Networks today are subject to many threats including ransomware, cryptocurrency-miner threats, or state-sponsored hackers.

In line with other security industry pros, Microsoft has confirmed in its 24th annual security intelligence report that ransomware has taken a backseat to pesky cryptocurrency miners. 

But the company also warns that supply-chain attacks are on the rise. These are where an attacker uses a supplier or business partner to spread an infection. 

Past examples include the NotPetya not-ransomware outbreakthat caused over a billion dollars in losses for global firms and the Dofoil BitTorrent attacks. 
    
"Supply-chain attacks are insidious because they take advantage of the trust that users and IT departments place in the software they use," Microsoft warns in the report. 

"The compromised software is often signed and certified by the vendor, and may give no indication that anything is wrong, which makes it significantly more difficult to detect the infection. They can damage the relationship between supply chains and their customers, whether the latter are corporate or home users.

"By poisoning software and undermining delivery or update infrastructures, supply-chain attacks can affect the integrity and security of goods and services that organizations provide."

While attacks are changing and Windows 10 built-in security is improving, the company's advice to customers remains the same. However, there are conflicting data about the best approach to staying secure.  
Microsoft recommends only using software from trusted sources, though this 'security hygiene' measure could be undermined in a supply-chain attack. 

The company also recommends "rapidly applying the latest updates to your operating systems and applications, and immediately deploying critical security updates for OS, browsers, and email."

Deploying patches quickly is generally a good idea. However, Microsoft recently revealed that vulnerabilities in its software are most likely to be exploited as a zero-daybefore the company has even had a chance to release a patch. 

However, its other tips don't present obvious security conflicts.  

"Deploy a secure email gateway that has advanced threat protection capabilities for defending against modern phishing variants," Microsoft warns, adding that businesses should "Enable host anti-malware and network defenses to get near real-time blocking responses from the cloud (if available in your solution)." 

The other important measures organizations should take include implementing access controls, and teaching employees to be suspect of messages that ask them to divulge sensitive information. 

Microsoft also recommends keeping "destruction-resistant backups of your critical systems and data" and using cloud storage services for online backups. 
​
"For data that is on premises, regularly back up important data using the 3-2-1 rule. Keep three backups of your data, on two different storage types, and at least one backup offsite," says Microsoft.

Since we’re early in the year, this might be a good time to propose some predictions for tomorrow’s smart home.

Video Kills the Telephone Call. The proliferation of smart speakers has continued unabated nearly since their inception, but recently we’ve seen a new feature taking center stage on these do-it-all devices – video. 

Amazon kicked off the trend, as it often does, with its Echo Show, a variant of the popular Amazon Echo series that featured a forward-facing camera and a tablet-like touchscreen attached to a smart speaker base. It followed up that effort with its reimagining of the alarm clock, the Echo Spot, a smaller orb-shaped smart speaker that includes a circular touchscreen face and similarly positioned camera. 

Google soon followed suit, adding the Google Home Hub, an upgrade of its Google Home smart speaker that, like the Show, featured a touchscreen tablet. Now Facebook has gotten in on the action with the release of Portal, a smart speaker/touchscreen, powered by Amazon’s A.I. assistant Alexa, with a strong focus on video-calling. 

While the merits of video functionality are readily apparent for smart speakers – users can follow recipes with hands-free commands, check the weather or map routes, or just catch up on shows while multi-tasking around the house – there seems to be a real push for these video-equipped hubs to replace the phone as the communication device of choice in homes. 

For Facebook Portal, this is expressly the case, with all other smart speaker features coming almost as afterthoughts to its prime purpose of visual-based communications. So committed to the cause of video chatting is the Portal that the Portal+ device can recognize users as they move and automatically rotate to follow them, allowing chat participants to remain on screen as they move from kitchen to couch. 

While Apple has not announced plans for a video element for its HomePod, the company has recently upgraded the capabilities of its iOS-based video chatting app, FaceTime, allowing users to communicate with up to 32 people on a call at one time. 

It remains to be seen if a rise in video communication-capable devices leads to a growth in video-chatting – consumers often don’t use products in the ways manufacturers intended. But even if an explosion of video-equipped smart speakers doesn’t lead to a golden age of people looking each other in the eye while communicating, at least everyone will be able to watch “The Great British Bake-Off” while making breakfast.
Smart Services. Throughout their history, smart homes have been defined by the intelligent devices they house. Voice-controlled lighting, thermostats that automatically adjust with the weather, coffee pots that begin brewing when they recognize you’re awake – products that save labor, money or time via automation and connectivity. 

