The Ultimate Guide to Cybersecurity for Travelers

As Christmas approaches, you may be booking a much-needed getaway. You might be flying back home or somewhere more exotic. You prepared intensely, and you are ready to go on an adventure. But how about security? Read our ultimate guide to cybersecurity for travelers and learn more about great habits on the go.

Failing to take the correct precautions can result in loss of your data, privacy, and ultimately, your money. Probably the worst time for this to happen is when you are on the road. Unfortunately, this is one of the times when you are most susceptible.

Most people when they travel now are bringing their phones, laptops, iPads, iPods, smartwatches, cameras, the list of gadgets is only growing. If your home is all set up with protection against web threats, you’re just halfway there to being adequately protected. Your devices are susceptible to the same risks even when you are away. 

Don’t let your diligence go out the window on your holiday. Before you leave, educate yourself on the do’s and don’ts of cybersecurity. 

What you should know about cybersecurity for travelers?

  • Backup your data. In case you lose any devices while traveling (read this article in case that happens), make sure you don’t lose all your data as well.
  • Use an external cloud-based drive such as Dropbox, so that you can access your data from another device when you get home.
  • Remove sensitive data from the devices you are using while traveling. It will make sure that anyone who finds your device isn’t able to see all of your private information.
  • Implement it authentication for your accounts. It is an easy way to ensure that even if someone gains access to your passwords, there is still another step to authenticate that only you are accessing your email, online banking, and social media.
  • Use apps like Google Authenticator or Authy to put another barrier between your accounts and malicious hackers.
  • Make sure all of your devices are locked. The is essential for the same reasons as 2FA. Adding a passcode requirement to your phone, tablet, laptop, etc. ensures that there is no security breach if you lose them or they are stolen while abroad.

 

While you’re away:

  • Don’t overshare. We want all of our social media networks to get jealous of our poolside pina coladas or the delicious turkey dinner you made for your family. But this can be dangerous, especially if you are checking in to various locations, sharing photos, are making posts about the dates you will be away. You are letting hackers, cyberstalkers, and real-life criminals know that your house is unattended and exactly where you are at all times.
  • Do not check in places. Only post photos after you return home, safe and sound.
  • Make sure your neighbors know that you will be away and ask them to let you know if they see anything suspicious.
  • Do not connect to public wifi. Hotel, coffee shop, airport wifi is convenient, it is true. It is very dangerous. Hackers, which can intercept your connection with different kinds of attacks. Read more about these problems here.
  • If you absolutely have to use a public network, do not do anything that requires you to input sensitive information, for example, online shopping or online banking. You never know who could have intercepted your connection and now has access to all the information you input on these sites.
  • Use a VPN. A virtual private network routes your traffic through a middleman server. You can use either a paid or unpaid service depending on your needs.
  • Disable auto connect. Many phones give you the option to automatically connect to wifi or Bluetooth as you pass by it. It is convenient at home but is dangerous when you are traveling (for the reasons I mentioned above). You never know what malicious networks you could be connecting to while on the go. A hacker could be collecting your data without you even knowing it.  

 

     

    Read more about how to protect yourself, your family, and your privacy here, and tell us how you are planning to spend the happiest time of the year in the comments!

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

    This is a guest post by Elie Bursztein who writes about security and anti-abuse research. It was first published on his blog and has been lightly edited.

    This post provides a retrospective analysis of Mirai — the infamous Internet-of-Things botnet that took down major websites via massive distributed denial-of-service using hundreds of thousands of compromised Internet-Of-Things devices. This research was conducted by a team of researchers from Cloudflare (Jaime Cochran, Nick Sullivan), Georgia Tech, Google, Akamai, the University of Illinois, the University of Michigan, and Merit Network and resulted in a paper published at USENIX Security 2017.

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

    At its peak in September 2016, Mirai temporarily crippled several high-profile services such as OVH, Dyn, and Krebs on Security via massive distributed Denial of service attacks (DDoS). OVH reported that these attacks exceeded 1 Tbps—the largest on public record.

    What’s remarkable about these record-breaking attacks is they were carried out via small, innocuous Internet-of-Things (IoT) devices like home routers, air-quality monitors, and personal surveillance cameras. At its peak, Mirai infected over 600,000 vulnerable IoT devices, according to our measurements.

