alt tag

Posts Tagged ‘Internet of Things’

The Mirai Botnet Returns — and Why You Should be Concerned

Tuesday, March 13th, 2018

The Mirai botnet refers to a massive-scale network of Linux-running Internet of Things devices turned into remote-controlled bots through a malware infection. Hackers can use the network to run a distributed denial of service, or DDoS, by having the infected devices overwhelm a target with data traffic. Mirai malware and its copycats are an ongoing threat to Internet security and stability. All businesses should be concerned about Mirai’s damage potential and perform their security due diligence to avoid contributing to the problem.

A History of Attacks

Mirai first appeared September 2016, then reemerged in late 2017; its botnet of devices maxed out at around 600,000 infected devices.

While the average person probably doesn’t know what Mirai is, most people in the eastern half of the United States experienced what it can do: it was responsible for the October 2016 wide-scale slowdown of the Internet for the entire region.

Without diving too deep into the technical details, this outage-causing traffic came from malware-infected routers and cameras. In the malware botnet’s initial use, it created a massive 630 Gbps attack on a journalist’s website on September 20, 2017, double the traffic from the previous largest known attack.

While the hackers from the original Mirai attack eventually pleaded guilty, the threat from Mirai and similar malware is still very real. In late 2017, hackers used a variation to seize control of over 100,000 devices in just 60 hours, mostly consisting of unsecured modems made by ZyXEL.

How It Works

Mirai is a worm-like malware that infects Internet of Things devices by using factory default credentials. The malware scans the Internet for dozens of IoT devices with known vulnerabilities from default security settings and seizes them. Mirai exploits human behavior because owners often don’t change the default settings. The malware will control the device and use it to flood a target with Internet traffic when the hackers activate a signal. The malware creates an ad-hoc network of thousands of devices and has them all attack a target at the same time until the target’s web hosting platform is so overwhelmed with traffic it goes offline.

Mirai is dangerous because it inspires copycat malware that can be used for similar attacks. This malware family tends to target low-hanging fruit: low-cost electronics with little security. Device owners will have a difficult time identifying when their devices are infected because they remain dormant between the infection and the attack.

What It Means for Businesses

Businesses should be concerned about Mirai and similar malware in two areas: having their devices seized by the malware and being a target of a DDoS attack. Your business could be a victim of the malware without being a hacker’s target if your devices get infected and become a part of the network. An infection could potentially run up bandwidth usage, lead to slower network connections, and cause device malfunctions. Your business could be a target of a botnet DDoS attack, but your company’s devices are far more likely to be infection targets.

Four Security Threats Your Company Could Face in 2018

Tuesday, January 16th, 2018

Hot off the tail of the massive 2017 Equifax breach that exposed personal information of 143 million customers, businesses are on high alert concerning IT security in 2018. While the IT security industry has been successful in mitigating and cracking down on many common threats, hackers are finding new ways to exploit devices that haven’t received as much attention and protection as PCs and servers have. Trends indicate that your company could be looking at security threats from previously ignored devices and sources in 2018. Be on the lookout for the following threats this year.

1. Missing Windows Updates Over Incompatible Antivirus Software and the Meltdown-Spectre Fix

This is one security threat your company could already be facing: There’s an inherent flaw in the way modern CPUs by Intel, AMD and ARM handle data that can be exploited to leak information. This is a substantial problem because it stems from the hardware as opposed to the software, and fixing it can negatively impact device performance. To make matters worse, some types of antivirus software conflict with Microsoft’s fix. If your business is using one of those incompatible programs, you need to switch to a compatible option to continue receiving Windows Updates as of January 2018. Those Windows Update patches are vital to keeping your company’s computers safe.

2. Internet of Things Devices Become a Bigger Threat

As of 2017, there were 17.68 billion IoT-connected devices, and that number is expected to grow to 23.14 billion in 2018.

Your office may interact with devices like an Amazon Echo, a smart thermostat and dozens of smartwatches. These are all IoT devices that could be the targets of security attacks.

These devices can be used to piggyback onto your office network. Additionally, DDoS attacks from hijacked IoT device botnets could be an even bigger threat in 2018.

