Skip to main content
Tag

IoT vulnerability

||

FBI PSA: IoT Devices Targeted by Attackers

By News

The FBI has Released a New PSA

According to the alert, I-080218-PSA, actors with malicious intent have been actively using vulnerable IoT devices. Said devices act as proxies to route malicious traffic for cyber attacks and computer network exploitation.

This reinforces what we have been saying for a very long time. Ignoring or mismanaging IoT device security leaves organizations wide open to potentially devastating cyber attacks that could have far-reaching national and even international consequences.

The FBI warns that a large range of devices could be misused. Examples include routers, smart watches, IP phones, streaming devices, IP cameras, network attached storage devices, and network connected printers. The list goes on and on; any device connected to the internet could be targeted.

The alert states “Cyber actors typically compromise devices with weak authentication, unpatched firmware or other software vulnerabilities, or employ brute force attacks on devices with default usernames and passwords.”

How can companies protect themselves?

The PSA suggests several methods for protection, but here is one to review. Detect and identify all IoT devices within your networks and then ensure they are up to date with the latest security patches.

Syxsense is the IT solution with the ability to detect IoT devices. Our discovery scan will show every device with an IP address connected to your networks. It is impossible to manage vulnerable devices if you don’t know they are there in the first place.

There’s a better way to manage IoT devices. Start your trial with Syxsense.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||

Ransomware in 2018 Has New Leverage

By News

Ransomware’s Unexpected Ally: GDPR

While the intentions of GDPR are positive, analysts are predicting an unintended side effect. Actors using ransomware to extort companies could use GDPR as leverage.

With the strict requirements to stay within GDPR compliance, actors can put pressure on victims to pay out as quickly as possible.

In addition, because GDPR requires the reporting of a cyber breach, reputations will be immediately damaged regardless of how the event turns out. Such reputational damage can cost entities significantly.

Insurance claims are the aftershock of ransomware

In 2017, the UK supermarket chain Morrisons faced a lawsuit regarding compromised data. Those persons who had their data compromised sought compensation, and were granted it by the court. This ruling sets the stage for any number of similar cases of people seeking damages from having their data stolen.

After having already dealt with the costs of fixing the breach and reputational damage, the ransomware event bites back again with these new costs.

The IoT is the next cyber-crime minefield

While not getting the attention it deserves, IoT ransomware attacks are on the rise. In addition, IoT devices are getting smarter, more pervasive, and starting to collect valuable data. This is an already vulnerable field that is only getting more dangerous.

Companies need to get an understanding on just how many IoT devices they have in their networks. Security can’t be maintained if it’s unclear what could be vulnerable.

The bottom line is this: cybercrime costs continue to increase rapidly and are expected to hit $2 trillion in 2019. What will you do to prepare your systems?

Syxsense is prepared to address the threats of today and tomorrow. With our Patch Manager, you can easily identify vulnerable devices and patch them immediately.

Our discovery feature can also show you just how many IoT devices sit inside your networks. With a clear picture of your environment, you can implement a solid protection strategy.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Ocean’s IoT: Casino Hacked Through Fish Tank

By News

Casino Infiltrated through Internet-Connected Fish Tank Thermometer

Picture this: Jazzy music underscores George Clooney’s Danny Ocean pulling off another daring heist. He’s gathered his crew and it’s go time. Their entry point? A fish tank in the lobby.

Okay, maybe that’s not the best physical access point, but it is how hackers stole data from an unnamed North American casino.

According to Nicole Eagan, CEO of Darktrace, malicious actors manipulated a vulnerability in an internet-connected fish tank thermometer and stole data the casino had collected on their high-roller gamblers.

This is yet another stunning example of how the IoT can create unconventional breaches.

The only way to protect your environment is to identify all connected devices. How can you expect to manage your environment if you don’t even know how many devices there are? Finding all those devices is no simple task; it’s estimated there are already over 8.4 billion connected devices!