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis This blog post follows the timeline above

    • Mirai Genesis: Discusses Mirai’s early days and provides a brief technical overview of how Mirai works and propagates.
    • Krebs on Security attack: Recounts how Mirai briefly silenced Brian Krebs website.
    • OVH DDoS attack: Examines the Mirai author’s attempt to take down one of the world’s largest hosting providers.
    • The rise of copycats: Covers the Mirai code release and how multiple hacking groups end-up reusing the code. This section also describes the techniques we used to track down the many variants of Mirai that arose after the release. Finally, this section discusses the targets and the motive behind each major variants.
    • Mirai’s takedown of the Internet: Tells the insider story behind Dyn attacks including the fact that the major sites (e.g., Amazon) taken down were just massive collateral damage.
    • Mirai’s attempted takedown of an entire country: Looks at the multiple attacks carried out against Lonestar, Liberia’s largest operator.
    • Deutsche Telekom goes dark: Discusses how the addition of a router exploit to one of the Mirai variant brought a major German Internet provider to its knees.
    • Mirai original author outed?: Details Brian Krebs’ in-depth investigation into uncovering Mirai’s author.
    • Deutsche Telekom attacker arrested: Recounts the arrest of the hacker who took down Deutsche Telekom and what we learned from his trial.

    Mirai Genesis

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

    The first public report of Mirai late August 2016 generated little notice, and Mirai mostly remained in the shadows until mid-September. At that time, It was propelled in the spotlight when it was used to carry massive DDoS attacks against Krebs on Security the blog of a famous security journalist and OVH, one of the largest web hosting provider in the world.

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

    While the world did not learn about Mirai until at the end of August, our telemetry reveals that it became active August 1st when the infection started out from a single bulletproof hosting IP. From thereon, Mirai spread quickly, doubling its size every 76 minutes in those early hours.

    By the end of its first day, Mirai had infected over 65,000 IoT devices. By its second day, Mirai already accounted for half of all Internet telnet scans observed by our collective set of honeypots, as shown in the figure above. At its peak in November 2016 Mirai had infected over 600,000 IoT devices.

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

    Retroactively looking at the infected device services banners using Censys’ Internet-wide scanning reveals that most of the devices appear to be routers and cameras as reported in the chart above. Each type of banner is represented separately as the identification process was different for each so it might be that a device is counted multiple times. Mirai was actively removing any banner identification which partially explains why we were unable to identify most of the devices.

    Before delving further into Mirai’s story, let’s briefly look at how Mirai works, specifically how it propagates and its offensive capabilities.

    How Mirai works

    At its core, Mirai is a self-propagating worm, that is, it’s a malicious program that replicates itself by finding, attacking and infecting vulnerable IoT devices. It is also considered a botnet because the infected devices are controlled via a central set of command and control (C&C) servers. These servers tell the infected devices which sites to attack next. Overall, Mirai is made of two key components: a replication module and an attack module.

    Replication module

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

    The replication module is responsible for growing the botnet size by enslaving as many vulnerable IoT devices as possible. It accomplishes this by (randomly) scanning the entire Internet for viable targets and attacking. Once it compromises a vulnerable device, the module reports it to the C&C servers so it can be infected with the latest Mirai payload, as the diagram above illustrates.

    To compromise devices, the initial version of Mirai relied exclusively on a fixed set of 64 well-known default login/password combinations commonly used by IoT devices. While this attack was very low tech, it proved extremely effective and led to the compromise of over 600,000 devices. For more information about DDoS techniques, read this Cloudflare primer.

    Attack module

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

    The attack module is responsible for carrying out DDoS attacks against the targets specified by the C&C servers. This module implements most of the code DDoS techniques such as HTTP flooding, UDP flooding, and all TCP flooding options. This wide range of methods allowed Mirai to perform volumetric attacks, application-layer attacks, and TCP state-exhaustion attacks.

    Krebs on Security attack

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

    Krebs on Security is Brian Krebs’ blog. Krebs is a widely known independent journalist who specializes in cyber-crime. Given Brian’s line of work, his blog has been targeted, unsurprisingly, by many DDoS attacks launched by the cyber-criminals he exposes. According to his telemetry (thanks for sharing, Brian!), his blog suffered 269 DDOS attacks between July 2012 and September 2016. As seen in the chart above, the Mirai assault was by far the largest, topping out at 623 Gbps.