3. New Devices Are Targeted

Ransomware is for more than just computers now. In 2018, IoT devices could be the next major target for hackers using ransomware to get your business to fork over payment to regain control. A workplace that’s lost control of the thermostat because of ransomware might be highly motivated to pay. Hackers may also be looking to exploit security holes in your office router and modem, as these devices are often neglected when IT staff applies regular security updates. Hackers often exploit the fact that many users don’t change the default password on these devices.

4. Watch out for Mobile Malware

The growing mobile device user base is making the Android and iOS platforms much more attractive targets for hackers over the traditional PC targets. According to Kaspersky, Android devices are more vulnerable to malware, but attacks are easier to identify and fix. While iOS devices are more secure, it’s much harder to tell if a device has been compromised.

Keeping up with IT security in your workplace is your best bet to avoid disastrous breaches and downtime. Our IT consulting experts can help your company identify and protect its security weak points. Contact us today.

Massive IoT DDoS Attack Causes Widespread Internet Outages. Are Your Devices Secured?

Tuesday, November 1st, 2016


As you probably know already, the United States experienced its largest Internet blackout in history on October 21, 2016, when Dyn—a service that handles website domain name routing—got hit with a massive distributed denial of service (DDoS) attack from compromised Internet of Things (IoT) devices. The day will be known forevermore as the day your home IP camera kept you from watching Netflix.

The writing has been on the wall for a while now when it comes to IoT security: We’ve previously discussed how IoT devices can be used to watch consumers and break into business networks.

This specific outage is an example of how the tech industry is ignoring security mistakes of the past and failing to take a proactive approach in protecting IoT networks.

The Outage

The October outage included three separate attacks on the Dyn DNS provider, making it impossible for users in the eastern half of the U.S. to access sites including Twitter, Spotify, and Wired. This attack was different from typical DDoS attacks, which utilize malware-compromised computers to overwhelm servers with requests to knock them offline. Instead, it used malware call Mirai that took advantage of IoT devices. These compromised devices then continually requested information from the Dyn servers en masse until the server ran out of power to answer all requests, thus bringing down each site in turn.

This outage did not take down the servers hosting the platforms, but rather the metaphorical doorway necessary to access those sites.

Ongoing Security Concerns

According to ZDNet, the IoT industry is, at the moment, more concerned with putting devices on the market to beat competition than it is with making devices secure. IoT devices are notably easy to hack because of poor port management and weak password protection. IoT devices are also known for not encrypting communication data. October’s attack wasn’t even the first of its kind: A 145,000-device IoT botnet was behind a hospital DDoS attack just one month prior.

What You Can Do

MacWorld recommends changing the default security configuration settings on all IoT devices and running those devices on a secondary network. The Mirai malware works simply by blasting through default username and password credentials—so users could have protected themselves by swapping the default “admin/admin” and “password/password” settings. There are also IoT security hub devices available to compensate for IoT security shortcomings.

IoT devices can offer fantastic perks for your office, but the security concerns are too important to ignore. If you’re interested in improving network security pertaining to IoT devices or looking for advice on which IoT devices would benefit your workplace, don’t hesitate to contact MPA Networks today.

The “Seven Deadly Sins” of Ransomware

Wednesday, June 29th, 2016



Readers of our blog over the past few years know we were among the first in the Bay Area to warn our customers about the growing threats of ransomware—from the emergence of CryptoLocker and CryptoWall to our federal government’s startling admission that they’re virtually powerless to stop it.

Mostly originating from sophisticated cyber-gangs in Eastern Europe, ransomware may be the most profitable organized crime scheme in the world today.

We weren’t exactly surprised, then, when we received 2016 Will Be the Year Ransomware Holds America Hostage,” a 40-page report from The Institute for Critical Infrastructure Technology (ICIT), a non-profit cybersecurity think tank.

The ICIT report is a comprehensive review of the ransomware landscape—from its earliest origins to the major active strains “in the wild” to the likeliest targets (particularly American small businesses). Today we’d like to highlight the seven delivery channels of ransomware and other malware infections—what we refer to as “The Seven Deadly Sins.”

