In an investigative article, TechHive's Caitlin McGarry notes how "over the last few years, companies have used the International CES [Consumer Electronics Show] to show off all types of Internet-connected hardware -- the usual suspects like phones, tablets, and PCs, but also TVs, thermostats and smoke alarms, not to mention cars, refrigerators, lightbulbs, and yes, even Bluetooth-enabled toothbrushes. It exists, therefore it is connected to the Web."
McGarry's reporting then seeks to answer the question, 'But after every device we own has been hooked up to the Internet, what then?', by examing how, this year, companies took to to the CES show floor especially geared up to show how "...smart gadgets "can [now] flawlessly talk to each other to fully automate our lives." Top topics of consideration include "the universal remote" for media devices, and how "smart can [also] be practical."
In related news, as reported by tongue-in-cheek Silicon Valley chronicler Valleywag, Google has just agreed to pay $3.2 billion in cash to buy Nest Labs, the makers of "unloved but important" home devices like thermostats and smoke alarms, "i.e. hardware that could help save and improve lives for a huge demographic of homeowners."
When Google pays $3.2 billion for a thermostat, you know the Internet of Things is real.
Related News: Corning touts Thunderbolt optical cabling at CES 2014
CES 2014: Amendment to 802.11ac spec unveils MU MIMO technology
Wednesday, January 15, 2014
Friday, January 10, 2014
Escalating Target data breach (110M and *ulp* rising) exposes major security threat of POS malware, botnets
USA Today reports that Target says its data breach has now reached 110 million customers who had personal information stolen in it is credit/debit card data breach, escalating numbers from previous estimates of 40 million, and then, 70 million cards affected.
TechRepublic's Michael Kassner has the additional reporting: PoS malware and botnets abound.
As reported by Kassner:
Some fallout from the Target data breach has been the acknowledgment that PoS systems are under attack. This US-Cert bulletin from January 2nd mentions:
“For quite some time, cyber criminals have been targeting consumer data entered in PoS systems. In some circumstances, criminals attach a physical device to the PoS system to collect card data. In other cases, cyber criminals deliver malware which acquires card data as it passes through a PoS system.”
The US-Cert quote is an opportunity [...] to introduce Dexter. The PoS malware referenced in the bulletin. Researchers, with Arbor’s Security Engineering and Response Team, in early 2013 discovered servers hosting Dexter.
Dexter steals the process list from the infected computer, and dissects memory dumps looking for the track one and two data I mentioned earlier. At a certain point, the infected machine sends the captured data to the attackers’ command and control server. After which the criminals are free to use the information to clone new cards. The unfortunate thing is that as of yet, no one understands how the malware makes its way into the PoS system.
[However], it seems the bad guys are not content with their success, deciding to bring their game to the next level—PoS botnets.
This from ArsTechnica:
“Underscoring the growing sophistication of Internet crime, researchers have documented one of the first known botnets to target PoS terminals.”
Dan Goodin in the ArsTechnica post mentioned that Dexter went through a major revision, and now incorporates botnet malcode. Grouping all the infected machines into a botnet is beneficial in that it allows the bad guys to monitor, in real time, the goings on of all the infected machines. It also allows the bot masters to issue commands that immediately propagate to all member bots. To put it simply, using botnet technology helps the bad guys steal more money, while improving their odds of avoiding detection.
TechRepublic's Michael Kassner has the additional reporting: PoS malware and botnets abound.
As reported by Kassner:
Some fallout from the Target data breach has been the acknowledgment that PoS systems are under attack. This US-Cert bulletin from January 2nd mentions:
“For quite some time, cyber criminals have been targeting consumer data entered in PoS systems. In some circumstances, criminals attach a physical device to the PoS system to collect card data. In other cases, cyber criminals deliver malware which acquires card data as it passes through a PoS system.”
The US-Cert quote is an opportunity [...] to introduce Dexter. The PoS malware referenced in the bulletin. Researchers, with Arbor’s Security Engineering and Response Team, in early 2013 discovered servers hosting Dexter.
Dexter steals the process list from the infected computer, and dissects memory dumps looking for the track one and two data I mentioned earlier. At a certain point, the infected machine sends the captured data to the attackers’ command and control server. After which the criminals are free to use the information to clone new cards. The unfortunate thing is that as of yet, no one understands how the malware makes its way into the PoS system.
[However], it seems the bad guys are not content with their success, deciding to bring their game to the next level—PoS botnets.
This from ArsTechnica:
“Underscoring the growing sophistication of Internet crime, researchers have documented one of the first known botnets to target PoS terminals.”
Dan Goodin in the ArsTechnica post mentioned that Dexter went through a major revision, and now incorporates botnet malcode. Grouping all the infected machines into a botnet is beneficial in that it allows the bad guys to monitor, in real time, the goings on of all the infected machines. It also allows the bot masters to issue commands that immediately propagate to all member bots. To put it simply, using botnet technology helps the bad guys steal more money, while improving their odds of avoiding detection.
Subscribe to:
Posts (Atom)
