This week:
3 – Your webcam could be the cause of a ransomware attack
2 – A $1.5 billion lesson about supply chain attacks
1 – My real-world experience with an early prototype of a Humanoid Robot
3 – Your webcam could be the cause of a ransomware attack
“The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim’s network”
What’s the story?
Ransomware attacks continue to be profitable endeavours for cyber criminals. We need multiple security layers to defend against them.
In this one incident, the victim seemed to have all of the usual defences in place, so when the attackers tried to launch their ransomware code on a computer that they had gained access to, the security software on the computer blocked them.
Unfortunately, the victim also had a webcam set up on the same network as the computer. So, the attackers hopped across from the infected computer to the webcam, installed their ransomware code on it, and then ran the code on the webcam to encrypt all the data on the victim’s main server.
So what?
Webcam, Smart Speaker, Games Console, NAS Storage: They are all consumer-friendly names for ‘hackable device’.
If there is a device on our network, it must be secured and monitored.
And if we aren’t sure that we can secure or monitor a device, that device cannot be on the same network as our valuable devices.
Source: Bleeping Computer (and shared on LinkedIn by Karl Houghton)
2 – A $1.5 billion lesson about supply chain attacks
“ByBit, a major cryptocurrency exchange, experienced a significant security breach resulting in the theft of [..] approximately $1.5 billion”
What’s the story?
The theft succeeded after attackers compromised a developer’s computer at Safe{Wallet}, a third-party software supplier. From the developer’s machine, they gained access to the Amazon environment that hosted the software company’s code.
They then edited the code so that any transactions made by ByBit would be redirected to the attackers’ crypto wallet.
When the CEO of ByBit authorised the transfer of $1.5 billion of digital currency, the attackers got their pay day.
So what?
If you’ve attended one of my staff awareness sessions, you know that I talk about the differences between Jim The Burglar (opportunist and usually unsophisticated) and James Bond (targeted and very sophisticated).
This was definitely a James Bond attack.
However, crypto experts still point out that some additional security measures could have reduced the likelihood or impact of this attack. For example, the total losses could have been reduced by transferring the $1.5 billion through multiple transactions (and confirming each transaction has succeeded before proceeding with the next transaction).
In any case, it’s a reminder that our security is dependent on the security of our supply chain and why vendor management / third party risk management is important (even if it’s painful).
Source: CoinJar
1 – My real-world experience with an early prototype of a Humanoid Robot
“NEO Gamma, developed by 1X Technologies, represents the next generation of humanoid robots designed specifically for home environments. [..] NEO Gamma is built for household tasks, companionship, and seamless integration into daily life.”
What’s the story?
A recent video showing the latest NEO Gamma humanoid robot in action caught my attention. The marketing video suggests the robot is designed for domestic settings and can help unload the shopping, clean windows, vacuum the house, and boil the kettle.
Apparently, it is designed to prevent injury by using soft nylon in its suit.
There’s no mention of design features preventing it from being hacked and pouring boiling water over its owners.
Perhaps that’ll come in v2.0.
So what?
I’ve had an early prototype of one of these for a while now.
In my experience, it complains a lot AND only does the work after I’ve asked for the fifteenth time.
I also hear I’ll only get another few years of work out of it before its behaviour and whereabouts can no longer be guaranteed.
It’s called A Child.
Source: YouTube (and shared by Mark Stockley on LinkedIn)