Managing IoT Devices

Syxsense is at the forefront of IoT device management. Our discovery solution can detect every device connected to your network; not just desktops, laptops, and servers.

Plug the holes in your environment before they sink your ship.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Could Your IoT Devices be Hacked with a Google Search?

By News

Most Companies Are Unprepared for the IoT

Researchers at Ben-Gurion University warn that hackers have an unexpected resource in exploiting your environment: a Google search. IoT device manufactures set a default password for their devices, sometimes even sharing passwords between brands.

“It only took 30 minutes to find passwords for most of the devices [used in the testing] and some of them were found merely through a Google search of the brand,” said Omer Shwartz, a Ph.D. student and researcher at Ben-Gurion.

Thanks to a survey by ForeScout and CensusWide, we also have an eye-opening view into how unprepared companies are for the Internet of Things.

500 CIOs and IT managers provided data and here are the take aways:

  • Approximately 15% do no keep security patches up to date.
  • 47% don’t change the default passwords on devices.
  • Up to 46% said they did not have a full view of the devices connected to their networks.

This is startling. Nearly half of the businesses involved in the survey couldn’t even begin managing their IoT devices. With no way to see which devices are connected to their network, they wouldn’t be able to patch or manage vulnerable devices.

Myles Bray, vice president of EMEA at ForeScout, stated: “IoT has expanded the attack surface considerably for all firms, and without basic security hygiene it is easy for bad actors to gain a foothold and then move laterally on a network to reach high-value assets and cause business disruption.”

When asked about the results of the survey Natan Bandler, CEO and Co-Founder of Cy-OT, added “What is needed is a dedicated cybersecurity solution that is monitoring both the IoT device and its activity…By doing this, an organization will be able to detect when and which devices are at risk.”

IoT Device Management

To detect all of your IoT devices, look to Syxsense. Our product is the first to be able to scan and identify the IoT devices connected to your environments.

Learn more about our IoT capabilities with our video and by starting a trial today!

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

IoT Report: Q1 2018

By News

What do the numbers tell us?

As far back as 2006, there were already 2 billion devices within the Internet of things. By 2016, that number had grown to 6.38 billion.

Now it’s estimated that there are currently over 8.4 billion devices, with that number expected to grow to 11.19 billion by the end of 2018. According to Gartner, by 2020 the number of IoT devices will explode to over 20 billion.

Juniper Research estimates that by 2022 businesses will spend $134 billion annually on cybersecurity for just IoT devices.

How much does a cyberattack cost business?

Looking at a common attack vector, a DDoS attack, The Ponemon Institute estimates that a company will lose approximately $1.7 million. The major expense is in the form of lost services, $517,599. Other costs come in at $414,128 for technical support, $229,071 for lost productivity, $346,062 for disruption of normal operations, and $199,201 for damage/theft of IT assets.

It’s also estimated that businesses are hit with an average of eight DDoS attacks a day, all thanks to the exponentially increasing number of unsecured IoT devices.

So what’s so difficult about IoT device management?

“It’s hard to evaluate the security of a camera, or a doorbell, or something you put in an industrial machine.” 

Michael Kaiser, the executive director of the National Cybersecurity Alliance

Why should we care?

Here’s the bottom line: the IoT is here and will benefit everyone. Lives will be made easier. Processes will be more efficient. New frontiers will be discovered in healthcare, manufacturing, and almost every aspect of our lives.

While IoT devices are thought of as objects like Apple Watches, Amazon Alexa’s, or other home-based smart devices, they are actually more widely spread in business environments. According to a report by Intel and their partners, most IoT devices are in factories, businesses, and health care environments. They estimate a massive 90.6% of IoT devices are business related.

Intel believes by 2025, the total global worth of IoT technology could be as much as USD 6.2 trillion.

It’s time to prepare for the IoT. Syxsense is the first IT management solution that can discover IoT devices and start you on the road to managing. Later this year, we will be rolling out software update management and other features that will secure your IoT devices.

Learn more about the state of your IoT devices and start a trial with Syxsense.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo