BTH News 20September2020
This Week In Cybersecurity
This week on Between the Hacks, a ransomware attack results in human death, the U.S. House passes an IoT security bill, the Mozi botnet makes up 90% of IoT traffic on the Internet and a tool to create and protect your online brand.
Ransomware Attack Results in Death Of German Woman
A ransomware attack targeting Heinrich Heine University seems to have accidentally infected computers at the Düsseldorf University Clinic in Germany. According to an AP article, the clinic’s systems were running “widely used commercial add-on software” with a weakness that was exploited by the ransomware. “As a consequence, systems gradually crashed and the hospital wasn’t able to access data; emergency patients were taken elsewhere and operations postponed.”
Without functioning computer systems, “A seriously-ill patient, who normally would have been taken to Düsseldorf University Clinic, was instead diverted twenty miles away to a hospital in Wuppertal” reports Graham Cluley. The hour-long delay in her treatment was enough time to cause her death.
U.S. House Of Representatives Passes IoT Security Bill
The U.S. House of Representatives passed the IoT Cybersecurity Improvement Act. The bipartisan bill intends to improve the security of Internet of Things (IoT) devices and is backed by Reps. Will Hurd (R-Texas) and Robin Kelly (D-Ill.), and Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo). There are also several major cybersecurity and tech companies that support the bill, including BSA, Mozilla, Rapid7, Cloudflare, CTIA and Tenable, according to CISO Magazine.
“The House passage of this legislation is a major accomplishment in combating the threats that insecure IoT devices pose to our individual and national security. Frankly, manufacturers today just don’t have the appropriate market incentives to properly secure the devices they make and sell – that’s why this legislation is so important,” Warner stated after the bill passed the House.
The bill now has to be passed by the Senate before it can be signed into law by the president. If it becomes law, the IoT Cybersecurity Improvement Act will require NIST to issue standards and guidelines for secure development, patching, identity management, and configuration management for IoT products, reports SecurityWeek.
Mozi Botnet Accounts for 90% of IoT Botnet Traffic
IBM X-Force has discovered that the Mozi botnet, which uses code from the Mirai botnet and targets Internet of Things (IoT) devices, is responsible for nearly 90% of the IoT traffic on the Internet.
“This surge in IoT attacks could be due to a number of causes, but may in part result from an ever-expanding IoT landscape for threat actors to target. There are about 31 billion IoT devices deployed around the globe, and the IoT deployment rate is now 127 devices per second” according to IBM.
At Between The Hacks, we frequently write about home network security, and IBM’s research underscores how rapidly IoT devices are being deployed and that they are a favorite target of attackers. IoT devices are becoming the majority of devices on the Internet, yet they are not required to have basic security built in and often, the end user is required to patch these devices manually but are not told that they need to do this. IoT legislation is critical around the world to stop this dangerous trend.
Tip of the Week
Create online accounts
Do you have a username that you use for everything online (if it’s available)? Or maybe you don’t create accounts online because you’re afraid those accounts will be hacked (don’t worry, that’s an understandable fear). Even if you don’t create many online accounts, someone else might be making accounts in your name. Brian Krebs wrote a very thorough article outlining this threat and I highly recommend everyone read it.
I won’t go into detail because, well, Brian Krebs did a great job as usual, but I will share an online tool called KnowEm.
The KnowEm website states, “KnowEm allows you to check for the use of your brand, product, personal name or username instantly on over 500 popular and emerging social media websites. Grab your name and secure your brand before someone else does.”
If you are creating social media accounts and want to use a common username across them all, it can be a difficult chore to find something that is available. Or maybe you’re starting a company, podcast or blog and want to find a name that is also available on social media. KnowEm is a one-stop shop for doing that research. Let’s say your new blog is called SecurityRulz. You can just type that into the search box and instantly see if that username is already being used.