Connect with us

Published

on

A new threat is stirring in the digital graveyard. IoT devices that are out of support fall prey to malicious actors.

There comes a time when a device becomes obsolete because it becomes too slow, the owner buys a new device, or it lacks functionality compared to its current version. The manufacturer shifts its focus to a new model, ending the life of the old one.

At this stage, manufacturers stop providing, selling or marketing parts, services or software updates for the product. This can mean many things, but according to security experts, it also means that device security is no longer properly maintained, leaving the end user vulnerable.

Once support ends, cybercriminals may begin to gain the upper hand. cameras, Once the operating systems or firmware of devices such as teleconferencing systems, routers, and smart locks become outdated, they no longer receive security updates, leaving the door open to hacking or other exploits.

IoT

The number of IoT devices reached 17 billion

According to estimates, there are approximately 17 billion IoT devices in the world, from door cameras to smart TVs, and this number continues to grow. Let’s assume that only one-third of them become obsolete within five years.

This means just over 5.6 billion devices could be vulnerable to exploitation. As support decreases, the probability will increase. Often, these vulnerable devices can become part of a botnet, a network of devices that, under the command of a hacker, turn into zombies and do their bidding.

One person’s trash is another person’s treasure

Mozi is a good example of a botnet that exploits outdated and vulnerable IoT devices. This botnet was famous for hijacking hundreds of thousands of internet-connected devices every year. Once compromised, these devices were used for a variety of malicious activities, including data theft and distribution of malware payloads.

IoT

The botnet was very persistent and capable of rapid expansion, but was brought down by 2023. Exploiting vulnerabilities in a device such as an IoT video camera could allow an attacker to use that device as a surveillance tool and spy on you and your family.

Once IP addresses are discovered, remote attackers can take over vulnerable, internet-connected cameras without having prior access to the camera or knowing its login credentials. The list of vulnerable, defunct IoT devices goes on and on, and manufacturers often fail to take action to patch such vulnerable devices; In fact, when manufacturers go bankrupt, it is not possible for them to release patches for their devices.

Old device, new purpose

Due to the abundance of IoT devices among us, a new trend has emerged: Reusing old devices for new purposes.

For example, turning your old iPad into a smart home remote or using an old phone as a digital photo frame or car GPS. The possibilities are many, but safety should still be kept in mind.

These electronic devices should not be connected to the internet due to their vulnerable nature. On the other hand, getting rid of an old device by throwing it in the trash is not a good idea from a security perspective. Besides an environmental perspective, such as avoiding contaminating landfills with toxic substances, old devices can contain treasure troves of hidden information. Unsupported devices can also take part as zombies in a botnet, a network of compromised devices controlled by an attacker and used for nefarious purposes.

These zombie devices are often used for distributed denial-of-service (DDoS) attacks that overload someone’s network or website out of revenge, or for a different purpose, such as distracting from another attack.

Smart world, smart criminals and zombies

You should always keep your devices up to date and, when this is not possible, try to dispose of old data safely by deleting it. Once you destroy them, you must either replace them with a new device or find a new, much less involved purpose for them. Old devices can be easy targets, so by keeping them off the internet or stopping their use, you can feel safe and secure from any cyber harm through them.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Attackers Malware Urea

HP Wolf Security’sten reports point to the use of artificial intelligence when creating malware scripts, threat actors relying on malvertising to spread fake PDF tools, and malware embedded in image files.

Published

on

HP Wolf Security’sten reports point to the use of artificial intelligence when creating malware scripts, threat actors relying on malvertising to spread fake PDF tools, and malware embedded in image files.

The latest in HP Imagine reveals how attackers are using generative AI to help write malicious code. Threat Insights Report published. HP’s threat research team has detected a large, refined ChromeLoader attack spread via malvertisements that lead to professional-looking fake PDF tools and identified cybercriminals who injected malicious code into SVG images.