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

    Looking at the geolocation of the IPs that targeted Brian’s site reveals that a disproportionate number of the devices involved in the attack are coming from South American and South-east Asia. As reported in the chart above Brazil, Vietnam and Columbia appear to be the main sources of compromised devices.

    One dire consequence of this massive attack against Krebs was that Akamai, the CDN service that provided Brian’s DDoS protection, had to withdraw its support. This forced Brian to move his site to Project Shield. As he discussed in depth in a blog post, this incident highlights how DDoS attacks have become a common and cheap way to censor people.

    OVH attack

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

    Brian was not Mirai’s first high-profile victim. A few days before he was struck, Mirai attacked OVH, one of the largest European hosting providers. According to their official numbers, OVH hosts roughly 18 million applications for over one million clients, Wikileaks being one of their most famous and controversial.

    We know little about that attack as OVH did not participate in our joint study. As a result, the best information about it comes from a blog post OVH released after the event. From this post, it seems that the attack lasted about a week and involved large, intermittent bursts of DDoS traffic that targeted one undisclosed OVH customer.

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

    Octave Klaba, OVH’s founder, reported on Twitter that the attacks were targeting Minecraft servers. As we will see through this post, Mirai has been extensively used in gamer wars and is likely the reason why it was created in the first place.

    According to OVH telemetry, the attack peaked at 1TBs and was carried out using 145,000 IoT devices. While the number of IoT devices is consistent with what we observed, the volume of the attack reported is significantly higher than what we observed with other attacks. For example, as mentioned earlier, Brian’s one topped out at 623 Gbps.

    Regardless of the exact size, the Mirai attacks are clearly the largest ever recorded. They dwarf the previous public record holder, an attack against Cloudflare that topped out at ~400Gpbs.

    The rise of copycats

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

    In an unexpected development, on September 30, 2017, Anna-senpai, Mirai’s alleged author, released the Mirai source code via an infamous hacking forum. He also wrote a forum post, shown in the screenshot above, announcing his retirement.

    This code release sparked a proliferation of copycat hackers who started to run their own Mirai botnets. From that point forward, the Mirai attacks were not tied to a single actor or infrastructure but to multiple groups, which made attributing the attacks and discerning the motive behind them significantly harder.

    Clustering Mirai infrastructure

    To keep up with the Mirai variants proliferation and track the various hacking groups behind them, we turned to infrastructure clustering. Reverse engineering all the Mirai versions we can find allowed us to extract the IP addresses and domains used as C&C by the various hacking groups than ran their own Mirai variant. In total, we recovered two IP addresses and 66 distinct domains.

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

    Applying DNS expansion on the extracted domains and clustering them led us to identify 33 independent C&C clusters that had no shared infrastructure. The smallest of these clusters used a single IP as C&C. The largest sported 112 domains and 92 IP address. The figure above depicts the six largest clusters we found.

    These top clusters used very different naming schemes for their domain names: for example, “cluster 23” favors domains related to animals such as 33kitensspecial.pw, while “cluster 1” has many domains related to e-currencies such as walletzone.ru. The existence of many distinct infrastructures with different characteristics confirms that multiple groups ran Mirai independently after the source code was leaked.

    Clusters over time

    Looking at how many DNS lookups were made to their respective C&C infrastructures allowed us to reconstruct the timeline of each individual cluster and estimate its relative size. This accounting is possible because each bot must regularly perform a DNS lookup to know which IP address its C&C domains resolves to.

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

    The chart above reports the number of DNS lookups over time for some of the largest clusters. It highlights the fact that many were active at the same time. Having multiple variants active simultaneously once again emphasizes that multiple actors with different motives were competing to infect vulnerable IoT devices to carry out their DDoS attacks.

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

    Plotting all the variants in the graph clearly shows that the ranges of IoT devices infect by each variant differ widely. As the graph above reveals, while there were many Mirai variants, very few succeeded at growing a botnet large enough to take down major websites.

    From cluster to motive

    Notable clusters

    Cluster Notes
    6 Attacked Dyn and gaming related targets
    1 Original botnet. Attacked Krebs and OVH
    2 Attacked Lonestar Cell

     

    Looking at which sites were targeted by the largest clusters illuminates the specific motives behind those variants. For instance, as reported in the table above, the original Mirai botnet (cluster 1) targeted OVH and Krebs, whereas Mirai’s largest instance (cluster 6) targeted DYN and other gaming-related sites. Mirai’s third largest variant (cluster 2), in contrast, went after African telecom operators, as recounted later in this post.