But what about those tasks for which no single device will suffice? The chores – laundry, grocery shopping, home maintenance – that, short of a robotic butler, will require some manual labor on the part of the homeowner? 

Brace for the rise of smart services – automated fulfillment of the daily tasks that make an uninterrupted life possible. 

“Replenishment” is one area where these smart services are already established, and we should expect to see further growth. Beyond services like Peapod, you may have noticed that nearly every grocery chain of substantial size is offering some manner of automated ordering – and reordering – and delivery, either via an app or website. This process allows customers with a good grasp of their consumption habits to ensure that their homes are never out of their favorite foods, with specific items in specific quantities being automatically delivered at regular intervals. 

But expect producers to take thinking even further out of the process. Leveraging technologies like Amazon Dash, developers will start programming the household devices to recognize when they are running low on supply and automatically reorder the goods. Like WePlenish, a smart coffee pod container that keeps track of inventory levels and automatically orders more java when needed, so you never have to experience a caffeine-less existence. Will we see the refrigerator that automatically orders tomatoes? Or the soap dispenser that refills itself? The possibilities are endless – and likely, as automated reordering is an activity manufacturers can firmly get behind. 
​
Task Oriented. But what about the tasks that keep your house running that require some measure of manual labor, like cleaning and maintenance? Here, too, we should expect to see app- and device-based solutions that call in reinforcements with some measure of regular automation when the chores need to get done. Like Cleanly, an app that allows users to schedule pickup and drop-off of their laundry, fresh and folded, within 24 hours. The latest version of certain home standards, like washers and dryers, can run their own diagnostic programs, identifying errors when they arise – how long before these machines can request their own maintenance when need? How long before a pool probe can send out a call when it needs cleaning? Or gutters can identify when they need to cleared? 

In addition to the rise of these automated services, we should expect to see growth of the technologies that help facilitate them. Technologies like Ring video doorbells or August smart locks, which can allow homeowners to identify who is at their door – like the Cleanly delivery person – and grant them temporary access to your abode. 

That is if a human even delivers your goods anymore. 

Delivery Improvements. Walmart recently announced a pilot programwith Ford and Postmates to examine the automated delivery of groceries via autonomous self-driving vehicles. Likewise, grocery chain Kroger announced a partnershipwith Nuro to tackle the most challenging task of ordering online, “last-mile delivery” – that is, getting the requested goods from the store to the customer’s home, a feat they also hope to accomplish with robotic drivers. 
The result of the endless automation of anything approaching “difficult” should enable individuals to lead lives unhampered in pursuit of their goals – be it increased productivity in matters personal or professional, or the much more noble pursuit of binge-watching Netflix while moving as little as possible.

Remember that Russian router malware warningfrom last week? The situation is even worse than we originally thought, and a whole lot more router owners are going to have to factory-reset their devices and install firmware updates.

Not only are many more Linksys, MicroTik, Netgear and TP-Link routers vulnerable to the VPNFilter malware, according a recent report from Cisco Talos labs, but several Asus and D-Link models are now also thought to be vulnerable, as well as a couple of Ubiquiti routers and individual Huawei, Upvel and ZTE devices. In all, nearly 70 devices are impacted, including QNAP network-attached-storage drives.

The malware itself has a previously unnoticed capability: It can stage a man-in-the-middle attackon your web traffic, altering what you see online and possibly hiding other nefarious deeds.

"They can manipulate everything going through the compromised device," a Cisco Talos researcher told Ars Technica. "They can modify your bank-account balance so that it looks normal while at the same time they're siphoning off money."

How to Protect Yourself. To really be protected from VPNFilter, you need to first fully update your router's firmware, then write down all your Wi-Fi network names and passwords, and finally factory-reset your router.
Once you've done all that, change the router's administrative username and password, then recreate the original network names and access passwords so that your Wi-Fi-enabled devices can reconnect without trouble.

To be safe, ALL routers should be updated and factory-reset because of the VPNFilter malware, despite that being an arduous process, because we don't know where this is going to end.

The malware seems to infect only devices that are known to have had security flaws, all of which have fixes available. If you've kept up on your router patches, or your router patches itself automatically, you probably haven't been infected. Unfortunately, there's no way of knowing for sure.

Only a factory reset will remove the malware, which contains a beachhead module that survives regular reboots; only firmware patches will prevent you from being infected again. Ten days ago, the FBI took down a server from which the beachhead module got instructions to download additional malware components, but it appears that a fallback mechanism lets the beachhead module use other sources.

