Author Archives: Radhika Sarang

5G Is Coming: Security Risks You Need to Know About

The future of connectivity is here ­– 5G. This new network is set to roll out across the nation this coming year and bring greater speed to our handheld devices, which means more data and lower latency. But perhaps one of the most anticipated and popular benefits is it will allow even more IoT devices to come online and encourage more connection between said devices. This would enable users to remotely connect to or monitor their IoT devices like kitchen or security gadgets. The promise of more connectivity, smoother IoT user experience, and even more devices online, means there are likely more opportunities and avenues for cyberattacks. 5G will no doubt shape the foreseeable future, let’s see how.

Today, interconnected devices operate on low-powered, low-data-rate networks, such as Cat-M and NB-IoT. With the introduction of 5G networks across the world, the capabilities of VR and AR, AI and ML, and automation and robotics will enhance immensely. Take self-driving cars, for example. These machines require close proximity to their computing to reduce the latency of decision making. The capabilities of 5G don’t end there either. From manufacturing, transportation and logistics, to public safety and the establishment of smart cities, industries are at the ready to take their business to the next level with 5G. With this newfound growing anticipation for the future of 5G, the question has to be asked, what are the security implications for smaller IoT devices?

From an innovation standpoint, 5G is a beacon of light, but from a cybersecurity standpoint, 5G is a “hotbed for a new era of intensified cyberwar.” Denial-of-service attacks, or DDoS, are particular causes of concern for cybersecurity researchers. Devices like refrigerators, thermometers, even light bulbs, will be able to come online because of 5G. Users will be able to remotely check on these appliances through a simple app, but these devices can also be usurped by malicious characters. This increased connectivity and power could see big name sites down for days, or even affect city utility capabilities. Government agencies and private entities are not immune either, but they do have plans in place in the event a DDoS attack occurs.

While consumers can only wait and see what happens with the rollout, industries across the board will want to harness the benefits of 5G. However, consumers and organizations alike need to be cautious in terms of how 5G could be used to help, or hinder, us in the future. Rest assured, even if malicious actors utilize this technology, McAfee’s security strategy will continue to keep pace with the ever-changing threat landscape.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post 5G Is Coming: Security Risks You Need to Know About appeared first on McAfee Blogs.

How to Protect Three Common IoT Devices in 2019

It’s no secret – IoT devices are creeping into every facet of our daily lives. In fact, Gartner estimates there will be 20.4 Billion IoT devices by the year 2020. More devices mean greater connectivity and ease of use for their owners, but connectivity also means more opportunities for hacks. With CES 2019 kicking off this week, we turn our focus toward the year ahead, and take a look at some of the IoT devices that are particularly high-profile targets for cybercriminals: gaming systems, voice tech, routers, and smart cars.

Routers

Routers are very susceptible to attacks as they often come with factory-set passwords that many owners are unaware of or don’t know how to change, making these devices easy targets for hackers. That’s bad news, since a router is the central hub in a connected home. If a router is compromised and all of the devices share the same Wi-Fi network, then they could potentially all be exposed to an attack. How? When an IoT device talks to its connected router, the device could expose many of its internal mechanisms to the internet. If the device does not require re-authentication, hackers can easily scan for devices that have poorly implemented protocols. Then with that information, cybercriminals can exploit manufacturer missteps to execute their attacks. To help protect your router (and thus all your other devices), a best practice is to consider one with a layer of protection built-in, and be sure to use a long and complex password for your Wi-Fi network.

Gaming Systems

Over ten years ago, researchers found that many video gaming consoles were being distributed with major security issues involved with the Universal Plug and Play protocol (UPnP), a feature that allows IoT devices on a network to see each other and interact with one another. However, not much has been done to solve the problem. Through exploiting the UPnP weaknesses in gaming systems to reroute traffic over and over again, cybercriminals have been able to create “multi-purpose proxy botnets,” which they can use for a variety of purposes.  This is just the jumping-off point for malicious behavior by bad actors. With this sort of access into a gaming system, they can execute DDoS attacks, malware distribution, spamming, phishing, account takeovers, click fraud, and credit card theft. Our recent gaming survey found that 64% of respondents either have or know someone who has been directly affected by a cyberattack, which is an astonishing uptick in attacks on gamers. Considering this shift, follow our tips in the section above for routers and Wi-Fi, never use the same password twice, and be weary of what you click on.

