Secure environment (IoT)

Mobile espionage targeting the Middle East, new FinSpy iOS and Android implants, Dtrack banking malware and other security news

The security concerns of 5G are inescapable. It is an evolving and developing technology built on top of the previous infrastructure, from which it will inevitably inherit vulnerabilities and misconfigurations.

Statistically, Q3 2019 differs little from Q2. In terms of geographical distribution of attacks and targets, we saw a continuation of the now familiar trend of unexpected guests appearing, only to drop out the next quarter.

Since 2008, cyber-criminals have been creating malware to attack IoT-devices. How do we deal with that? The best option for tracking attacks, catching malware and getting an overview of attacks in this area is to use honeypots.

Kaspersky and the research team at the University of Ghent looked deeper into how the wide use of so-called “social robots” in the future could affect humans’ private lives, their social behavior and what the cyber security takeaways from this impact are.

We decided to study the live threats to building-based automation systems and to see what malware their owners encountered in the first six months of 2019.

According to Kaspersky DDoS Protection data, the second quarter of 2019 turned out to be rather less eventful than the previous one. As such, the number of attacks foiled by our protection systems fell by 44%. But at the same time, the quarter turned out to be richer than the first in terms of high-profile DDoS attacks.

This year, we decided to continue our tradition of small-scale experiments with security of connected devices but focused on the automotive-related topic. We randomly took several different automotive connected devices (a couple of auto scanners, a dashboard camera, a GPS tracker, a smart alarm system, a pressure and temperature monitoring system) and reviewed their security setup.

In this article, we publish the results of our study of the Fibaro Home Center smart home. We identified vulnerabilities in Fibaro Home Center 2 and Fibaro Home Center Lite version 4.540, as well as vulnerabilities in the online API.

Zebrocy and GreyEnergy, four zero-day vulnerabilities in Windows, attacks on cryptocurrency exchanges, a very old bug in WinRAR, attacks on smart devices and other events of the first quarter of 2019.

Q1 2019 held no particular surprises, save for countries such as Saudi Arabia, the Netherlands, and Romania maintaining a high level of DDoS activity.

Like other IoT devices, the prosthetic arm sends statistics to the cloud, such as movement amplitudes, the arm’s positions, etc. And just like other IoT devices, this valuable invention must be checked for vulnerabilities. In our research, we focused on those attack vectors that can be implemented without the arm owner’s knowledge.

For the third quarter in a row, the Top 10 ratings of countries by number of attacks, targets, and botnet C&C servers continue to fluctuate. Growth in DDoS activity is strongest where previously it was relatively low, while the once-dominant countries have seen a decline.

There are lots of home charger vendors. Some of them, such as ABB or GE, are well-known brands, but some smaller companies have to add ‘bells and whistles’ to their products to attract customers. One of the most obvious and popular options in this respect is remote control of the charging process. But from our point of view this sort of improvement can make chargers an easy target for a variety of attacks.

All too often, both rely on manipulating human psychology as a way of compromising entire systems or individual computers. Increasingly, the devices targeted also include those that we don’t consider to be computers – from children’s toys to security cameras. Here is our annual round-up of major incidents and key trends from 2018