Tag: cyber attack

  • Toothbrush or threat vector? Turns out it was both for 3 million smart toothbrushes utilized in a recent DDoS attack

    Toothbrush or threat vector? Turns out it was both for 3 million smart toothbrushes utilized in a recent DDoS attack

    When it comes to cyber attacks it seems like anything can be utilized (see Amazon Fire Stick on the recent attack on Rockstar Games) but even our toothbrushes?

    It’s true, while details are still coming out it’s been reported that 3 million malware infected toothbrushes were used to bring down a Swiss company’s website at the cost of millions of Euros.

    No details have emerged yet on either the brand of toothbrush or the specific company that was targeted but we know the toothbrushes were running on Java which is a popular operating system for IoTs (Internet of Things) devices.

    It highlights the point that any device connected to the internet can be used for malicious intent. We’ve all probably heard about threat actors utilizing home security cameras or baby monitors to gain unwanted access to our homes or to just be creeps. Or how about the study on smart fridges that found out they were collecting a lot of your data unknowingly.

    With so many of us having smart devices scattered throughout our homes it’s long overdue that we think about what security needs to be in place to prevent these devices from being a danger to us or others. That includes both the obvious devices like our computers and the less obvious devices like our internet connected home gadgets.

    In a recent study by the SANS Internet Storm Center they tested how long it would take for an unprotected, unpatched PC to become infected with malware when exposed to the internet. Their calculations came back that it would only take 20 minutes on average for that PC to be infected, this is down from 40 minutes back in 2003.

    Even if you consider yourself tech savvy and “careful”, attackers are relentless when it comes to looking for the latest exploits and staying ahead of the curve. It’s the unfortunate truth that they can put more time into their nefarious activities than you as a business owner can dedicate to outsmarting them.

    For them it’s a numbers game and the more nets they cast and the more avenues they look for to gain access the more likely they are to be successful, and even items such as a toothbrush are not safe.

    That is, unless you follow these steps when securing your network and IoT devices.

    On top of these simple steps to secure your network and maintain your devices, you can also work with a provider like Valley Techlogic.

    We utilize best in class tools that prevent cyber attacks from occurring in the first place. Our partners have the resources to stay on top of and mitigate threats (even zero-day attacks) and with ongoing maintenance included in our service plans we can prevent your devices from becoming a threat vector to you or to another business.

    Schedule a meeting with us today to learn more.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • In 2023 some of the biggest cyber-attacks were orchestrated with “low tech” methods

    In 2023 some of the biggest cyber-attacks were orchestrated with “low tech” methods

    Whether you’re “tech aware” or not, most of us know that the human element is one of the riskiest elements of our business when it comes to our data being compromised.

    2023 proved that in spades with many of the largest attacks of the year being orchestrated with “low tech” methods – whether that be social engineering as we saw with MGM or literally low tech as with the attack on Rockstar that was conducted with a cellphone, TV and an Amazon Firestick.

    Attacks such as the one on MGM are conducted with social engineering and the attacker doesn’t need to possess any particularly strong tech skills to pull an attack of that nature off. These attacks are usually accomplished through persistence – the attacker sometimes researches their target and reaches out to decision makers or those close to decision makers to try and gain access through Vishing, Phishing, and other methods (see our chart below for examples).

    They may also “bruteforce” their way in though not in the typical way you might think, compromised credentials are often found very cheaply on the web and many people use the same password for everything. The bad actor will again look for specific targets and then try to purchase credentials that will match their target.

    A common social engineering attack is orchestrated as follows:

    1. The attacker will research their target. This includes trying to figure out who is a decision maker or close to a decision maker. They may also look for details about you found on social media (such as family and friends names they can use to make their attack appear more legitimate).
    2. The attacker will reach out to the victim using what they have learned or try any credentials they’ve managed to find. They may pose as someone you trust and can even spoof that person’s email.
    3. They will use their access to infiltrate your systems or use your account to continue pursuing their target. They may not immediately make themselves known – many attacks are orchestrated over months or years to produce a bigger payout.
    4. Once they have successfully infiltrated your systems the attack may proceed in a variety of ways, whether that be trying to ransom back your compromised data or systems, threatening to release stolen data online if they don’t receive a payout, posing as you to your clients to expand their reach and more.
    5. The attack only ends when you can successfully remediate/remove their access.

    This attack is the end game for many attackers but not all attacks have this level of energy put towards them, phone scams and simple email phishing scams can look to steal your credit card or banking info for a quick payout and these sorts of attacks are conducted en masse often by attackers located overseas. Scams like these are still a variety of social engineering and quite effective – and again any data they manage to get in the process can also be sold on the dark web allowing these attackers to “double dip” on the profits they receive from their nefarious efforts.

    As we mentioned above many attackers are not conducted on a quick timeline, attackers know they can receive a bigger payout the more enmeshed they are in with the victim’s systems and data. Your system could be compromised right now, and you may not even know it.

    Data loss remediation and protection is just two of the cyber security offerings Valley Techlogic provides to help us protect our clients from social engineering and other cyber based attacks. Reach out today to learn more.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Leave the World Behind features alleged cyber warfare as the main movie villain, how realistic was it?

    Leave the World Behind features alleged cyber warfare as the main movie villain, how realistic was it?

    The cyber attacks we typically report on are localized or contained to a specific sector or even business entity.

    In Netflix’s new movie “Leave the World Behind” characters are confronted with what looked like a global cyber attack causing mass destruction and chaos, including self-driving cars crashing into each other with no driver present and planes crashing into the ocean into land with GPS absent.

    The movie features an all-star cast and is the first movie we’ve seen take on the apocalypse narrative with a unique technology twist – not to besmirch the Terminator legacy, but killer robots are found fairly frequently in pop culture.

    Originally adapted from Rumaan Alam’s book of the same name, the movie actually takes liberty in specifically calling out the cyber attack in the movie where in the book the nature of what’s going on is left a lot more ambiguous.

    The movie even received feedback from former President Barack Obama to make sure the cyber warfare elements were realistic instead of fantastic which left us with an eerie feeling after viewing the film, because the truth is some of the elements of it could be replicated in real life.

    Venturing into spoiler territory now, at several points in the movie the characters are subjected to an ear-piercing noise that stops them in their tracks. It’s alluded to that these attacks might be “sonic booms” and are the reason one of the characters begins having physical symptoms as a response (odontophobia folks beware). This attack in the movie mirrored an alleged event in Cuba where directed energy waves, in this case microwave instead of sound, caused physical harm to locals.

    In another scene one of the main characters attempts to check her phone for news and is instead confronted with several news articles, seemingly normal messages at first then devolving on red paper are dropped from a drone in the sky on a character driving down an empty road – this is several hours after the characters have been cut off from the outside world by the technology we all rely on for news and information.

    By sheer coincidence these scenes are again mirrored by a real-life news event that happened just this month, where Iran-located hackers took over a water authority in Pennsylvania because their devices were Iran made, screens of these electronics found in the facility displayed a message in red with “YOU HAVE BEEN HACKED” featured prominently.

    It’s unlikely that an attack could take out an entire nation easily, but it is worrying for us as a technology provider when we encounter lackadaisical responses to very serious cyber threats. The whole world does not need to be hacked for a hack to affect your whole world.

    If after watching this new blockbuster you’re thinking it might be time to evaluate your cyber preparedness, Valley Techlogic has you covered.

    If you book a consultation with us this month you will even receive a $100 cash for your time just for hearing us out. Click here or on the image below to get started.

     

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.