Voice Tech

In 2018, 47.3 million adults had access to smart speakers or voice assistants, making them one of the most popular connected devices for the home. Voice-first devices can be vulnerable largely due to what we enable them to be connected with for convenience; delivery, shopping, and transportation services that leverage our credit cards. While it’s important to note that voice-first devices are most often compromised within the home by people who have regular access to your devices (such as kids) when voice recognition is not properly configured, any digital device can be vulnerable to outside attacks too if proper security is not set up. For example, these always-on, always-listening devices could be infiltrated by cybercriminals through a technique called “voice squatting.” By creating “malicious skills,” hackers have been able to trick voice assistants into continuing to listen after a user finishes speaking. In this scenario an unsuspecting person might think they’re connecting to their bank through their voice device, when unbeknownst to them, they’re giving away their personal information.  Because voice-controlled devices are frequently distributed without proper security protocol in place, they are the perfect vehicle in terms of executing a cyberattack on an unsuspecting consumer. To protect your voice assistants, make sure your Wi-Fi password is strong, and be on the lookout for suspicious activity on linked accounts.

While you can’t predict the future of IoT attacks, here are some additional tips and best practices on how to stay ahead of hackers trying to ruin your year:

  • Keep your security software up-to-date. Software and firmware patches are always being released by companies and are made to combat newly discovered vulnerabilities, so be sure to update every time you’re prompted to.
  • Pay attention to the news. With more and more information coming out around vulnerabilities and flaws, companies are more frequently sending out updates for smart cars and other IoT devices. While these should come to you automatically, be sure to pay attention to what is going on in the space of IoT security.
  • Change your device’s factory security settings. This is the single most important step to take to protect all devices. When it comes to products, many manufacturers aren’t thinking “security first.” A device may be vulnerable as soon as opening the box. By changing the factory settings you’re instantly upgrading your device’s security.
  • Use best practices for linked accounts.  For gaming systems and voice-first devices in particular, if you connect a service that leverages a credit card, protect that linked service account with strong passwords and two-factor authentication (2FA) where possible. In addition, pay attention to notification emails, especially those regarding new orders for goods or services. If you notice suspicious activity, act accordingly.
  • Setup a separate IoT network. Consider setting up a second network for your IoT devices that don’t share access to your other devices and data. Check your router manufacturer’s website to learn how. You might also consider adding in another network for guests and unsecured devices from others. Lastly, consider getting a router with built-in security features to make it easier to protect all the devices in your home from one place.
  • Use a firewall. A firewall is a tool that monitors traffic between an Internet connection and devices to detect unusual or suspicious behavior. Even if a device is infected, a firewall can keep a potential attacker from accessing all the other devices on the same network. When looking for a comprehensive security solution, see if a Firewall is included to ensure that your devices are protected.
  • Up your gaming security. Just announced at CES 2019, we’re bringing a sense of security to the virtual world of video games. Get in on the action with McAfee Gamer Security, Beta, it’s free!

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post How to Protect Three Common IoT Devices in 2019 appeared first on McAfee Blogs.

What CES Can Show Us About Evolving Consumer Security Needs: A Timeline

Appropriately dubbed the ‘Global Stage for Innovation,’ it’s no wonder CES showcases the most cutting-edge consumer technologies coming out in the year ahead. No topic is off the table; Attendees will learn more about connected homes, smart cities and self-driving cars, try out shiny new digital health wearables, headsets, and other connected tech, explore AI-driven technologies, and so much more.

Although events like CES showcase breakthrough technologies, interestingly, they also highlight how rapidly new technology is replaced with the next new thing. The rate at which we are treading on new ground is shifting exponentially, and what we see at CES this January might be obsolete in just a few years.

This rapidly changing technological landscape poses a significant predicament to consumers, a ‘digital dilemma’ if you will: as new technologies accelerate and IoT devices that house them progress, new challenges arise with them. This is particularly the case when it comes to security and privacy. And, just as security and products change and adapt, so do our needs and wants as consumers. Those of a teen differ from those of a parent, from those of a baby boomer, and so on. Let’s see how those needs change over time.

