This Week In Cybersecurity

This week on Between the Hacks, a ransomware attack results in human death, the U.S. House passes an IoT security bill, the Mozi botnet makes up 90% of IoT traffic on the Internet and a tool to create and protect your online brand.

U.S. House Of Representatives Passes IoT Security Bill

The U.S. House of Representatives passed the IoT Cybersecurity Improvement Act. The bipartisan bill intends to improve the security of Internet of Things (IoT) devices and is backed by Reps. Will Hurd (R-Texas) and Robin Kelly (D-Ill.), and Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo). There are also several major cybersecurity and tech companies that support the bill, including BSA, Mozilla, Rapid7, Cloudflare, CTIA and Tenable, according to CISO Magazine.

“The House passage of this legislation is a major accomplishment in combating the threats that insecure IoT devices pose to our individual and national security. Frankly, manufacturers today just don’t have the appropriate market incentives to properly secure the devices they make and sell – that’s why this legislation is so important,” Warner stated after the bill passed the House.

The bill now has to be passed by the Senate before it can be signed into law by the president. If it becomes law, the IoT Cybersecurity Improvement Act will require NIST to issue standards and guidelines for secure development, patching, identity management, and configuration management for IoT products, reports SecurityWeek.

Mozi Botnet Accounts for 90% of IoT Botnet Traffic

IBM X-Force has discovered that the Mozi botnet, which uses code from the Mirai botnet and targets Internet of Things (IoT) devices, is responsible for nearly 90% of the IoT traffic on the Internet.

“This surge in IoT attacks could be due to a number of causes, but may in part result from an ever-expanding IoT landscape for threat actors to target. There are about 31 billion IoT devices deployed around the globe, and the IoT deployment rate is now 127 devices per second” according to IBM.

At Between The Hacks, we frequently write about home network security, and IBM’s research underscores how rapidly IoT devices are being deployed and that they are a favorite target of attackers. IoT devices are becoming the majority of devices on the Internet, yet they are not required to have basic security built in and often, the end user is required to patch these devices manually but are not told that they need to do this. IoT legislation is critical around the world to stop this dangerous trend.

Tip of the Week

Create online accounts

Do you have a username that you use for everything online (if it’s available)? Or maybe you don’t create accounts online because you’re afraid those accounts will be hacked (don’t worry, that’s an understandable fear). Even if you don’t create many online accounts, someone else might be making accounts in your name. Brian Krebs wrote a very thorough article outlining this threat and I highly recommend everyone read it.

I won’t go into detail because, well, Brian Krebs did a great job as usual, but I will share an online tool called KnowEm.

The KnowEm website states, “KnowEm allows you to check for the use of your brand, product, personal name or username instantly on over 500 popular and emerging social media websites. Grab your name and secure your brand before someone else does.”

If you are creating social media accounts and want to use a common username across them all, it can be a difficult chore to find something that is available. Or maybe you’re starting a company, podcast or blog and want to find a name that is also available on social media. KnowEm is a one-stop shop for doing that research. Let’s say your new blog is called SecurityRulz. You can just type that into the search box and instantly see if that username is already being used.

Picture of the Week