This week’s Knowledge Update talks about how one fifth of IoT device owners are unaware of Mirai, an easy to exploit flaw in Linux kernel that is rated ‘high risk’ and how phishers use private banking messages to lure victims.
One-Fifth of IoT Device Owners Unaware of Mirai
The proliferation of the Internet of Things has left many vulnerable to attack, as users do not appreciate the security implications of their new products. A Trustlook study revealed that more than one-third (35%) of IoT device owners do not change the default password on their devices, leaving them vulnerable to attacks. Also, 54% of do not use a third-party security tool to protect their devices from outside threats.
It is recommended that all default passwords should be changed and that updates should be applied regularly to devices. Information on what makes a strong password can be found here.
Easy-to-exploit flaw in Linux kernel rated ‘high risk’
A flaw has been found in the way the Linux kernel loads ELF files. As the article describes: “The flaw represents a possible mechanism for a hacker or other malicious party to step up from a normal user to root – e.g. you get a shell as an ordinary user via a compromised web application or another internet-facing service, and then use the above bug to take full control of the box. It can also be abused by logged-in users to gain administrative access over the machine.” Updates should be run on affected systems to ensure that the vulnerability is patched.
More information on Flaws and the risks they pose can be found here.
Phishers Use Private Banking Messages to Lure Victims
Security experts are warning of a new phishing campaign designed to trick private banking clients into downloading
covert malware onto their machines. The spoof emails employ classic phishing techniques to socially engineer their targets, including the use of legitimate-looking banking domains and secure messages of the sort often received by private banking customers. As the article notes: “Phishing remains the most commonly exploited attack vector, according to a new study out this week. Staff are most often victims of spoofing and impersonation (67%), followed by branded (35%) and seasonal (31%) attacks, according to IronScales.”
Staff training and awareness remains as important to prevent phishing attacks as technical controls, more
information on how a business can protect itself from phishing attacks can be found here with the small
business guide infographic.