A Digital Life Timeline

2015: The Teen Technologist

Born in the late ‘90s, this teen is an everyday gamer, who loves to play games online with friends. They also love their smartphone, mostly for the access to social media. A teen wouldn’t necessarily be concerned with security, so having a comprehensive system built in is crucial.

2021: The Young Professional

Entering the workforce for the first time, the young professional is finally able to buy the gadgets that were once luxuries. They might have two phones; one for work and a personal device. Additionally, they are bringing more connected devices into their home, so the need for a secure home network has become obvious. They are also always on the go and having to connect to public Wi-Fi, so a Virtual Private Network (VPN) should be considered.

2032: The Concerned Parent

Fast forward almost ten years, the young professional has become a worrying parent. Their kids are spending too much time on screens. Having a way to monitor what they are doing on the internet and limit their time online is crucial, and an application that could  provide parental controls would be welcomed. Also, as they bring larger, more connected devices into the home, like smart refrigerators and thermostats, they are excited about a platform that will bake in security through a home network.

2038: The Brand Loyalists

The concerned parent has found devices they like and those they do not like. But more importantly, they have found brands they love, and they may continue to purchase from to bring the latest technology into their family’s lives. A comprehensive security system that covers all types of devices is exactly what they would need to keep a layer of protection

2045: The Unacquainted User

At this point in a digital journey, our user has stopped keeping up with trends because things have changed so much. Almost to the point where they are unwilling to learn new tech, or are untrusting of it all together. But the need to maintain their security and privacy is still top of mind –especially as cybercriminals often prey on this demographic due to being an easy target. A person like this might worry about ransomware, viruses, and identity theft along with protecting their home network.

As you can see, a person’s security and safety needs, desires, and even their devices evolve depending on the moment in which they are within their life. With so much in flux, the last thing anyone wants to think about is security – but with constantly changing technology at an all-time high, it’s safe to bet that threats will evolve to keep pace, and so should the ways in which we protect devices. For these reasons, it’s important to leverage a security partner that will keep this in mind, and will grow with not only our evolving needs, but evolving technology, too.

To learn more about consumer security and our approach to it, be sure to follow us at @McAfee and @McAfee_Home.

The post What CES Can Show Us About Evolving Consumer Security Needs: A Timeline appeared first on McAfee Blogs.

12 Days of Hack-mas

2018 was a wild ride when it came to cybersecurity. While some hackers worked to source financial data, others garnered personal information to personalize cyberattacks. Some worked to get us to download malware in order to help them mine cryptocurrency or harness our devices to join their botnets. The ways in which they exact their attacks are becoming more sophisticated and harder to detect. 2019 shows no sign of slowing down when it comes to the sophistication and multitude of cyberattacks targeted toward consumers.

Between the apps and websites we use every day, in addition to the numerous connected devices we continue to add our homes, there are a more ways than ever in which our cybersecurity can be compromised. Let’s take a look at 12 common, connected devices that are vulnerable to attacks –most of which our friends at the “Hackable?” podcast have demonstrated– and what we can do to protect what matters. This way, as we move into the new year, security is top of mind.

Connected Baby Monitors

When you have a child, security and safety fuels the majority of your thoughts. That’s why it’s terrifying to think that a baby monitor, meant to give you peace of mind, could get hacked. Our own “Hackable?” team illustrated exactly how easy it is. They performed a “man-in-the-middle” attack to intercept data from an IoT baby monitor. But the team didn’t stop there; next they overloaded the device with commands and completely crashed the system without warning a parent, potentially putting a baby in danger. If you’re a parent looking to bring baby tech into your home, always be on the lookout for updates, avoid knockoffs or brands you’re not familiar with, and change your passwords regularly.

Smart TVs

With a click of a button or by the sound of our voice, our favorite shows will play, pause, rewind ten seconds, and more – all thanks to smart TVs and streaming devices. But is there a sinister side? Turns out, there is. Some smart TVs can be controlled by cybercriminals by exploiting easy-to-find security flaws. By infecting a computer or mobile device with malware, a cybercriminal could gain control of your smart TV if your devices are using the same Wi-Fi. To prevent an attack, consider purchasing devices from mainstream brands that keep security in mind, and update associated software and apps regularly.

