This week’s Security Central takes a look at five congressional IT contractors currently under federal investigation, examines the newly formed IoT Cybersecurity Alliance and peeks inside findings from Avira explaining why borders matter when it comes to malware.
Five U.S. Capitol IT contractors are under investigation by federal law enforcement officials for alleged cyber shenanigans involving the computer network of the House of Representatives. The contractors provide IT services for approximately 40 Democratic members of the House. The contractors are being accused of a number of shady things, such as unauthorized access to the House computer network, swiping sensitive information and transferring it to an external cloud server, stealing computers and servers amounting to hundreds of thousands of dollars and making unapproved IT-related purchases on behalf of government clients.
The instances of unauthorized access and the House information stored in an external cloud server are of particular concern, as it puts the House at an incredible risk for exposure. This has of course further fried the nerves of folks on Capitol Hill who have endured one high-profile political attack after another. While no arrests have been made, the IT contractors’ access and privileges have been barred by House officials as authorities look into the matter.
“At the request of Members of Congress, the United States Capitol Police are investigating the actions of House IT support staff,” US Capitol Police spokesperson Eva Malecki told BuzzFeed News. “No Members are being investigated. No arrests have been made. It should be noted that, administratively, House staff were asked to update their security settings as a best practice. We have no further comment on the ongoing investigation at this time.”
Police and others investigating the suspicious activity have speculated that the contractors could potentially be a front for an organization attempting to steal sensitive information from the U.S. Congress. At this time, though, lawmakers and other staff have been encouraged to change their passwords and hang tight. “They said it was some sort of procurement scam, but now I’m concerned that they may have stolen data from us, emails, who knows,” one lawmaker stated.
Perhaps this is the kick in the pants the new administration and federal agency directors need to develop their own plans to get their infrastructure up to snuff. It will certainly be interesting to see how this story develops, and if anything changes because of it. To be hit from the inside - that's got to sting a bit.
Our second story takes a look at a recently-formed power group made up of cybersecurity industry heavy-hitters. AT&T, IBM, Nokia, Palo Alto Networks, Symantec and Trustonic have joined forces to launch what they’re calling the IoT Cybersecurity Alliance, which is intended to drive education and awareness in terms of better securing the IoT ecosystem. As we move further into the age of IoT, massive amounts of data will be flowing to and from connected devices and sensors, which of course means that the amount of security risks will increase exponentially.
It’s already starting. In the past 3 years, AT&T has seen a 3,198 percent increase in attackers scanning for vulnerabilities in IoT devices. According to the telecom giant, business leaders are well aware of the potential havoc that IoT devices without the proper security framework built in could wreak, and the disastrous effects it could have on their organizations. However, according to a survey conducted by AT&T in 2016, 58 percent of those leaders stated that they were not confident in the security of their IoT devices.
“The explosive growth in the number of IoT devices is only expected to continue; therefore, so must the associated cybersecurity protections,” said Mo Katibeh, AT&T senior vice president of Advanced Solutions. “Today’s businesses are connecting devices ranging from robots on factory floors to pacemakers and refrigerators. Helping these organizations stay protected requires innovation across the whole IoT ecosystem to enable sustainable growth.”
The IoT Cybersecurity Alliance will focus on researching security challenges of IoT across several important verticals and use cases in order to solve potential security issues at every critical layer. Specifically, the goals of the Alliance are to:
- Collaborate and research security challenges of IoT across important verticals and use cases in order to identify ways to implement security across the value chain.
- Dissect and solve for IoT security problems at every critical layer of security. These include the endpoint, connectivity, cloud, and data/application layers.
- Make security easy to access across the ecosystem, and emphasize that security needs to exist across the value chain. Users will benefit from innovative IoT services and infrastructures that can withstand the ever-evolving threat landscape.
- Influence security standards and policies. Using each group member’s leadership and expertise will raise awareness of cybersecurity and educate organizations on how to maximize the advantages of IoT while keeping themselves and customers more secure.
IoT offers tremendous benefits and efficiencies to businesses, but security concerns often prevent businesses from adopting these emerging technologies. This is where channel partners have a chance to step in. The increase in IoT devices and data is already transforming the way business is conducted, and therefore has forced channel partners to shift their focus from delivering simple products, solutions and software to holistic business outcomes. It seems, in this new IoT landscape, that both the channel and the Cybersecurity Alliance have similar goals: to peel back the layers of security - every last one of them - and shove them under a microscope in order to help educate businesses and consumers on how to best protect their connections.
We end the week with a quick geography lesson. In honor of Safer Internet Day, which occurred on Tuesday, Avira posted a blog focused on why borders matter when it comes to malware. The post breaks down the continuing role geography plays in determining what types of malware people are exposed to.
Avira tallied the number of malware attacks over the course of a month, and found that people received a different assortment of malware based on their geographic location. “While we think of the internet as a border-less phenomena, our data shows there are real and significant differences by country,” said Alexander Vukcevic, Director Avira Virus Labs. “But if you look at these threats by country and think about what is needed to defend against each of them, you can get a good international boost to your security.”
Here are some interesting takeaways from the U.S. and some key EU countries:
- Don’t forget the basics (USA) – The continued popularity of malware that injects malicious code in system files, like Win32/Patched does in the United States, shows that classic threats are still going strong. It is critical to have a recognized antivirus app in place on your device to stop incoming threats and identify infected websites. AV may not seem fashionable, but it’s still essential.
- Stay updated easily and always (Germany) – Exploit kits look for a long laundry list of vulnerabilities in each computer. HTML/ExpKit.Gen, quite common in Germany, is spread through compromised webpages. Since the exact vulnerability targeted by an Exploit kit can be customized on short notice, the best defense is to keep your device automatically up-to-date with a software updater.
- Open with care (Italy) – Emails containing infected links and bogus phishing requests are a traditional, yet very fashionable way to catch unwary internet users. It could be DR/PSW.Delf.Cpm out to steal passwords or it could be the latest ransomware variant. If an email looks suspicious or has an unusual attachment, do a double check of the file with your Avira product or just delete it.
- Don’t be so social (France) – Using USB memory sticks to transfer files between devices is not risk-free. As a worm, the Verecno can be spread automatically once the memory stick has been inserted into the device. Do you know where that USB stick has been before?
- Download carefully (UK) – A Potentially Unwanted Application downloads are not directly dangerous like ransomware, but they can bring in a host of unwanted additional software components like apps, toolbars, and advertisements into the device, slow it down to a crawl, do user profiling and really disrupt the user experience. PUA apps are best avoided by carefully checking default options while downloading apps.
So, when it comes to malware, borders are more important than you'd think. Make every day a Safer Internet Day.
The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.