The report provides an analysis of real-world cyberattacks, helping organizations stay abreast of the latest techniques cybercriminals are using to evade detection and breach computers in the rapidly changing cybercrime landscape. Based on data from millions of endpoints running HP Wolf Security, key attacks identified by HP threat researchers include:

Wolf Security

  • Generative AI helps develop malware in all environments: Cybercriminals are already using AI to create convincing phishing traps, but to date there has been limited evidence of threat actors using AI tools to write code. The team detected a campaign targeting French speakers using VBScript and JavaScript, believed to have been written with the help of AIZ. The structure of the scripts, comments explaining each line of code, and native language function names and selection of variables are strong indicators that the threat actor is using ARMS to create the malware. The attack infects users with the freely available AsyncRAT malware, an easy-to-obtain information stealer that can record the victim’s screens and keystrokes. This activity demonstrates how AIM lowers the bar for cybercriminals to infect endpoints.
  • Subtly crafted malicious advertising campaigns that lead to fake but functional PDF tools: ChromeLoader attacks are getting bigger and more convincing, relying on popular search keywords and malicious ads to direct victims to well-designed websites that offer functional tools like PDF readers and converters. These applications hide malicious code in an MSI file, while valid code signing certificates bypass Windows security policies and user warnings, increasing the likelihood of infection. Installing these fake applications allows attackers to hijack victims’ browsers and redirect searches to attacker-controlled sites.
  • “This logo cannot be used” hides malware in Scalable Vector Graphics (SVG) images: Some cybercriminals are bucking the trend by switching from HTML files to vector images to disguise malware. Vector images commonly used in graphic design generally use the XML-based SVG format. Because SVGs open automatically in browsers, embedded JavaScript codes are executed when the image is viewed. While victims think they are viewing an image, they are interacting with a complex file format that leads to the installation of multiple types of stealing malware.

By isolating threats that evade detection tools on computers—but by allowing malware to safely engage first—HP Wolf Security can capture specific insights into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on more than 40 billion email attachments, web pages, and downloaded files without any reported breaches.

Examining data from Q2 2024, the report details how cybercriminals continue to diversify their attack methods to bypass security policies and detection tools:

HP Sure Click At least 12% of email threats detected by Microsoft bypassed one or more email gateway scanners, the same rate as in the previous quarter.

– The top threat vectors were email attachments (61%), downloads from browsers (18%), and other infection vectors such as removable storage such as USB flash drives and file shares (21%).

– Archives were the most popular malware distribution type (39%), of which 26% were ZIP files.

HP Wolf Security runs risky tasks in isolated, hardware-hardened virtual machines running at the edge to protect users without impacting their productivity. It also captures detailed traces of infection attempts. HP’s application isolation technology reduces threats that can evade other security tools and provides unique insight into intrusion techniques and behavior of threat actors.

Continue Reading

Security

Tips for Keeping Social Media Accounts Safe

Social media has become an indispensable part of modern life with billions of users around the world. According to July 2024 data from Kepios, there are 5.17 billion social media users worldwide, or 63.7% of the global population.

Published

on

Social media has become an indispensable part of modern life with billions of users around the world. According to July 2024 data from Kepios, there are 5.17 billion social media users worldwide, or 63.7% of the global population.

Cybercriminals’ activities on social media are becoming increasingly sophisticated. Users are threatened by many different methods, from social engineering techniques to fake accounts. Hackers can commit fraud by capturing users’ personal data, take over their accounts and use these accounts for spam content or malicious links.

Additionally, since social media users often use the same passwords on more than one platform, a vulnerability in one account can put other accounts at risk.

social media

Common Hacking Methods Used Against Social Media Accounts

  1. Phishing Attacks

Phishing is a tactic where hackers send fake messages or emails pretending to be a trusted source. Cybercriminals try to trick users into providing their login information or clicking a malicious link that compromises their account. Phishing attacks often target influencers by impersonating brands, sponsorship deals, and even platform notifications.

  1. Filling out Credentials

This method involves using stolen login credentials (data breaches or leaks) to access social media accounts. Social media enthusiasts who reuse their passwords on different sites are especially at risk from such attacks.

  1. Brute Force Attacks

Hackers use automated tools to try thousands of different password combinations until they guess the accounts’ password. Weak or common passwords make users an easy target for brute force attacks.