Home Wi-Fi Routers

Wi-Fi is the lifeblood of the 21st century; it’s become a necessity rather than a luxury. But your router is also a cybercriminal’s window into your home. Especially if you have numerous IoT devices hooked up to the same Wi-Fi, a hacker that successfully cracks into your network can get ahold of passwords and personal information, all of which can be used to gain access to your accounts, and launch spear phishing attacks against you to steal your identity or worse. Cybercriminals do this by exploiting weaknesses in your home network. To stay secure, consider a comprehensive security solution like McAfee® Secure Home Platform.

Health Devices and Apps

Digital health is set to dominate the consumer market in the next few years. Ranging from apps to hardware, the ways in which our health is being digitized varies, and so do the types of attacks that can be orchestrated. For example, on physical devices like pacemakers, malware can be implanted directly on to the device, enabling a hacker to control it remotely and inflict real harm to patients. When it comes to apps like pedometers, a hacker could source information like your physical location or regular routines.  Each of these far from benign scenarios highlight the importance of cybersecurity as the health market becomes increasingly reliant on technology and connectivity.

Smart Speakers

It seems like everyone nowadays has at least one smart speaker in their home. However, these speakers are always listening in, and if hacked, could be exploited by cybercriminals through spear phishing attacks. This can be done by spoofing actual websites which trick users into thinking that they are receiving a message from an official source. But once the user clicks on the email, they’ve just given a cybercriminal access to their home network, and by extension, all devices connected to that network too, smart speakers and all. To stay secure, start with protection on your router that extends to your network, change default passwords, and check for built-in security features.

Voice Assistants

Like smart speakers, voice assistants are always listening and, if hacked, could gain a wealth of information about you. But voice assistants are also often used as a central command hub, connecting other devices to them (including other smart speakers, smart lights or smart locks). Some people opt to connect accounts like food delivery, driver services, and shopping lists that use credit cards. If hacked, someone could gain access to your financial information or even access to your home. To keep cybercriminals out, consider a comprehensive security system, know which apps you can trust, and always keep your software up to date.

Connected Cars

Today, cars are essentially computers on wheels. Between backup cameras, video screens, GPS systems, and Wi-Fi networks, they have more electronics stacked in them than ever. The technology makes the experience smoother, but if it has a digital heartbeat, it’s hackable. In fact, an attacker can take control of your car a couple of ways; either by physically implanting a tiny device that grants access to your car through a phone, or by leveraging a black box tool and  your car’s diagnostic port completely remotely. Hacks can range anywhere from cranking the radio up to cutting the transmission or disabling the breaks. To stay secure, limit connectivity between your mobile devices and a car when possible, as phones are exposed to risks every day, and any time you connect it to your car, you put it at risk, too.

Smart Thermostats

A smart thermostat can regulate your home’s temperature and save you money by learning your preferences. But what if your friendly temperature regulator turned against you? If you don’t change your default, factory-set password and login information, a hacker could take control of your device and make it join a botnet

Connected Doorbells

When we think high-tech, the first thing that comes to mind is most likely not a doorbell. But connected doorbells are becoming more popular, especially as IoT devices are more widely adopted in our homes. So how can these devices be hacked, exactly? By sending an official-looking email that requests that a device owner download the doorbell’s app, the user unwittingly gave full access to the unwelcome guest. From there, the hackers could access call logs, the number of devices available, and even video files from past calls. Take heed from this hack; when setting up a new device, watch out for phishing emails and always make sure that an app is legitimate before you download it.

Smart Pet Cameras

We all love our furry friends and when we have to leave them behind as we head out the door. And it’s comforting to know that we can keep an eye on them, even give them the occasional treat through pet cameras. But this pet-nology can be hacked into by cybercriminals to see what’s get an inside look at your home, as proven by the “Hackable?” crew. Through a device’s app, a white-hat hacker was able to access the product’s database and was able to download photos and videos of other device owners. Talk about creepy. To keep prying eyes out of your private photos, get a comprehensive security solution for your home network and devices, avoid checking on your pet from unsecured Wi-Fi, and do your research on smart products you purchase for your pets.