    Target Attacks Clusters Notes
    Lonestar Cell 616 2 Liberian telecom targeted by 102 reflection attacks
    Sky Network 318 15, 26, 6 Brazilian Minecraft servers hosted in Psychz Networks data centers
    104.85.165.1 192 1, 2, 6, 8, 11, 15 … Unknown router in Akamai’s network
    feseli.com 157 7 Russian cooking blog
    Minomortaruolo.it 157 7 Italian politician site
    Voxility hosted C2 106 1, 2, 6, 7, 15 … Known decoy target
    Tuidang websites 100 HTTP attacks on two Chinese political dissidence sites
    execrypt.com 96 -0- Binary obfuscation service
    Auktionshilfe.info 85 2, 13 Russian auction site
    houtai.longqikeji.com 85 25 SYN attacks on a former game commerce site
    Runescape 73 World 26th of a popular online game
    184.84.240.54 72 1, 10, 11, 15 … Unknown target hosted at Akamai
    antiddos.solutions 71 AntiDDoS service offered at react.su.

    Looking at the most attacked services across all Mirai variants reveals the following:

    1. Booter services monetized Mirai: The wide diversity of targets shows that booter services ran at least some of the largest clusters. A booter service is a service provided by cyber criminals that offers on-demand DDoS attack capabilities to paying customers.
    2. There are fewer actors than clusters: Some clusters have strong overlapping targets, which tends to indicate that they were run by the same actors. For example, clusters 15, 26, and 6 were used to target specific Minecraft servers.

    Mirai’s takedown of the Internet

    On October 21, a Mirai attack targeted the popular DNS provider DYN. This event prevented Internet users from accessing many popular websites, including AirBnB, Amazon, Github, HBO, Netflix, Paypal, Reddit, and Twitter, by disturbing the DYN name-resolution service.

    We believe this attack was not meant to “take down the Internet,” as it was painted by the press, but rather was linked to a larger set of attacks against gaming platforms.

    We reached this conclusion by looking at the other targets of the DYN variant (cluster 6). They are all gaming related. Additionally, this is also consistent with the OVH attack as it was also targeted because it hosted specific game servers as discussed earlier. As sad as it seems, all the prominent sites affected by the DYN attack were apparently just the spectacular collateral damage of a war between gamers.

    Mirai’s attempted takedown of an entire country’s network? October 31

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

    Lonestar Cell, one of the largest Liberian telecom operators started to be targeted by Mirai on October 31. Over the next few months, it suffered 616 attacks, the most of any Mirai victim.

    The fact that the Mirai cluster responsible for these attack has no common infrastructure with the original Mirai or the DYN variant indicate that they were orchestrated by a totally different actor than the original author.

    A few weeks after our study was published, this assessment was confirmed when the author of one of the most aggressive Mirai variant confessed during his trial that he was paid to takedown Lonestar. He acknowledged that an unnamed Liberia’s ISP paid him $10,000 to take out its competitors. This validated that our clustering approach is able to accurately track and attribute Mirai’s attacks.

    Deutsche Telekom going dark

    On November 26, 2016, one of the largest German Internet provider Deutsche Telekom suffered a massive outage after 900,000 of its routers were compromised.

    Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

    Ironically, this outage was not due to yet another Mirai DDoS attack but instead due to a particularly innovative and buggy version of Mirai that knocked these devices offline while attempting to compromise them. This variant also affected thousands of TalkTalk routers.

    What allowed this variant to infect so many routers was the addition to its replication module of a router exploit targeting at the CPE WAN Management Protocol (CWMP). The CWMP protocol is an HTTP-based protocol used by many Internet providers to auto-configure and remotely manage home routers, modems, and other customer-on-premises (CPE) equipment.

    Beside its scale, this incident is significant because it demonstrates how the weaponization of more complex IoT vulnerabilities by hackers can lead to very potent botnets. We hope the Deutsche Telekom event acts as a wake-up call and push toward making IoT auto-update mandatory. This is much needed to curb the significant risk posed by vulnerable IoT device given the poor track record of Internet users manually patching their IoT devices.