What's the first thing you do when you arrive at your hotel? Check into Wi-Fi, obviously. Everything else, like unpacking, eating, drinking, and enjoying yourself, comes after.

But a new report by NBC’s Today Show has raised concerns about the safety of your personal information while using hotel Wi-Fi.

According to journalist Jeff Rossen from The Sun, he and a security expert, set up fake Wi-Fi hotspots at a hotel in Cancun, Mexico to see how easy it would be to steal personal information from guests. The pair duped guests by naming their Wi-Fi similar to the official hotspots and were able to see transactions, flight info, and banking info when anyone logged on.

So, what can you do to stay safe? Make sure you ask someone working at the hotel for the official Wi-Fi network name before attempting to log on. Today's advice is to enter the wrong room number in the system when it asks for it. If you are allowed in any way, the Wi-Fi is probably dodgy, while real hotspots won't let you access them without the correct information.

Another option is to invest in a Virtual Private Network (VPN). We covered VPNs in Issue 2-42 and Issue 4-13.
​
Rossen and the security expert also suggested hitting 'forget this network' whenever you leave a place so that you are never automatically logged onto a network without realizing it.

Charging your mobile device wirelessly is undoubtedly less of a hassle than plugging it in, but still requires the device be in physical contact with its charging station actually to work. That’s about to change now that the Federal Communications Commission has approved the first wireless charger that works from up to three feet away.

San Jose-based startup, Energous, recently announced that it has received the first such FCC certification for power-at-a-distance wireless charging with its WattUp mid-field transmitter. The transmitter converts electricity into radio frequencies, then beams the energy to nearby devices outfitted with a corresponding receiver. This differs from the resonant induction method that the Pi wireless charging system relies upon and offers a greater range than the Belkin and Mophie chargers that require physical contact with the device.

The WattUp can charge multiple devices simultaneously and should work on any number of devices, from phones and tablets to keyboards and earbuds, so long as they're outfitted with the right receiver. What's more, the WattUp ecosystem is manufacturer-agnostic – like Wi-Fi – meaning that you'll still be able to charge your Samsung phone even if the transmitter is made by Sony or Apple.
​
While Energous does not have any retail-ready devices available just yet, the company does plan to show off the new technology at CES 2018, which runs January 9th-12th in Las Vegas.

More and more traffic is being carried via Wi-Fi networks, and as traffic figures rise, so do security concerns. Last year, 60% of mobile data traffic was offloaded onto the fixed network via Wi-Fi according to Cisco’s Visual Networking Index. Cisco predicts that by 2021, 50% of all IP traffic will be Wi-Fi (30% will be carried by fixed networks and 20% via cellular networks).

Security for that traffic is becoming more important, mainly because enterprises utilize Wi-Fi for business-critical services and applications. Here are three considerations for Wi-Fi security:

1.Consider Internet of Things (IoT) devices. As more devices get connected, the relationship of those devices to the corporate network or the open Internet must be examined with an eye toward security.

“Without a doubt, the number one way that IoT devices are connecting to the Internet is Wi-Fi,” said Ryan Orsi, director of strategic alliances at Wi-Fi security company WatchGuard Technologies.  He said that customers are coming to his business asking how they can prevent devices such as security cameras, DVRs and other connected devices from being the next zombie recruits in a Mirai-botnet-like attack. While IoT vendors are bringing more and more devices to market at lower prices, Orsi noted, there are no security regulations around such devices outside of the Food and Drug Administration requirements for health-related devices. Some organizations such as ICSA Labs have been attempting to fill that gap by offering security certification for IoT devices.

Adlane Fellah, managing director of Wi-Fi360, said that the number one concern for IoT in an industrial environment is security. He emphasized that Wi-Fi can play a crucial role “to enable better and easier securitization of IoT devices, so that [end users] don’t have to be programmers to make them safe and reliable — and that is as important for the home as it is for industrial applications.”

2.Consider that employees may find security workarounds. When employees work both remotely and in the office, they need secure ways to access their applications or transfer files — or they’ll use unsafe ones, relying on public Wi-Fi or tethering to a personal LTE device to create a potentially unsecured Wi-Fi hotspot, for example. iPass’ 2017 Mobile Security report found that on a global basis, 75% of enterprises still allow or encourage the use of MiFi devices — but in France, 29% of businesses have banned them because of security concerns.