Cell Phones

Mobile phones are one of the most vulnerable devices simply because they go everywhere you go. They essentially operate as a personal remote control to your digital life. In any given day, we access financial accounts, confirm doctor’s appointments and communicate with family and friends. That’s why is shocking to know how surprisingly easy it is for cybercriminals to access the treasure trove of personal data on your cell phone. Phones can be compromised a variety of ways; but here are a few: accessing your personal information by way of public Wi-Fi (say, while you’re at an airport), implanting a bug, leveraging a flaw in the operating system, or by infecting your device with malware by way of a bad link while surfing the web or browsing email.  Luckily, you can help secure your device by using comprehensive security such as McAfee Total Protection, or by leveraging a VPN (virtual private network) if you find yourself needing to use public Wi-Fi.

Virtual Reality Headsets

Once something out of a science fiction, virtual reality (VR) is now a high-tech reality for many. Surprisingly, despite being built on state of the art technology, VR is quite hackable. As an example, though common and easy-to-execute tactics like phishing to prompt someone to download malware, white-hat hackers were able to infect a linked computer and execute a command and control interface that manipulated the VR experience and disorientated the user. While this attack isn’t common yet, it could certainly start to gain traction as more VR headsets make their way into homes. To stay secure, be picky and only download software from reputable sources.

This is only the tip of the iceberg when it comes to hackable, everyday items. And while there’s absolutely no doubt that IoT devices certainly make life easier, what it all comes down to is control versus convenience. As we look toward 2019, we should ask ourselves, “what do we value more?”

Stay up-to-date on the latest trends by subscribing to our podcast, “Hackable?” and follow us on Twitter or Facebook.

The post 12 Days of Hack-mas appeared first on McAfee Blogs.

Shop till You’re Hacked? 3 Tips to Stay Secure this Holiday Season

With just days until Black Friday, the unofficial kick off to the holiday shopping season is quickly approaching. In anticipation of the busiest time of year for e-commerce, this year we conducted a survey, Stressed Holiday Online Shopping, to understand how financial pressure can impact buyer behavior when it comes to online purchasing and cybersecurity. Let’s take a look at what we can learn from our key findings we garnered from surveying 2,472 adults in the U.S. between the ages of 18 and 55, dive into how the results can help consumers avoid the common pitfalls of holiday shopping and cybersecurity, and learn how they can protect both their devices and digital lives this season.

Deals, deals, deals! When it comes to online shopping, consumers care about saving money

The economic burden of the holidays is something consumers know all too well. With an onslaught of holidays and parties in which gifts are expected for family, friends, or co-workers, it’s no wonder that 79 percent of survey respondents said that holiday shopping puts financial stress on them and/or their families. No doubt, from stretching a budget and bargain shopping to attempting to purchase several perfect gifts when sales are fleeting, browsing and purchasing for the holidays can feel overwhelming, which may be why 53 percent of respondents shared that stress can lead them to be careless when online shopping.

More than half of consumers (56 percent) said that they would use a website they were unfamiliar with if it meant they would save money, while 51 percent shared they would purchase an item from an untrusted online retailer to get a good deal. Thirty-one percent would click on a link in an email to get a bargain, regardless of whether they were familiar with the sender.

This season, many will make online purchases, many will use their phones to do so, and even more will unknowingly put themselves at risk when it comes to cybersecurity

When a good deal pops up, it’s hard to pass up – whether you’re in a tricky financial situation or not. This especially rings true when it comes to mobile purchases. The convenience of our phones – which are always with us – lends itself to taking advantage of deals and flash sales that pop up to make impulsive purchases. This always-on access also paves the way for the path to purchase to be much faster and to occur more often.

Perhaps the accessibility that mobile provides is why this holiday season, e-commerce industry experts are predicting that for the first time ever, more online purchases will be made with mobile phones than any other device. That’s right; rather than reach for a laptop or tablet or call out to our virtual assistants, 68 percent of e-commerce visits will be made from our smartphones that are always by our side – whether we’re in a secure setting or not. In fact, 22 percent of McAfee survey respondents shared that they would make online purchases over public or unsecured Wi-Fi, which could potentially expose their private information and payment details.

