New Internet Laws Fuel Russian Cybercrime

New Internet Laws Fuel Russian Cybercrime: The introduction of Russia’s Sovereign Internet rules is having an impact on the way criminal hackers around the world do business. This is according to security house IntSights, which says that the law, set to become official in a few months, will force many hacking groups to change the way they operate both in Russia and in other countries. The rule would lead to Russia developing its own standalone network that could be cut off from all connections outside of the country if need be and continue to function.

“The sovereign internet will make it much easier for Russian law enforcement to crack down on hackers that target Russian entities,” Yakovlev explained in the IntSights Dark Side of Russia report.
“But the government will still likely turn a blind eye to threat actors that target foreign entities – particularly those operating in enemy states, like the United States.”

In other words, as hacking within Russia becomes more difficult and dangerous, expect to see Russian hacking groups focus even more of their attention on western countries, where the attacks will not draw a police response.

If you would like to

  • Learn about the security issues, risks, threats and vulnerabilities associated with IoT systems and connected devices.
  • Gain an understanding IoT security best practice.
  • Meet Leading experts and companies offering security products, solutions and services.
    Come along to Secure IoT 2019, Internet of Things Cyber Security conference, book tickets here

Read full article from The Register article here

Russian hackers targeting IoT devices to penetrate corporate networks

Russian hackers targeting IoT devices to penetrate corporate networks, warns Microsoft. A hacking group linked to the Russian state has been observed targeting Internet-of-things (IoT) devices in a bid to breach secure corporate networks. Microsoft claimed in a blog post that its Threat Intelligence Centre detected multiple attempts from Russia-linked Strontium group – also known as ‘Fancy Bear’ – in April to target VoIP phones, digital video recorders and printers. Hackers tried to attack IoT devices at multiple locations and attempted to use those devices as soft points to gain entry into larger corporate networks.

In two cases, the devices carried factory security settings, such as default passwords, making for easy entry. In a third case, the device was found to be using outdated firmware with known vulnerabilities

After gaining access to the devices, the attackers used them to compromise other vulnerable devices/machines on the network. Some simple scans enabled them to move across the network and gain access to “higher-privileged accounts that would grant access to higher-value data”.

If you would like to

    • Learn about the security issues, risks, threats and vulnerabilities associated with IoT systems and connected devices.
    • Gain an understanding IoT security best practice.
    • Meet Leading experts and companies offering security products, solutions and services.

Come along to Secure IoT 2019, Internet of Things Cybersecurity conference, book tickets here

Read full article from Computing here:

Russian hackers targeting IoT devices to penetrate corporate networks, warns Microsoft

Internet of Things Cyber Security Conference | Early Bird Tickets

Internet of Things Cyber Security Conference

There are just 4 days left to purchase an Early Bird ticket for the Secure IoT 2019, Internet of Things cyber security conference. Learn about: the security issues, risks, threats and vulnerabilities associated with IoT systems and connected devices; gain an understanding IoT security best practice and meet leading experts and companies offering security products, solutions and services with speakers from:

  • Amazon Web Services
  • Arm
  • Copper Horse
  • UK Government Department for Digital, Culture, Media and Sport
  • Device Authority
  • GSMA
  • IBM
  • IoT Security Foundation
  • Microsoft
  • NCC Group
  • Pen Test Partners
  • SAS

Purchase your Ticket here.

Secure IoT 2019, Internet of Things Cyber Security Conference will be held at the Green Park Conference Centre, 100 Longwater Avenue, Green Park, Reading, Berkshire, RG2 6GP, on Thursday, 7th November with registration from 9.00 am and closing at 6pm. For more details see:

For details of the speakers see: Secure 2019 Speakers

Why attend the Internet of Things Cyber Security conference?

We are seeing an ever-increasing number and sophistication of cyber-attacks on systems and products that are using connected IoT devices. These attacks are being instigated by different types of actors including: criminals; states and state sponsored; issue-orientated hactivists (malicious insiders pose the greatest threat) and ‘script kiddies’.

The risk and damage in terms of reputation, costs, health & safety to an organisation or individual due to poor security practice can be considerable.

In May 2018, the General Data Protection Regulation(EU) 2016/679 (GDPR) became enforceable. GDPR covers “security by design” in hardware and software. Data controllers are obliged to consider “data protection by design and by default”. Organisations using insecure IoT devices, software and systems could face action under GDPR should they contribute to theft or “spillage” of personal data.

If you would like to learn more about IoT Security best practice then come along to Secure IoT 2019, Internet of Things Cyber Security conference.

