party website, Peter MacKay’s website and the justice department website, among others.

“The website was down for a short period of time,” said Olivier Duchesneau with the Liberal party.

He said no data had been compromised, adding that denial of service attacks are relatively common.

The group said to expect rolling outages of websites throughout the afternoon and evening. At various times, some of the websites were down. Others were up and running. The group said members weren’t keeping websites down for long.

Read more here

#CyberFLASH: DDoS attacks affecting more countries than ever before

10712553A total of 23,095 DDoS attacks were carried out on web resources located in 76 countries in the first quarter of 2015, up 15 per cent from the 66 countries affected in the final quarter of last year.

SEE ALSO: Burglars take selfie that turns up in victim’s cloud account

This is one of the findings of a new study by cyber security firm Kaspersky Lab into the botnet-assisted DDoS attack landscape. But although the geography is expanding the overall number of botnet-assisted attacks is down by 11 per cent and the number of unique victims down by eight per cent.

Servers in the US, Canada and China are targeted most frequently. The study also finds that the greatest number of attacks on a single web resource in Q1 2015 was 21, compared to 16 in Q4 2014, and the most prolonged botnet attack occurred for almost six days.

“A DDoS attack is often a cross-border effort; the customer is located in one country, the executor in another, the C&C servers are hosted in a third country, and the bots involved in the DDoS attack are scattered across the world,” says Evgeny Vigovsky, Head of DDoS Protection at Kaspersky Lab. “This often makes it more complicated to investigate attacks, take down botnets and catch those responsible. Although cybercriminals do not limit their DDoS toolkits to botnets alone, this is still a widespread and dangerous tool, and it demands preventive protection measures from potential targets, i.e. web resources”.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.