1. Traffic Distribution Systems (TDS)

If you visit a website and suddenly see an annoying pop-up ad, it’s because the website sold your “click” to a TDS vendor, who contracted with a third-party advertiser. Pop-up blockers have rendered most pop-up ads obsolete, but some of the shadiest TDS vendors contract directly with ransomware groups to spread exploit kits and “drive-by downloads.”

2. Malvertising

As we discussed last July, even trusted web pages can include third party ads embedded with malware-inducing code. One click on a bogus ad can wreak havoc.

3. Phishing Emails

From phony bills and résumés to bogus “unsubscribe” links in annoying spam, email recipients can be tricked into clicking a link allowing an instant viral download of ransomware. Research reveals that despite strong security training, up to 15% of employees still get duped by phishing schemes.

4. Gradual Downloaders

Exploit kits and ransomware can be discreetly downloaded in “segments” over time, evading detection by most anti-virus defenses.

5. Social Engineering

Also known as simple “human ignorance,” a user can be tricked into downloading a phony software update or other trusted download link—even ignoring warning messages (as happened to a friend of ours) only to allow a costly malware infection.

6. Self-Propagation

Once inside a single computer, the most sophisticated ransomware strains can automatically replicate through an entire network via the victim’s address book. ICIT expects that self-replicating ransomware will evolve to infect multiple devices within the Internet of Things.

7. Ransomware as a Service (RaaS)

ICIT predicts that the largest ransomware creators will syndicate “retail versions” of their products to less sophisticated criminals and lower-level hackers who’ll perform the day-to-day grunt work of hunting down new victims around the world. The creator collects a percentage of every successful ransom payment.

In the coming weeks, we’ll continue to examine ransomware and other cyberthreats our customers need to defend against. For more on how to protect your company, contact us.

Welcome to the IoT: Will Your TV Be Watching YOU?

Thursday, March 12th, 2015


We’ve talked recently about the potential dangers of the rapidly expanding Internet of Things, or IoT. As we discussed, the IoT consists of embedded sensors collecting data from dozens of devices in your daily life—your car, your health and fitness equipment, and even your home thermostat. All that tabulated data is intended to help you, whether it reminds you that your car needs a tune-up, that you’re slacking off on those cardio workouts, or that the heat can shut off because you’re not at home. But just as when the Internet first exploded upon us in the mid-1990s, IoT technology may be growing faster than our ability to regulate it and protect our privacy—from hackers, corporations, and even the government.

Smart Devices: Getting Too Smart?

Consider this recent article. The author was excited about buying a state-of-the-art “smart” TV—until he read all 46 pages of the manufacturer’s Privacy Policy.

Think for a moment about the last time you needed to check an “I Agree” box before installing software, downloading music, or applying for a job online. Did you actually read the binding legal contract you were virtually signing? Like most people, you probably skipped that “fine print,” whether it was three pages or 30. “It’s got to be fair,” you assured yourself, “or they couldn’t get away with it.” And you clicked through.

In the case of that smart TV, they actually try to get away with quite a lot. Soon after plugging in that new TV, the user is asked to give their consent to:

  • Set cookies and beacons marking the content you watch and the E-mail you read.

  • Track the apps you use, the websites you visit, and your online interactions with both.

  • Record facial recognition via a built-in camera.

  • A voice recognition feature which may “transmit your spoken words to a third party.”

But what about opt-outs and do-not-track requests, you ask? The TV’s Privacy Policy specifically excludes them. You’re not just watching TV anymore—it’s watching you, too.

New Targets for Hackers … or “Big Brother”?

Are we sounding a little too much like George Orwell here? Maybe. But in this relatively early stage of the IoT, who’s to say your networked household devices won’t be hacked to let a burglar know when you won’t be home? Or after the uproar the federal government created by eavesdropping on millions of cell phone calls via the 2001 Patriot Act, could they someday get permission to monitor citizens via the data collected by their household devices—including their living room TV?

Before you consider upgrading to a smart TV, we recommend you isolate it—along with other IoT devices—from your home or office network via a dual-firewall or “DMZ” configuration. And block that camera the same “low-tech” way many laptop users already do—with a simple piece of black electrical tape over the lens.

For advice and support on protecting your privacy when it comes to IoT devices, contact us at