Stay aware: You can experience an attack from your employee’s vacuum cleaner2020 09 02
Breaking into a computer or phone is not an easy task for even an experienced hacker, so the villains have turned their sight to other devices in recent years. More precisely, billions of them. We are talking about the Internet of Things (IoT) – internet-connected devices that are not usually given much attention to the safety of manufacturers or the people who use them.
Research and consulting giant Gartner estimates that there are currently close to 6 billion IoT devices worldwide. Other research companies provide even higher figures. They include a wide range of devices that can connect to the Internet in one way or another, from baby surveillance cameras, smart lamps, thermometers and other small devices, to voice control assistants, smart vacuum cleaners and TVs.
“Many people do not consider these devices to be computers, although they have all the essential components and, most importantly, can connect to the Internet. This is what attracts hackers: since these devices are unprotected and vulnerable, they can easily be used both by hacking into the home network and in the preparation of large-scale attacks,” says Irmantas Bankauskas, Head of Sales of Baltic Amadeus.
Even the giant companies experience IoT attacks
We could see how powerful and devastating IoT zombie attacks can be many times: from Stuxnet, Silex and Mirai to the latest Dark Nexus, Mukashi, LeetHozer. These networks of infected devices are typically created by scanning the internet and searching for unprotected IoT items that can be accessed using standard, publicly indicated passwords.
With tens or even hundreds of thousands, of such “zombies” being triggered, powerful denial of service (DDoS) attacks are initiated, when a large number of IoT devices simultaneously turn to a specific system. While this attempts to respond to bogus requests for thermometers, cameras and pumps, real users cannot access it. IoT attacks have hurt even giants like Twitter, Reddit, Netflix, Airbnb and others.
“The risk is exacerbated by the fact that there are many types and manufacturers of IoT devices, different operating principles and protocols for each device, encryption methods. If security vulnerabils are discovered on a commercial device, it is difficult to install security updates and the problems remain unresolved. In addition, IoT devices have a larger population of attack vectors, as they often use additional systems, such as a mobile app or online application, which can also be used in attacks,” notes I. Bankauskas..
Breaks into both cameras and thermometers
But DDoS attacks don’t stop – using IoT devices- hackers can break into a corporate or home network and thus access other devices or even internal systems that connect to it.
There were some of such examples. Perhaps the most famous was the case when hackers, connected to the casino aquarium thermometer, managed to drag an internal database with players’ personal data. There have also been repeated reports of violations of baby surveillance cameras that have enabled hackers to monitor or even speak to babies. And here in 2016, the inhabitants of two apartments in the Finnish city of Lapenranta suffered the cold for almost a week, as their thermostats were attacked by hackers.
The expert of Baltic Amadeus highlights that IoT attacks and hacking need not to wait, but to prepare them. “To ensure the security of the company’s devices and systems when people work in the office, it is possible to use a variety of means, from encryption and monitoring of the internal network, to limiting access. However, as a result of quarantine, the removal of workers from home has made this task much more difficult. At the same time, a home network that connects people to internal company systems and sends sensitive data can be used by a dozen other devices that the company’s IT specialists can not monitor or control in any way,” says I. Bankauskas.
There are several solutions. First, use separate Internet access for work purposes, such as mobile Internet. Secondly, ensure communication security through a virtual private network. Thirdly, access to the company’s systems is limited to specific, known installations. Fourthly, to introduce a system that analyses the work of the network and systems to warn of suspicious activity.
Skaistė Krikščiūnaitė to become Baltic Amadeus Head of Marketing2021 06 10
Skaistė Krikščiūnaitė has been appointed the new Head of Marketing at the IT company Baltic Amadeus. Ms Krikščiūnaitė joined the strategic change team of the company, which is currently growing and looking for new personnel, in late June.More
Baltic Amadeus in a Collab with Talend: Helping Organisations Manage Data Chaos2021 06 03
The developer of unique IT solutions, Baltic Amadeus has signed an agreement with the company Talend (NASDAQ: TLND) that provides data management products. The solutions of this world-leading company allow organisations to manage data chaos by ensuring that the data stores across different systems are mutually compatible and fully correct. Talend also helps with the dilemma of processing data in strict legal compliance while at the same time providing their employees with the necessary access to that data.More
Baltic Amadeus Plans an Expansion with New Digital Products2021 05 11
The developer of unique solutions, Baltic Amadeus, reported an income of nearly EUR 11 million in 2020; despite the pandemic, its sales remained stable. To continue its successful export operations, the company in planning to expand in the pan-Baltic region and invest in the development of new digital solutions.More