MedTronic recalling insulin pumps following the discovery of security vulnerabilities

Health implant maker MedTronic is recalling some of its insulin pumps following the discovery of security vulnerabilities in the equipment that can be exploited over the air to hijack them.

Specifically, the manufacturer is recalling its MiniMed 508 and Paradigm insulin pumps, along with the CareLink USB control hub and some blood glucose monitoring devices used with the at-risk gear. America’s medical drug watchdog the FDA also issued an alert this week over the holes, which can be leveraged by nearby hackers to execute commands on the pumps.

These commands can, for instance, tell the pump to inject too much insulin, causing the patient to suffer hypoglycemia and pass out or enter a seizure, or too little insulin and cause the patient to develop serious life-threatening ketoacidosis.

See full Article  from The Register:

Scumbags can program vulnerable MedTronic insulin pumps over the air to murder diabetics – insecure kit recalled

Secure IoT 2019 will be held 7th November

  • Learn about the security issues, risks, threats and vulnerabilities associated with IoT systems and connected devices
  • Gain an understanding IoT security best practice
  • Meet Leading experts and companies offering security products, solutions and services

Book Tickets

NIST- Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks

National Institute of Standards and Technology (NIST), US Department of Commerce have published a new document: Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. The purpose of this publication is to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their individual IoT devices throughout the devices’ lifecycles.

Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT devices may affect cybersecurity and privacy risks differently than conventional information technology (IT) devices do.

NIST defines cybersecurity and privacy risks for IoT devices  in terms of three high-level risk mitigation goals:

1. Protect device security.

In other words, prevent a device from being used to conduct attacks, including participating in distributed denial of service (DDoS) attacks against other organizations, and eavesdropping on network traffic or compromising other devices on the same network segment. This goalapplies toall IoT devices.

2. Protect data security.

Protect the confidentiality, integrity, and/or availability of data(including personally identifiable information [PII]) collected by, stored on, processed by, or transmitted to or from the IoT device.This goalapplies toeach IoT device except those withoutany data that needs protection.

3. Protect individuals’ privacy.

Protect individuals’ privacy impacted by PII processing beyond risks managed through device and data securityprotection.This goalapplies to all IoT devices that process PII or that directly or indirectly impactindividuals.

This report, the first in a series addressing the IoT, looks at higher level considerations, NIST says future reports will go into greater depth and detail about related issues.

UK public sector lagging behind in taking IoT beyond pilot, says survey

UK public sector lagging behind in taking IoT beyond pilot, says Yotta survey. The UK’s public sector is lagging behind in adopting Internet of things (IoT) with almost three-quarters, at 74%, yet to make use of the emerging technology commercially, according to a research from technology company Yotta.

The survey commissioned by Yotta found that 39% of public sector organisations did run pilots but could not go beyond that with any live commercial deployments. On the other hand, more than a third, that is 35% of the surveyed public sector IT decision-makers indicated that their organisations are yet to start off with the technology.

The survey also found that public sector IT decision-makers believe security concerns to be the biggest obstacles faced by councils in making effective use of IoT-driven technology.

Almost four out of 10 of respondents, at 38%, voted security concerns as the main challenge, while more than a third, at 35% cited perceived cost of implementations as the reason for not deploying the technology.

Other prime concerns for using IoT are lack of skilled in-house expertise, at 34%, and integration challenges with existing systems, which was referenced by 31% of the surveyed public sector IT decision-makers.

How to hack an IoT device

An E&T investigation together with leading cyber-threat experts reveals how simple it is to hack Internet of Things (IoT) devices hooked up to the internet, exploring the implications of what this could mean for consumers and critical infrastructure in the UK.

See E&T article:

How to hack an IoT device

ETSI releases first globally applicable standard for consumer IoT security

ETSI releases first globally applicable standard for consumer IoT security. The ETSI Technical Committee on Cybersecurity (TC CYBER) has just released ETSI TS 103 645, a standard for cybersecurity in the Internet of Things, to establish a security baseline for internet-connected consumer products and provide a basis for future IoT certification schemes.

ETSI’s new specification, TS 103 645, addresses this issue and specifies high-level provisions for the security of internet-connected consumer devices and their associated services. IoT products in scope include connected children’s toys and baby monitors, connected safety-relevant products such as smoke detectors and door locks, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected appliances (e.g. washing machines, fridges) or smart home assistants.

As many IoT devices and services process and store personal data, this specification can help ensure that these are compliant with the General Data Protection Regulation (GDPR).