Our survey also found that while only 6 percent of respondents would be willing to risk having their bank account details fall into the wrong hands for a good deal, 39 percent would risk sharing their email address, 25 percent would wager their phone number, and 16 percent would provide their home address. The problem with this mentality is that through common attacks like phishing, it takes only a bit of information to lead a hacker to gain more of your personal information under the right circumstances. These results illustrate that when it comes to shopping online –regardless of device type– consumers are in it for the holiday deals while unknowingly ignoring their cybersecurity in the process.

Consumers use a variety of ways to discern whether a site or content is unsafe, but rarely report phishing

Fortunately, most people aren’t completely throwing caution to the wind in terms of cybersecurity. Our survey found that consumers use a variety of tricks to scrutinize a website or email in order to interpret safety and danger signals. Half of the respondents check the website design to make sure it looks professional, and 49 percent check for spelling and grammar.

However, 14 percent shared they had no idea how to verify a website and wouldn’t know where to start. Similarly, many people are unfamiliar with how to discern a fake mobile app from an official one. Which is troubling, since last year it was reported that one in 25 Black Friday apps were fake, with at least 15 malicious Black Friday apps for each of the top five U.S. e-commerce brands.

Tips to Stay Safe While Online Shopping This Year

Between the impact of stress on online behavior and constantly evolving cyberthreats, it’s clear that there is a need for re-education on how to stay safe online, especially as cybercriminals are becoming smarter and more relentless. This holiday season, before you whip out those credit cards and mobile devices, consider these tips:

  • Always connect with caution. Public Wi-Fi might seem like a good idea, but if you are not careful, you could be unknowingly be exposing personal information or credit card details to cybercriminals who are snooping on the network. If you have to conduct transactions on a public Wi-Fi connection use a virtual private network (VPN) such as McAfee® SafeConnect to help keep your connection secure.
  • Think before you click. One of the easiest ways for a cybercriminal to compromise your system is by using phishing emails to lure consumers into clicking links for products or services that could lead to malware, or a phony website designed to steal personal information. If the deal seems too good to be true, or the email was not expected it’s always best to check directly with the source.
  • Browse with security protection. Use comprehensive security protection, like McAfee Total Protection, which can help keep devices protected against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor which can help identify malicious websites.

Starving for more stats? Check out last year’s survey on hackable holiday gifts. Stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Shop till You’re Hacked? 3 Tips to Stay Secure this Holiday Season appeared first on McAfee Blogs.

Beware: Zombie IoT Botnets

The ghosts and ghouls of October have come and gone, but the dangers lurking behind virtual walls have hardly disappeared. The threat of zombie bots is real, and it exists 365 days out of the year. Zombie bots, or devices that are taken over by hackers to disseminate different types of malware, viruses, or spam to other Internet-connected gadgets, are no longer limited to just home computers. As executed in the Mirai botnet attack, they’ve expanded into the world of IoT connected devices, too.

Adding to their complexity, zombie bots are not just limited to one feature or attack; they can be morphed into whatever their ‘master’ wants them to be. From logging keystrokes or searching through files to updating malware and downloading more malware onto an infected device, zombie botnets are ever-evolving.

To a hacker, zombie bots are more effective and infinitely stronger when they band together.  And so one by one, cybercriminals work to spread their malware of choice to devices to form an army of zombie bots, also known as a botnet. Massive botnets are used in distributed denial of service (DDoS) attacks, which are among the most intimidating types of attacks of which zombie botnet armies are capable. DDoS attacks are growing in number and severity; one report found that they’ve increased by 29% since Q2 2017, with the average attack size having increased by 543% to 26.37 Gbps.

The increase in DDoS attacks is attributed to large scale botnets comprised of insecure IoT devices. The adoption of IoT devices shows no signs of slowing down either. Today, there are currently 23.14 billion IoT devices worldwide. That number is predicted to grow exponentially just in the next 7 years to approximately 75.44 billion by 2025.

