iot


Ztorg, also known as Qysly, is one of those big families of Android malware. It first appeared in April 2015, and now has over 25 variants, some of which are still active in 2017. Yet, there aren't many technical descriptions for it - except for the initial Ztorg.A sample - so I decided to have a look at one of the newer variants, Android/Ztorg.AM!tr, that we detected on January 20, 2017. The sample poses a "Cool Video Player" and its malicious activity was so well hidden I initially thought I had run into... [Read More]
by RSS Axelle Apvrille  |  Mar 15, 2017  |  Filed in: Security Research
In the part 1 of this blog, we saw that Android/Ztorg.AM!tr silently downloads a remote encrypted APK, then installs it and launches a method named c() in the n.a.c.q class. In this blog post, we’ll investigate what this does. This is the method c() of n.a.c.q: This prints "world," then waits for 200 seconds before starting a thread named n.a.c.a. I'll spare you a few hops, but among the first things we notice is that the sample uses the same string obfuscation routine, except this time it is not... [Read More]
by RSS Axelle Apvrille  |  Mar 15, 2017  |  Filed in: Security Research
IoT security challenges include weak authentication and authorization protocols, insecure software, firmware with hard-coded backdoors, poorly designed connectivity and communications, and little to no configurability. Many devices were developed around chunks of commonly available and largely untested code, compounding security vulnerabilities across thousands of devices sold through dozens of manufacturers. And to make matters worse, IoT devices are often “headless,” with limited power and processing capabilities. This not only means they can [Read More]
by RSS Jonathan Nguyen-Duy  |  Mar 09, 2017  |  Filed in: Industry Trends & News
In the all-out war for data, the healthcare industry is getting hit the hardest. Experian’s fourth annual 2017 Data Breach Industry Forecast states that healthcare organizations will be the most targeted sector for attack, with new and sophisticated attacks emerging. If healthcare organizations and their IT teams aim to keep data safe, they need to take a step back to assess the overall security landscape and the security processes currently in place on a macro level. [Read More]
by RSS Susan Biddle  |  Mar 03, 2017  |  Filed in: Industry Trends & News
Tags: IoT healthcare
For the enterprise, we recommend a three phase approach to security based around learning what is on your network, dividing the network into separated segments, and then implementing appropriate security that provides critical protections without compromising functionality and interoperability. [Read More]
by RSS Anthony Giandomenico  |  Mar 02, 2017  |  Filed in: Industry Trends & News
X-ray image of installed pacemaker showing wire routing - Image from Wikipedia A few days ago, journalists reported a man had been charged with arson using data retrieved from his own pacemaker (see here). One article showed a "funny" image of a man's chest with stitches to insert or access the pacemaker. This, and the comments, led me to some research on pacemakers. No, you don't need to open the patient to retrieve data from the pacemaker Pacemakers transmit data over radio frequencies. They typically use the 402-405... [Read More]
by RSS Axelle Apvrille  |  Feb 27, 2017  |  Filed in: Security Research
According to IBM’s 2016 Cyber Security Intelligence Index report, cyber criminals attacked healthcare more than any other industry last year, with more than 100 million healthcare records being compromised. As the use of IoT devices continues to grow in hospitals, we talked to Roger Bailey about the risks, and how to secure these increasingly distributed healthcare environments. Q&A with Roger Bailey, Sales Engineer at Fortinet How is IoT growing in the world of healthcare? There are two sides to IoT in hospitals – the customer... [Read More]
by RSS Darlene Gannon  |  Feb 23, 2017  |  Filed in: Industry Trends & News
The healthcare industry continues to ride the digital wave to improve patient care and organizational efficiency in addition to reducing costs. Hospitals and health systems are relying on electronic health records (EHRs), the cloud, and the Internet of Things (IoT) more than ever. While these technologies are convenient, efficient, and enable a higher degree of patient-centric care, they can be jeopardized by cybercriminals. Stolen patient data can easily be sold on the dark web to criminals looking to extort money, commit identify fraud, spearphish,... [Read More]
by RSS Susan Biddle  |  Feb 20, 2017  |  Filed in: Industry Trends & News
RSA 2017 is a wrap. The final sessions are being recorded, the coat check area is filled with luggage, and the smell of propane is filling the show floors as forklifts begin to deliver packing crates to this year’s crop of security vendors. As expected, the hottest security topics and offerings were related to IoT and the cloud. Threat intelligence and SOCs were also top of mind as companies try to get a handle on the deluge of data and devices flooding their networks. In spite of the veneer of innovation, however, for far too many vendors... [Read More]
by RSS Bill McGee  |  Feb 16, 2017  |  Filed in: Industry Trends & News
By now, everyone has heard the numbers. IoT is part of a networking revolution that is transforming the world. Experts predict that by 2020 there will be over 33 billion IoT devices deployed, or 4.3 Internet-connected devices for every man, woman, and child on the planet. Of course, IoT is more than just one thing. There are a variety of IoT devices and categories, each with their own implications. Consumer IoT includes the connected devices we are most familiar with, such as smart cars, phones, watches, laptops, connected appliances, and... [Read More]
by RSS John Maddison  |  Feb 15, 2017  |  Filed in: Industry Trends & News