    Mirai original author outed?

    In the months following his website being taken offline, Brian Krebs devoted hundreds of hours to investigating Anna-Senpai, the infamous Mirai author. In early January 2017, Brian announced that he believes Anna-senpai to be Paras Jha, a Rutgers student who apparently has been involved in previous game-hacking related schemes. Brian also identified Josia White as a person of interest. After being outed, Paras Jha and Josia White and another individual were questioned by authorities and plead guilty in federal court to a variety of charges, some including their activity related to Mirai.

    Deutsche Telekom attacker arrested

    In November 2016, Daniel Kaye (aka BestBuy) the author of the Mirai botnet variant that brought down Deutsche Telekom was arrested at the Luton airport. Prior to Mirai, a 29-year-old British citizen was infamous for selling his hacking services on various dark web markets.

    In July 2017 a few months after being extradited to Germany Daniel Kaye plead guilty and was sentenced to a one year and a half imprisonment with suspension. During the trial, Daniel admitted that he never intended for the routers to cease functioning. He only wanted to silently control them so he can use them as part of a DDoS botnet to increase his botnet firepower. As discussed earlier he also confessed being paid by competitors to takedown Lonestar.

    In Aug 2017 Daniel was extradited back to the UK to face extortion charges after attempting to blackmail Lloyds and Barclays banks. According to press reports, he asked the Lloyds to pay about £75,000 in bitcoins for the attack to be called off.

    Takeways

    The prevalence of insecure IoT devices on the Internet makes it very likely that, for the foreseeable future, they will be the main source of DDoS attacks.

    Mirai and subsequent IoT botnets can be averted if IoT vendors start to follow basic security best practices. In particular, we recommend that the following should be required of all IoT device makers:

    • Eliminate default credentials: This will prevent hackers from constructing a credential master list that allows them to compromise a myriad of devices as MIRAI did.
    • Make auto-patching mandatory: IoT devices are meant to be “set and forget,” which makes manual patching unlikely. Having them auto-patch is the only reasonable option to ensure that no widespread vulnerability like the Deutsche Telekom one can be exploited to take down a large chunk of the Internet.
    • Implement rate limiting: Enforcing login rate limiting to prevent brute-force attack is a good way to mitigate the tendency of people to use weak passwords. Another alternative would be using a captcha or a proof or work.

    Thank you for reading this post until the end!

    Smart Parent Guide: How to talk to your child about the dangers online?

    We use the internet for everything; shopping, researching, socializing, learning, navigating. The same is true for our kids. They use the internet to play games, talk to their friends, and do their homework. And kids are curious, wanting to learn and discover the world around them. Of course, we want to encourage this as much as possible.

    The problem with this is that the internet can be a dangerous place. Unfortunately, just as in the real world, there are criminals on the internet looking to take advantage of innocence and trust.

    With great power comes great responsibility.

    In addition to possible predators, cyberbullying has also received a lot of media attention in recent years. Social media makes it easy for peers and even strangers to be cruel while hidden safely behind a computer screen.

    Obviously, we want to protect our kids from these dangers, but where to start? This guide will give you a starting point to help your kids navigate the internet:

     

    The Internet may also open the door for things we don’t want our kids to see or be exposed to at an early age.

    Educate yourself

    As with anything, you should understand the dangers that your kids could face and the possible solutions.

    • Figure out what kind of devices your kids are actually using and what they can do. For example, if your child plays video games, see if those games connect to the internet and if they are multiplayer games. This allows other players to contact your child without you knowing it.
    • This site is a great place to start, for both educating yourself and your children about being safe online. It offers tons of resources, teaching tools, and courses.

     

    Educate your kids on using today’s technology.

    Educate your kids on using today’s technology.

    Talk about the potential dangers

    • The tired old saying “communication is a key” really applies here. Letting your kids know that there are real dangers on the Internet can help them make smart choices, rather than resenting you for putting rules in place.
    • Explicitly tell your kids which information they can and cannot share online, and why. Passwords, addresses, phone numbers, etc. should never be shared, although it seems self-explanatory, it may not be to younger kids.
    • Make sure your kids know that anything they post is publicly and permanently visible to anyone on the internet. What they post now could affect them for years down the line, and this is a very important point to stress. Although if pictures and posts may not seem like a big deal now, they could come back to bite them.
    • An important point to mention is that if you wouldn’t do it in person, you shouldn’t do it online.