New variations of the Mirai and Gafgyt botnets exploit vulnerabilities found in IoT devices, including the security flaw that led to the massive Equifax breach of 2017. Just this past month, a botnet by the name of Chalubo was discovered by security researchers. By targeting poorly-secured IoT devices and servers, the Chalubo botnet compromises users’ devices for the purpose of executing a DDoS attack. Researchers also found that this botnet had copied a few code snippets from Mirai, demonstrating that cybercriminals have realized how effective this type of attack is.

So, why the rise in DDoS and other IoT botnet attacks? IoT devices like security cameras, smart lights, DVRs, and routers are particularly easy to remotely access because they often come with factory-set admin password setups, and many of us never change them to something more secure.  Our collective accumulation of connected devices shows no sign of slowing down, and without proper security in place, they are vulnerable to attacks. And what’s particularly troubling is that more often than not, zombie botnet armies operate in the shadows, unbeknownst to their owners.

Put simply, with more IoT devices in use, the risk of botnets increases, as does the need for awareness around this very real and potentially debilitating cyberthreat. While cybercriminals continue to try and leverage our own devices against us, the best way to protect your devices is through education and security best practices:

  • Keep your security software up-to-date. Whether it’s anti-virus, anti-spyware, or overall security, always keep your security solutions up-to-date. Software and firmware patches are ever-evolving and are made to combat newly discovered vulnerabilities, so be sure to update every time you’re prompted to.
  • Change your device’s factory security settings. When it comes to products, many manufacturers don’t think “security first.” That’s to say, your device can be vulnerable as soon as you open the box. By changing the factory settings you’re instantly upping your device’s security.
  • Proceed with caution when opening emails with file attachments or hyperlinks. One of the most common ways your device can become infected is by clicking on a bad link or attachment, through phishing or click fraud attempts. As a preventative safety measure, avoid engaging with suspicious messages altogether. You can often tell if the email is a hacking attempt if there is awkward language, improper spelling, or other signs. It’s a good idea to send spam directly to the trash.
  • Setup a separate IoT network. Consider setting up a second network for your IoT devices that doesn’t share access to your other devices and data. Check your router manufacturer’s website to learn how. Or, consider getting a router with built-in security features, making it easier to protect all the devices in your home from one access point.
  • Use a firewall. A firewall is a tool that monitors traffic between an Internet connection and devices to detect unusual or suspicious behavior. Even if a device is infected, a firewall can keep a potential attacker from accessing all the other devices on the same network. When looking for comprehensive security solution, to see if a Firewall is included to ensure that your devices are protected.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Beware: Zombie IoT Botnets appeared first on McAfee Blogs.

Working Together to Ensure Better Cybersecurity

For many, it’s hard to picture a work environment that doesn’t revolve around the use of technology. Digital, cloud-based services coupled with access through mobile and IoT devices have completely reshaped organizations by streamlining business processes and enabling people to work anywhere, anytime. Thanks to these advances, there have also been a variety of recent shifts in how employers and employees interact with each other, ranging from liberal remote work policies companies asking employees to bring their own devices to work.

Often these changes feel remarkable, efficient and convenient, as they make our work lives much more efficient – but these advancements also create concerns around cybersecurity. Many devices contain both personal and professional data , and when we take our work home or on the go with us, we’re not constantly protected by a company firewall, safe Wi-Fi, or other standard cybersecurity measures. Regardless of what industry you are in, online safety is no longer just IT’s problem. Cybersecurity is now a shared responsibility between an organization and its employees.

Naturally, these changes require education and communication around cybersecurity best practices in order to develop positive habits that will keep both employers and employees safe. Getting a habit to stick also requires an organization to develop culture of security in tandem, in which every individual and department is accountable for cybersecurity and bands together with the shared objective of staying secure.

October is National Cybersecurity Awareness Month, which is a great time to look at how everyone can be a part of the cybersecurity solution within their organization. If cybersecurity has not historically not been a priority within an organization, starting a conversation about it can be difficult, whether you’re an employee or an employer. Consider using these tips to start thinking about personal cybersecurity and how that translates into an overall cybersecurity plan within your organization.