At last year’s Republican National Convention, security company Avast set up several experimental, unauthorized Wi-Fi access points to see how many users would connect to networks with common names like “ATTWifi” or “Google Starbucks.” “Over the course of a day, Avast saw more than 1.6Gbs transferred from more than 1,200 users,” the company reported. “Moreover, 68.3% of users‘ identities were exposed when they connected, and 44.5% of Wi-Fi users checked their emails or chatted via messenger apps.”

3.Consider that some employees may be more vulnerable to attack than others. iPass’ mobile security report found that 40% of enterprises worry that their C-level executives could be hacked while using public Wi-Fi outside of the office.

“The grim reality is that C-level executives are by far at the greatest risk of being hacked outside of the office,” said Raghu Konka, VP of engineering at iPass, in a comment on the mobile security report results. “They are not your typical 9-5 office workers. They often work long hours, are rarely confined to the office, and have unrestricted access to the most sensitive company data imaginable. They represent a dangerous combination of being both highly valuable and highly available, therefore a prime target for any hacker.
​
“Organizations are more aware of the mobile security threat than ever, but they still struggle to find the balance between safety and productivity,” Konka added. “While businesses understand that free public Wi-Fi hotspots can empower employees to do their job and be more productive, they are also fearful of the potential security threat.”

An advanced hacking and cyberespionage campaign against high-value targets has returned.

The so-called 'DarkHotel' group has been active for over a decade, with a signature brand of cybercrime that targets business travelers with malware attacks, using the Wi-Fi in luxury hotels across the globe.

Hotel Wi-Fi hotspots are compromised in order to help deliver the payload to the selected pool of victims. The exact methods of compromise remain uncertain, but cybersecurity experts believe it involves attackers remotely exploiting vulnerabilities in server software or infiltrating the hotel and gaining physical access to the machines.

Those behind the campaign have continually evolved their tactics and malware payloads, blending phishing and social engineering with a complex Trojan, in order to conduct espionage on corporate research and development personnel, CEOs, and other high-ranking corporate officials.

But now the actors behind DarkHotel have changed tactics again, using a new form of malware known as Inexsmar to attack political targets. Researchers at Bitdefender – who've analyzed the malware strain – have linked the Inexsmar campaign to DarkHotel because of similarities with payloads delivered by previous campaigns.

In common with other espionage campaigns, the Inexsmar attack begins with high-level phishing emails individually designed to be interesting and convincing to the target. "The social engineering part of the attack involves a very carefully crafted phishing email targeted to one person at a time," Bogdan Botezatu, senior e-threat analyst at Bitdefender, told ZDNet.

Researchers remain uncertain about who is being targeted by the campaign – and the malware sample doesn't provide clues about this – but the nature of the phishing emails point towards government and political targets.

Within the email is a self-extracting archive package, winword.exe, which when executed begins the Trojan downloader process.

In order to avoid the victim getting suspicious, the downloader opens a decoy Word document called 'Pyongyang Directory Group email SEPTEMBER 2016 RC_Office_Coordination_Associate.docx'.

It shows a list of supposed contacts in the North Korean capital, with references to organizations including FAO, UNDP, UN, UNICEF, and WFP. It even contains warnings about spammers and ensuring privacy – with the victim reading this just as their privacy is being compromised by hackers.

In order to prevent detection, the malware is downloaded in stages – another element of the campaign which links it to DarkHotel. The first stage of the downloader even hides malicious codes and strings inside an otherwise legitimate OpenSSL binary by statically linking the malicious code to the otherwise unrelated library code.

Following this, the malware runs a mshta.exe operation – a legitimate Microsoft HTML Application host needed to execute .HTA files – to download the second part of the payload and compromise the target with the Trojan malware.

Researchers suggest the multi-stage Trojan download is an evolutionary step to keep the malware competitive as victims' defenses improve.

"This approach serves their purpose much better as it both assures the malware stays up to date via system persistence – not achievable directly using an exploit, and giving the attacker more flexibility in malware distribution," says the paper by malware researchers Cristina Vatamanu, Alexandru Rusu, and Alexandru Maximciuc.

DarkHotel is a highly sophisticated hacking operation, stockpiling digital certificates to aid in the distribution of malware and deploy backdoors with code hidden under many layers of protection.

The group is careful to cover their tracks but the nature of the attacks and the way DarkHotel picks victims potentially indicates involvement of a nation state actor.
​
"Attribution is usually difficult with this type of attack, but its complexity and the cherry-picked victims show that it is likely a state-backed threat with serious skills and resources," said Botezatu.

A new kind of attack is targeting unsecured Internet of Things devices by scrambling their software and rendering them useless.