     

    Tell your kids which information they can and cannot share online.

    Tell your kids which information they can and cannot share online.

    Make your expectations clear

    • Set up a set of rules that your kids agree to follow to ensure their safety. These rules should change as your children grow, but should always be straightforward.
    • Check out this informative site that can provide you with a “Family Contract for Online Safety”. It outlines a list of rules that kids should be following, such as only downloading things with explicit permission and never ever giving out passwords. It also gives a list of rules that parents should follow to help keep their kids safe, such as “try to get to know my child’s “online friends” just as I try to get to know his or her other friends”. Apparently, these rules are up to you- decide what works best for your family and stick with it.  

     

    Set up a set of rules that your kids agree to follow to ensure their safety.

    Set up a set of rules that your kids agree to follow to ensure their safety.

    Designate times and uses

    • Based on your set of rules, set up designated times that your kids can and cannot use the internet. For example, no phone or laptops after 9 pm. This works because it helps kids wind down screen-free before bedtime, and also gives you the peace of mind that they aren’t staying up into the wee hours on sketchy sites.
    • Decide what your children should be using a computer to do. Do they need it to complete their homework, play games, or watch movies in their room? Perhaps, you will decide that it is best for them to watch movies in the family room, where parents and siblings can monitor what they are seeing, or that they must complete all homework before checking social media.  
    • For teens, apps such as Self Control allow them to blacklist certain sites for a period of time, which can help cut out social media and streaming while they are getting homework done (distractions from productivity, like these adorable videos).

     

    Talk to your kids about online safety.

    Talk to your kids about online safety.

    Think about setting up parental controls

    • Parental controls allow you to block certain sites. You can start by asking your ISP what it offers in terms of filtering and blocking certain content. Most ISPs do. You can choose to block specific inappropriate content such as ‘pornography’ or ‘racism’. Check out this guide to parental controls.
    • This may or may not be necessary, depending on your kids’ age and your family. These will obviously work betters on toddlers as opposed to teens.
    • It is important to mention that the blacklists are imperfect and may block some good content while letting some bad content through. Whitelists are very limiting. That’s why it’s so important to take the time to educate your kids instead of relying only on these controls. Even if something sketchy happens, your kids will know what to.

     

    Ask your ISP what it offers in terms of filtering and blocking certain content.

    Ask your ISP what it offers in terms of filtering and blocking certain content.

    Keep an eye on your kids’ interactions

    • There is a fine line between invasive spying and checking up on your kids’ accounts, which is important to do. Create an account and friend your children on their social media accounts; Snapchat, Facebook, Instagram, Vine. Chances are your children has all of them, and make sure you know what is going on there. This should be a condition to creating accounts on any of these platforms.
    • As I mentioned earlier, make some attempt to get to know your child’s online friends in the same way you would get to know their school friends. This may be difficult but is worth a try for the peace of mind.

     

    Keep an eye on your kids’ interactions.

    Keep an eye on your kids’ interactions.

    Make sure your kids know they can come to you if something seems off

    • After all of this, your child still may end up in an unsafe situation. Some things, like cyberbullying, find a way regardless of your attempts to shelter your children from it.
    • What you can do is make sure that your child knows they can come to you for help, without judgment. If you know about the situation, you can help them find a mature and safe way to deal with it. In this case, ignorance definitely is not a bliss.

    TIME says: “The biggest key to keeping your children safe online isn’t walling off the Internet or crippling their computers (though a little bit of that can help), it’s helping them understand how big the world is, and which places within it are safe to roam”.

    For more tips on how to stay safe from hackers and other dangers on the internet, in general, check out our Ultimate CUJO Guide to staying safe online.

    Who should protect smart homes from hacking?

    Home users are more connected but less protected than ever before. Growing amount of smart home devices is mostly insecure by design. Criminal hackers already abuse this explosion in connectivity.

    Who can secure the home networks?

    Smart homes are more connected

    Every household today contains multiple connected devices, and the number will increase over the next five years. Gartner predicts that the number of connected devices will reach 20.4 billion by 2020. Statista offers a higher number: according to their data, it might be almost 31 billion devices installed by 2020.

    Even if these numbers are not exact, the trend is clear: the amount of smart devices is increasing and will not stop soon.