Employers can take the following steps:

  • Identify which company assets are of greatest value, then ensure security measures are in place. Employee, customer, and payment data are all assets that cybercriminals could leverage via phishing, malware, password breaches, and denial-of-service (DoS) attacks. Begin to develop a formal cybersecurity plan based on your specific needs.
  • Set up an alert system. Put a system into place that will alert employees and your organization of an incident. This also includes an avenue for employees to report problems they might notice before they become widespread. The sooner people know about a vulnerability, the faster they can respond and take action.
  • Develop a response plan. Practice an incident response plan to contain an attack or breach. Keep in mind the goal of maintaining business operations in the short term while assessing the long-term effects of the cyber incident.

Employees can follow these guidelines:

  • Regularly update your device’s software. This is the easiest way to ensure your devices are equipped with vital patches that protect against flaws and bugs that cybercriminals can exploit.
  • Take security precautions, even if your company isn’t there yet. Professional and personal information is often intertwined on our devices – especially our mobile phones. Keep all your data secure with comprehensive mobile security, such as McAfee® Mobile Security. Then work within your organization to develop a cybersecurity plan that works for all.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Working Together to Ensure Better Cybersecurity appeared first on McAfee Blogs.

The VORACLE OpenVPN Attack: What You Need to Know

Many of us know that using a VPN (Virtual Private Network) adds an extra layer of security to our Wi-Fi networks. But VORACLE, a recently discovered vulnerability that was announced at a security conference by security researcher Ahamad Nafeez, is making some people reconsider this this steadfast safety tip. Let’s look under the hood at this vulnerability to understand what was impacted and why, and what we should do in the future when it comes to safely connecting to Wi-Fi.

Under the Hood of a VPN

A VPN is a connection between a secure server and your mobile device or computer. Through the VPN your activity and information on the internet is encrypted, making it difficult for anyone else to see your private information. Many of us use a VPN for work when we travel, some of us use them to watch videos online, and more and more of us use them as a best practice to help keep our information safe any time we want to use a Wi-Fi connection that we’re not sure about.

About the VORACLE VPN Vulnerability

At a high level, VORACLE leverages a vulnerability found in the open-source OpenVPN protocol. OpenVPN is an open-source protocol used by the majority of VPN providers, meaning many VPN products are affected.

The VORACLE attack can recover HTTP traffic sent via encrypted VPN connections under certain conditions, the first being that the VPN app in use enables compression via the OpenVPN protocol. A  hacker must be on the same network and able to lure you to an HTTP (not HTTPS) site with malicious code through phishing or a similar other tactic. The attack can happen on all web browsers but Google Chrome, due to the way in which HTTP requests are made.

Luckily the McAfee Safe Connect VPN was not built on the vulnerable OpenVPN code. That said, I want to take this opportunity to remind you of something we talk about a lot in the security industry: relying on only one layer of security is simply not enough today. Here are some tips and best practices to stay safe.

  • Set up multi-factor authentication whenever possible. This tip is especially important for valuable accounts like email or social media, which might be connected to financial information. With multi-factor authentication in place, you’ll be better protected by combining your usual login information with another layer of protection, such as a one-time-password sent to your phone, bio metrics (say, a thumb print), or a security token that you’ll need to confirm before getting access to your account.
  • Use secure websites (HTTPS) whenever possible. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website are encrypted. Most websites are moving toward this standard practice, so if you notice yourself landing on a website with just HTTP, stay alert.
  • Avoid making financial transactions until you’re on a network you trust. Sharing personal data like your credit card information can lead to unnecessary vulnerabilities. The best bet is to wait until you’re on your home network with additional layers of security such as McAfee’s Secure Home Platform already in place.
  • Consider using your mobile network and being your own hotspot. If your mobile or IoT data plan includes a hot spot, consider using that over Wi-Fi to avoid some of the challenges that come with it in the first place.
  • Do continue to use a personal VPN when you’re on the go and using Wi-Fi– just be sure to do so while having an additional layer of security in place so that if a similar vulnerability is discovered, you’ll already have a backup.

Looking for more mobile security tips and trends? Be sure to follow @McAfee_Home on Twitter, and like us on Facebook.

The post The VORACLE OpenVPN Attack: What You Need to Know appeared first on McAfee Blogs.