Is Extortionware the Next Big Threat?

By Stu Sjouwerman, for KnowBe4.com Security Awareness Training

TK Keanini, CTO, Lancope wrote a 2015 Predictions editorial over at SC Magazine. He said he expects more malware like CryptoLocker and CryptoWall over the next 12 months, but also something new called “extortionware”.

I wholeheartedly agree what he said: “Ransomware remains profitable, and cybercriminals are always looking for areas to grow their business. To date, victims have mainly been individuals with data from their computers or smartphones being held for ransom. But the one industry at great risk here is health care. Three factors make it a highly attractive target for ransomware expansion in 2015 – the mandate to move to electronic records, the sensitive nature of health care data, and the immaturity of the information security practices that exist in the health care industry today. This is a scary notion because we rely so heavily on the availability and accuracy of patient records. The cost of a compromise could range from an inconvenience to loss of life.”

But then he predicts something else for 2015 and that I do not agree with so much: “Extortionware is an expansion on ransomware whereby unless you pay a certain amount to the attacker, the data will be made public for all to see (or for more targeted disclosure). What if the data contains evidence of infidelity, for example? The list of possible incriminating data goes on and on, but you can see how this differs from ransomware. Much like spear phishing, this attack will be much more targeted, but attackers will yield a higher take per victim, and those victims are less likely to involve law enforcement due to the sensitive nature of the data.

Is this very likely? Article continued here.

MQTT not IoT “god protocol,” but getting closer

Interesting article by Don Dingee (@L2myowndevices)

One protocol, and its descendants, drove the success of the World Wide Web. IP, or Internet Protocol, is the basis of every browser connection and the backbone of IT data centers. Some assumed that the Internet of Things would follow suit, with the thought that having an IP address would be a sufficient condition to connect.

The problem on the IoT isn’t IP – the problem is all the stuff layered on top of it. Running protocols such as HTTP, SSL, and XML requires significant compute power and memory space. The average PC, smartphone, or tablet has enough horsepower today to do that, but the average sensor running on a smaller microcontroller does not. (ARM Cortex-M7 notwithstanding.)

To read the full article, click the link below.

MQTT not IoT “god protocol,” but getting closer.

EFF, Mozilla back new certificate authority that will offer free SSL certificates | PCWorld

A new organization supported by Mozilla, the Electronic Frontier Foundation and others is working to set up a new certificate authority (CA) that will provide website owners with free SSL/TLS certificates.

The new CA will be called Let’s Encrypt and is expected to become operational in the second quarter of next year. It will be run by the Internet Security Research Group (ISRG), a new California public-benefit corporation.

The goal of this effort is to get as many people as possible to use the TLS (Transport Layer Security) protocol—the more secure successor of SSL (Secure Sockets Layer)—said Josh Aas, executive director of ISRG. Aas is also a senior technology strategist at Mozilla.

The new CA will not only provide certificates for free, but will also automate the certificate issuance, configuration and renewal processes in order to encourage widespread TLS adoption.

The goal is to make getting a certificate as easy as possible, because that’s currently the hardest part of turning on TLS, Aas said. With the new CA “there will be no billing interaction, no need to create an account. You don’t really need to know much at all except that you want to turn on TLS.”

To read the full article please click the link below.

EFF, Mozilla back new certificate authority that will offer free SSL certificates | PCWorld.

Connect absolutely anything to the Internet with Spark

Everything is getting high-tech — from phones to jewelry. It will not be surprising if, soon enough, we will see high-tech clothes. With the Internet opening tremendous opportunities, people are not shying away from utilizing them to create innovative and unprecedented things. In fact, a whole new category called “Internet of Things” has emerged, where objects are provided with unique identifiers that help them transfer data over a network without the need of a computer.

In an attempt to bring Internet of Things closer to people, a tiny board called Spark Core has come into the market.

The Spark Core with Chip Antenna is a very small WiFi development board that makes it very easy for everyone to create hardware that is connected to the Internet. In fact, the tiny chip is all you will need. Just power it up with the help of a USB connection or a battery, and you will be able to control LEDs, motors, and switches in addition to being able to collect data from its various sensors over the internet.

This core has an on-board controller that is actually a small, low-cost, and low-power computer that has the capability of running a single application. This micro-controller is the one that runs the show. In fact, it runs your software and tells the rest of the core what to do. This tiny little thing does not have an operating system like your computer and just runs a single application (that is also known as firmware or an embedded application). This application can very simple — made up of only a few lines of code — or extremely complex, depending on what you want to do with it.

The first and foremost goal of Spark’s creation is its ease of use. In fact, you can start off without any experience in using hardware or software.

If you are familiar with Arduino, you will love this chip. The core uses the same wiring and programming language as Arduino. It also has an accessory called Shield that helps you connect it to any standard Arduino shield.

The hardware design files — board design, schematic, and bill of materials — are open source as is the firmware. This makes it very user-friendly.

For more information check out their website.

https://www.spark.io/

Report: Smart home market is prepared to surge

I am also in the process of developing Automation solutions.