  1. Malware and Keyloggers

Malware can be installed on devices via malicious downloads, email attachments, or drive-by downloads. Once installed, malware such as Remote Access Trojans track keystrokes, allowing hackers to steal users’ passwords and gain access to your accounts.

  1. Session Hijacking

If users are using public or unsecured Wi-Fi, hackers can hijack their sessions to access their social media accounts. By capturing data exchanged between the device and the network, hackers can access users’ sessions without needing login information.

Methods to Protect Social Media Accounts from Hackers

  1. Use Strong and Unique Passwords

The first line of defense against hackers and account takeovers is a strong, unique password for each account. Avoid using birthdays, common expressions, or words that can be easily guessed. Instead, choose long and random combinations of letters, numbers and symbols.

  1. Enable Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security to your account by requiring you to verify your identity with a secondary method (usually a code sent to your phone) after you enter your password. This makes it much more difficult for hackers to access your account, even if they somehow get hold of your login information (email address and password combination).

  1. Be Careful of Phishing Scams

Always double check the sender before clicking on links in emails or messages. Avoid downloading attachments from unknown senders or clicking on suspicious links. Hover over links to see the actual URL before clicking, and if you’re unsure, go directly to the website in question instead of using the link.

  1. Keep Your Software Updated

Outdated software may contain vulnerabilities that hackers can exploit. Update your operating system, browser, and applications regularly to ensure security patches are applied.

  1. Use VPN When On Public Wi-Fi

Public Wi-Fi networks are notorious for risks that make it easy for hackers to get hold of your data. Use a VPN to encrypt your internet connection and prevent your data from being stolen when using public networks. bitdefender‘s VPN service offers secure, encrypted connections that protect your online activity from prying eyes.

  1. Limit Third-Party App Access

Many social media platforms allow you to log in to third-party applications. However, every app you allow to access your social media accounts increases your risk of exposure to hackers. Regularly check apps that have access to your account and revoke unnecessary permissions.

Continue Reading

Security

Google reCAPTCHA V2 System is a Victim of Huge Controversies

The Google reCAPTCHA V2 system, which we frequently encounter today, is used as an important barrier in terms of internet security. However, recent developments show that artificial intelligence can easily overcome this system. Here is the final point in the struggle between artificial intelligence and reCAPTCHA!

Published

on

The Google reCAPTCHA V2 system, which we frequently encounter today, is used as an important barrier in terms of internet security. However, recent developments show that artificial intelligence can easily overcome this system. Here is the final point in the struggle between artificial intelligence and reCAPTCHA!

A group of researchers from the Swiss Federal Institute of Technology developed Google’s reCAPTCHA V2 system using the image recognition model called YOLO (You Only Look Once). 100% successfully managed to pass. This model is an artificial intelligence algorithm that specializes in recognizing objects. By training this model with a dataset of 14 thousand traffic images, the researchers achieved a perfect result in visual verification tests.

Google reCAPTCHA V2 System: Motorcycle and Fire Hydrant Tests with Artificial Intelligence

The model used in the research was a bicycle, fire hydrant, objects such as motorcycles It was very effective in recognition tasks. Although similar successes were achieved in previous studies, reaching a 100% accuracy rate in this project was a remarkable development. This clearly shows that artificial intelligence has reached a point where it can overcome CAPTCHA systems without difficulty.

Google reCAPTCHA V2 system

reCAPTCHA V2 was based exclusively on visual verification tests and is still actively used by many websites around the world. Although Google Like reCAPTCHA V3 Although it has moved on to more advanced systems, widespread use of V2 continues. For this reason, artificial intelligence defeating V2 is considered a serious threat to internet security.

Google reCAPTCHA V2 System: YOLO’s ability to run on low hardware is a great advantage

The YOLO model can work effectively not only on high-performance devices but also on low-end devices. This makes the power of artificial intelligence suitable for use at all levels. Researchers also This artificial intelligence model They also state that they have taken various additional precautions, such as preventing people from constantly logging in from the same IP address.

This development raises big questions about the security of CAPTCHA systems. Artificial of intelligence As it becomes more powerful day by day, it is a matter of curiosity how secure such security systems will remain in the future.

Continue Reading

Trending

Copyright © 2022 RAZORU NEWS.
Project by V