Hackers have unleashed a new malware strain that targets Linux-based systems. The Linux/Shishiga malware uses four different protocols (SSH, Telnet, HTTP and BitTorrent) and Lua scripts for modularity, according to an analysis of the nasty by security researchers at ESET. Shishiga relies on the use of weak, default credentials in its attempts to plant itself on insecure systems through a bruteforcing attack, a common hacker tactic. A built-in password list allows the malware to try a variety of different passwords to see if any allow it in.
A malware signature update issued by the company triggered the software into mistakenly flagging Windows system files as malware, melting down millions of managed systems around the world.
Facebook, Twitter and Snapchat are paying hackers to find glitches in their system. Technological giants are shelling out possibly £156,000 to these ‘ethical hackers’ every day. One of the hackers has spoken out about his job. Known as Topiary online, Jake Davis is a former ‘black hat’ – meaning he was an illegal hacker. The 24-year-old was arrested at his Shetland home in 2011 but escaped a possible 10 year jail sentence. Serving just 38 days, Davis had been tagged by a police anklet for 21 months. But now he is a ‘white hat’, and is exposing tech companies’ flaws so they can patch them up.
Rhode Island’s largest health care provider says an employee’s laptop containing patient information was stolen, but there’s no indication that any patient’s information has been accessed or used as a result of the theft. The Providence Journal reports
The dangers of Internet of Things
The Internet of Things (IoT) is the network of physical objects accessed through the Internet that can identify themselves to other devices and use embedded technology to interact with internal states or external conditions. The IoT is an environment where an object that can represent itself becomes greater by connecting to surrounding objects and the extensive data flowing around it.
The Risks of a Highly Connected Workforce:
- Employees May Not Realize the Associated Risks
The first risk is the fact that many IoT device users may not realize the security risks. Due to its connectivity, a lost IoT device holds much more severe consequences. For example, if an employee has their email on their phone, a lost phone could provide someone with highly classified information. Also, since there are so many devices, there are different security protocols for each one. And each device added means more points of access to secure.
- Security Flaws
Many experts are predicting that the first big IoT device data breach is right around the corner. In fact, James Lyne, global head of security research at Sophos, says that these devices are coming with security flaws which were out of date 10 years ago. Hackers currently have little interest in these devices. But, if the trend continues, and a new smart device is widely adopted, it is plausible to think of a data breach occurring.
The term ransomware comes refers to when a hacker locks a user out of a device for a “ransom.” And with smart devices, getting locked out of a device can have serious consequences—especially in the workplace. For example, a hacker could hold a device used in production for ransom. This could impact distribution or even create products with defects. Also, with the rise of self-driving cars, hackers may be able to take control of the vehicle remotely.
- Being Used as “Botnets”
A botnet is a network of private computers set up to forward transmissions to other computers on the internet. These networks a can carry out DDoS attacks which can take a website or service down. Late 2016 saw one of these attacks make national news. A piece of malware, called Mirai, sent a bunch of traffic to the DNS that hosts many large services. This includes Twitter, Spotify and Amazon to name a few. If this trend continues, we can expect many more botnet attacks in the future.