In a world of increasing cyber attacks and data vulnerability, it’s our responsibility to take action and protect ourselves—even though, at times, it seems ever more difficult. Internet of Things (IoT) devices are flooding the market, becoming a major part of our daily lives; ransomware is preying upon innocent individuals and institutions in the hopes of making a quick buck; and dormant threats are coming out of the cracks, striking fear into those looking towards the future. But even with all of these threats, we continue to innovate, finding new and imaginative ways to protect ourselves and our devices.
This week in tech saw new ways of thinking about security to combat old yet increasingly devious threats. What did you miss?
Could your heartbeat be your next password?
Are you running out of password ideas? Researchers at Binghamton State University think your heartbeat could be the solution.
According to Computer World, the key to your personal health data could soon lie in the unique patterns of your heartbeat. These researchers believe that data like health records can be securely encrypted using the heart’s electrical activity.
These electrical patterns will be recorded via a wearable device that collects physiological data. This makes creating an encryption key fast and simple as no lengthy algorithms have to be run, nor do any passwords need to be remembered. It also ensures maximum data protection as each heartbeat is unique to each individual.
But while these electrical patterns are unique, they are also extremely sensitive and vulnerable to outside forces like the physical activity a patient is doing, as well as their mental state.
“ECG itself cannot be used for a biometric authentication purpose alone, but it’s a very effective way as a secondary authentication,” said Zhanpeng Jin, co-author the paper "A Robust and Reusable ECG-based Authentication and Data Encryption Scheme for eHealth Systems."
The technology exists today, but using it for password encryption is far from practical application.
FCC releases report on IoT security
The FCC has joined the growing list of government institutions releasing recommendations on the security of IoT devices.
The Department of Homeland Security, the Federal Trade Commission and the Department of Commerce recently released similar reports.
The 50-page report suggests that the Internet of Things widens the gap between security and non-security when it comes to connected devices. Consumers have an expectation of the security of these IoT devices, but IoT data protection mechanisms often fall short.
As a result, the FCC plans on monitoring the market closely in order to come up with more stringent guidelines in the face of these increasingly devious and detrimental attacks.
“The reduction of cyber security risk is a national imperative that includes safeguarding our communications networks themselves. Businesses and consumers rely on our wired and wireless broadband networks every day. If these networks are embedded with vulnerabilities, it puts everyone who uses them at risk. The Internet is a network of networks – risk in one network can propagate to others, imposing hidden risk throughout our connected economy and society,” the report reads.
If IoT manufacturers don’t begin taking more precautions and installing more security measures, the FCC will take action, updating its equipment certification process to protect these IoT networks.
Outside of ensuring these devices are effectively secured from point of manufacture, there are other things consumers can do to protect their data, such as routine computer backup. This requires that consumers take data protection into their own hands, storing their information using secure data storage solutions.
St. Louis libraries paralyzed by ransomware attacks
St. Louis libraries were momentarily disabled last weekend after a ransomware attack shut down their operations. On Thursday January, 29th, a malicious malware planted its roots into the St. Louis Public Library Network, affecting over 700 computers and 17 locations, according to PC Mag.
The hackers demanded almost $35,000 via Bitcoin, but the libraries were able to return to normal operations without paying the ransom. The FBI was called in quickly after infection, and they worked alongside library staff to regain access to their servers. By Monday, all computers were completely wiped and restored from available backups, and the library was up and running at full capacity.
"SLPL has worked hard to open a secure but widely available digital world to the people of St. Louis, and I am sorry it was interrupted. An attempt to hold information and access to the world for ransom is deeply frightening and offensive to any public library, and we will make every effort to keep that world available to our patrons,” said St. Louis Public Library Executive Director Waller McGuire.
Luckily for the library and its users, no sensitive data was compromised by the attack, as the library doesn’t store financial or personal information on its servers.
RELATED: What is Ransomware?
More than 350,000 dormant twitter botnets found
A potential malicious network of dormant bots was uncovered by two researchers last week at University College London, according to Threatpost.
The botnets were discovered by accident: the researchers came across the Star Wars-quoting accounts while conducting a different experiment. They later created an AI algorithm that uncovered more than 350,000 bots.
Most of these botnets have been dormant for years, but the fact that they went uncovered for so long raises many alarms. In the future, bots like these could spread spam or malware-delivering links. There are also worries that these accounts could be used to spread fake news and influence public opinion.
The botnets were created over a two-month span in 2013, given believable profiles and photos, and began tweeting Star Wars quotes, purportedly from a “Windows Phone.” The tweets originated in two geographical rectangles over North America and Europe. But their placement and origin leave researchers to believe that the accounts were not those of normal users.
“It’s scary to know there are bad guys and see the terrible things that they have been doing; yet it is much more scary to know there are a lot of bad guys around, but we have no idea what they are up to,” researcher Shi Zhou said.
The researchers have yet to release this information to Twitter in order for other researchers to accumulate and analyze it.
Gmail begins blocking JavaScript attachments
Google is taking a stand against with its recent security update.
According to Tom’s Hardware, Gmail will no longer allow users to open JavaScript attachments as of February 13, 2017. These .js files will be added to a list of restricted file extensions that include .exe, .msc, and .bat.
Malicious ransomware infections have begun entering systems through JavaScript attachments, with attacks increasing dramatically over the last year. Just last week, this blog touched on a story about increasingly devious Gmail phishing campaigns. Google hopes that eliminating the download of these attachments will help lower the number of successful attacks.
But while blocking these .js attachments may diminish the number of ransomware attacks, there is some worry that those who share JavaScript files via email will be at an inconvenience. Google’s solution to this inconvenience is sharing these files using cloud storage solutions.
It’s important to put data protection first, and this step made by Google is in the right direction.
READ MORE:
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.