Security firm Radware first spotted the newly-found "BrickerBot" malware last month after it started hitting its own devices, logging hundreds of infection attempts over a few days. When the malware connects to a device with their default usernames and passwords – often easily found on the internet – the malware corrupts the device's storage, leading to a state of permanent denial-of-service (PDoS) attack, known as "bricking."

In other words, this attack, "damages a system so badly that it requires replacement or reinstallation of hardware," said Radware.

Like the Mirai botnet, most famous for bringing down wide swathes of the US internet last year in a massive distributed denial-of-service (DDoS) attack, the BrickerBot also uses "the same exploit vector" by brute-forcing telnet accounts with lists of available usernames and passwords.

The researchers say that the attackers also have an affinity for targeting devices on Ubiquiti networks. Once inside, the malware runs a sequence of commands, which "try to remove the default gateway and disable TCP timestamps as well as limiting the max number of kernel threads to one," which would scramble the device's memory.
​
"Unfortunately, even after performing the factory reset, the camera device was not recovered and hence it was effectively bricked," said Radware.

The ongoing war between malicious hackers and technology security specialists has been waging for as long as the Internet has been widely used. One tool in the arsenal is called a Botnet. A Botnet essentially is a number of devices which are connected by the internet and controlled remotely by the botnet’s owner. But how are these made? Why are they almost always associated with nefarious activities? And are there any botnets out there doing good?

There are a few ways for someone to start amassing a botnet. The most common involves an individual purchasing or building a malicious program that will infect a targeted computer or network of computers. Usually this is in the form of a Trojan Horse, but it can be done with drive-by downloading or exploitation of browser vulnerabilities. The program then logs into the victim’s command and control server, and as simple as that the infected computer is now at the mercy of the botnet’s owner.

Botnets can be rather small, to impressively massive in scale. However, the only individuals who may have any guess as to how large these networks are would be the botnet operators themselves. This is because the infected computers rarely experience any disruptions in normal service except when they are being used for various tasks that the owner has commanded them to take part in. Also most attempts to track botnets by the number of IP addresses within them may lead to inaccurate estimates, since the owner may be tumbling through numerous IPs.

Botnets usually get a bad reputation because of the overwhelming number of malicious activities that they have been used in. Especially with media outlets reporting sensationalist stories of attacks using botnets – which seem to always blame the Internet more than the actual human attackers.

That being said, botnets usually are used for things like distributed denial of service (DDoS) attacks. These DDoS attacks have played large roles in attacking financial institutions and other organizations in the past. It makes sense, as a botnet can provide an incredible amount of traffic/power to an attack like that with the keystrokes of a single actor. But botnets are also used in spyware campaigns, click fraud, and dubious bitcoin mining.

However, not all botnets are used for such activities. The difference between botnets used in illegal activities and botnets which are helpful for benevolent and benign applications, appears to be what we call them and how we acquire them. Cloud computing applications like Amazon Web Services seems to share a large amount of characteristics of botnets as far as their usability. The difference, of course, is that we call that “Infrastructure as a Service” and all of the computing power is legally rented out to users.
​
So some types of botnets can be used for good – provided that the companies and individuals renting out AWS are on the level. But with the reputation that botnets have, it’s easy to understand why AWS and other similar services would call themselves “Cloud Computing” as opposed to “Botnet.”

When I go overseas, I’m often without the Internet for long periods. International roaming is still quite expensive.

Last year, a viable option came to market – Skyroam. This is a portable Wi-Fi hotspot, but one that works in over 100 countries. It allows you to connect up to five devices simultaneously to the Internet for a flat fee of $8 every 24 hours.

The unit is pocket-sized and is easy to use. Simply turn on and press "start" to enjoy 24-hours unlimited Wi-Fi. No SIMs, no unlocking phones and no entangling subscriptions.

The devices (which can be bought online, or through one of their brick-and-mortar partners) cost around $100, and are a good value if you travel frequently. But if you, like most people, only make one or two international trips per year, they’re probably not worth it.

But now, you can get your hands on one without the massive upfront cost. Skyroam has opened vending machines in several US airports, allowing you to rent a device for as long as you need for just $9.95 per day.
Once you’ve returned from your trip, just mail back the device with the provided pre-paid envelope, and you’re golden.
​
The first vending machines are now available at San Francisco International Airport (SFO), Las Vegas McCarran International Airport (LAS), and Houston George Bush Intercontinental Airport (IAH). You can also rent a unit and have it sent to you from their website.