    According to Pew Research Center, a third of American homes now have three or more smartphones. The number of laptops, tablets and gaming consoles is growing as well. More homes are enjoying the help of virtual assistants, smart thermostats or cameras.

    According to our own data, a typical household protected by CUJO AI has 14-15 smart devices connected to LAN on average. Mostly it’s laptops, smartphones, and tablets, with a growing number of Internet of Things gadgets joining the top ten.

    Devices are not secure

    Traditional devices with browsers (smartphones, laptops, tablets) continue to be most susceptible to outside attacks. The main risk for a home user is that their devices can get infected by malware. That might lead to encryption of files, loss of privacy and money.

    The standard protection offered for the usual devices (laptops, tablets, smartphones) is antivirus software, which doesn’t address many cybersecurity issues such as camera hacks, DDoS attacks, and ransomware. Furthermore, restrictions by Apple make it impossible for antivirus to secure iPhones and iPads.

    Sadly, most of IoT devices are insecure by design. Since of most smart home devices are based on new technology, there is no security standard for IoT devices yet. Manufacturers prioritize low cost and speed-to-market over security, and IoT devices are left vulnerable to all kinds of threats.

    Smart devices (TVs, cameras, DVRs) are increasingly targeted both by traditional and new hacking methods. Since it’s not possible to install endpoint security on the majority of devices that customers use today, customers have become vulnerable to hacks.

    Broadband services are impacted by the IoT devices their customers install in their homes. On many occasions, these home IoT devices are the ones creating the vulnerabilities.

    It is usually assumed that the devices will be placed on a secure network, but this is not the case most of the time.

    Hackers are using a more sophisticated approach

    The cyber threat landscape grows: cybercriminals use more sophisticated methods and release hundreds of thousands new malware samples each day.

    The number of the computer viruses or other malicious software is continuously increasing. More than 317 million new malware were created last year. More conservative sources quote that 250 000 new malware threats are released daily.

    Even if the numbers might differ, the direction is clear, and it points towards the need for better cybersecurity both for home users and businesses.

    For instance, botnets such as Mirai and Reaper enlist unprotected smart devices. In 2016, a DDoS attack by Mirai botnet was conducted by up to 100,000 vulnerable IoT devices. It resulted in issues for 900,000 clients of Deutsche Telekom and brought down the DNS service provider Dyn.

    All of that leaves the home user in a challenging position. The manufacturers do not secure smart devices. Network core solutions do not see LAN communication. Traditional solutions like antivirus and DNS firewalls are reactive by design, failing to respond to daily threats. Home networks, as a result, are left exposed to ever-increasing threats.

    We believe that ISPs can address the problems that smart homeowners face today.

    Learn more how we help ISPs protect their clients:

     

    Find out how ISPs can solve this. Download @CUJO AI whitepaper here: https://www.cujo.com/platform/

     

    MacOS bug allows anyone to login without a password. What should you do?

    If you are using MacOS Sierra 10.13.1 (17B48) version, all your data might be at risk. A new security flaw allows anyone with just a bit of knowledge to reach files on your Mac. Apple has already released a software update, so make sure to update your iOS as soon as possible.

    Take a look at the video about the vulnerability and a possible solution:

     

    What has happened?

    The bug has been discovered by Lemi Orhan Ergin who noted it publicly on Twitter.  He found this security hole in the latest shipping version of MacOS, High Sierra 10.13. This flaw lets to gain access to a Mac without entering a password. This leaves MacOs, High Sierra users vulnerable.

    Because of yet unidentified failure in authorization mechanism when checking user’s credentials, “root” login is confirmed, giving user full administrator rights to their system. Users just need to select the logging in as a different user. However, this flaw though it is highly reproducible, might fail in some cases.

    Since the existence of “root” user itself might be news for some Mac OSX users, and superuser accounts usually should be disabled, it is not the case this time.

    “We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.” – Apple comments.

    What do you need to do right away?

    You need to change your root password according to instructions below:

    Update your software, change the password and enable root user: https://support.apple.com/en-us/HT204012

    No one should leave their Mac unattended until this is resolved.

    When enabling root password, please keep password hygiene in mind.

    • Do not disclose your password to other people
    • Choose a long password with 13+ symbols using alphanumerical symbols.
    • Change your passwords frequently.
    Top

    Fresh View Partners