Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    August 2014
    S M T W T F S
    « Jul   Sep »
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for August 19th, 2014




    In an earlier article, we talked about the ongoing smartification of the home – the natural tendency of households to accumulate more intelligent devices over time. While this has its benefits, the residents of smart homes also need to invest their time and energy to maintain these devices. These requirements will only grow as more and more devices are added to the homes of the ordinary consumer.

    Managing a household full of smart devices calls for the skills of both a multi-user IT administrator and a handyman. Let’s call this role the Administrator of Things (AoT). Ordinary users are being asked to take on this role despite scant evidence that they are ready for it.

    This emerging role is something that should be looked into, as how well people can actually perform it has a huge impact on their daily lives, which includes the security of their household. The degree of work that is required by this role is dependent on factors, which include:

    • The number of smart devices in the household
    • How well these devices are able to operate autonomously
    • How secure these devices are
    • Whether these devices use consumables, such as batteries
    • How many family members use these devices
    • How often they are updated by the manufacturer
    • How often they are attacked – physically or virtually

    Figure 1. The battery of a second generation Nest thermostat
    (Image courtesy of iFixit.com)

    Consider the previous staple of home computing: the PC. It is an impressively powerful and capable machine, but it’s also a very complex one. How many of us have relatives or friends with computers that are old and full of insecure software? I’d bet we all know someone like that.

    Think of the last time you had to fix a smart device in your household – for instance, your router or IP camera. Consider: how did you find what the problem was, what the solution was, and how long the fix took. If we considered this as a job, the listing for it would look something like this:

    Role Summary

    Implement and maintain the ongoing deployment and operation of intelligent devices (IoT devices) within the household. Required to be on-call 24 hours a day, seven days a week.

    Qualifications Desired

    • Administrative knowledge of smart devices and appliances, including:
      • Security and monitoring devices – security and baby monitoring cameras, smart locks
      • Smart hubs – including smart hubs, and connected peripherals
      • Appliances – including smart fridges/washers/dryers
      • Wearables – including fitness monitors and smart glasses
      • Security sensors – including smoke detectors/CO2 sensors/thermostats
      • Smart AV equipment – including surround sound receivers, game consoles, smart TVs, smart speakers, smart radios
      • Automotive – including smart cars, and connected peripherals
      • Traditional devices – including PCs/notebooks/tablets/readers/smartphones
    • Knowledge of “convenience cases” – typical and emerging use cases for the deployment of smart devices in the household for increased convenience and security

    Responsibilities

    • Ensure that smart devices are secure – (ex: Username/password)
    • Regularly change smart device access credentials
    • Check/replace batteries in devices and sensors
    • Diagnose and Resolve device operational issues
    • Monitor device manufacturer notifications (ex: web sites, feeds, e-mail, devices) for notifications of device operational issues and firmware updates
    • Perform firmware updates, as required to ensure continued device security and operation
    • Perform device management app updates on smart phones/tablets of family members
    • Reconfigure existing devices to grant additional access by other family members
    • Identify new household convenience scenarios and configure/test devices accordingly
    • Assist other members of the household with smart device related issues

    Figure 2. Solution loop for smart devices

    This eye-opening array of responsibilities would be a significant challenge for the average non-techie user. One can imagine increased business opportunities for traditional support services like Geek Squad, Staples, QuickFix, and others who are willing to expand into supporting smart devices deployed in the household. It’s less of a stretch than you’d think – for example, many of these services will calibrate the high-definition TV that you bought from them or their parent company.

    Conclusion

    As a result of smartification, there will be an increased administrative burden of maintaining smart devices within the household over time. This will put more pressure on members of the household whose current mindset might be locked into performing these tasks themselves. These trends will likely result in (amongst other things) expanded commercial opportunities for home smart device technical deployment and support services.

    If you’re already cringing at the thought of all of this, I have some good news: eventually, things will get better. The companies that make and design smart devices will learn how to create devices that are both secure and easy to use. Even today, some devices already do a good job of balancing these requirements while others…. don’t. If a smart device is built with security in mind, it will make the life of the person who has to maintain it much easier.

    We’ve created an Internet of Everything buyers guide entitled What to Consider When Buying a Smart Device. This guide discusses the things you need to know, from a security perspective, about buying smart devices. Doing your homework now may save you much grief down the road.

    For more information on security risks and how to secure smart devices, visit our Internet of Everything hub which contains materials that talk about this emerging field.

     
    Posted in Internet of Everything | Comments Off



    With the ostensibly harmless nature of adware, we are constantly tricked into believing that they are nothing but online nuisances. But underneath, they are marketing-engineered software that could potentially carry malicious programs to target your browsing behavior and spy on your other online activities.

    What is adware and why does it exist?

    Upfront, adware are just annoying ads that pop up every now and then. They come in an assortment of freeware such as toolbars and plugins, icons, wallpapers, advanced search engines, and other lifestyle widgets and work in conjunction with these software and other programs to spy, collect data, and integrate itself into your web browser. While online ads originally exist on the context of yielding revenue based on impressions (frequency of visits on ads), adware could harm your online privacy and security. Most adware companies operate on the fringe of ethical practices and use underhanded tactics to ensure customer loyalty.

    How does adware affect your computer?

    Because adware covertly piggybacks on the freeware you download, you don’t know that your system is running adware when you begin to install these free programs. Adware can have various routines such as bombarding you with pop-up ads, leading you to harmful or fake websites, offering bogus adware removal or antivirus software or gaining full access to your computer. Adware could run in the background of your programs and as well of your computer, causing your network to slow down and become unstable. It spies on your browsing behavior and gathers private information about you to be sold to third parties or other cybercriminals. Adware could hijack clicks without your knowledge or without having to run the freeware you downloaded, prompting your computer to become unbearably slow and unstable. Additionally, adware also mines bitcoins which results in unexpected high electric consumption. Bitcoin mining gives remote attackers illegal commission from processing transactions, making you an indirect tool of cybercrime.

    Top 3 Adware, 2Q 2014

    This quarter, we’ve collated the top 3 adware that have been around and active for years based on the large portion of the total number of combined adware and malware.

    ADW_INSTALLCORE

    This adware is downloaded from the Internet and can arrive as a file is dropped. It is used to boost marketing revenues by       means of black hat SEO. This potentially unwanted program exhibits plenty of malicious traits and generally interferes with user experience. Cybercriminals can remotely access the user’s computer via malware and exploit systems vulnerabilities.

    ADW_ OPENCANDY

    ADW_OPENCANDY can be acquired from the Internet and downloaded by the user. It executes dropped files, thus allowing malicious routines of the dropped files to run.

    ADW_DOWNWARE

    Just like ADW_INSTALLCORE, this adware can be downloaded from the Internet or could arrive via dropped malware. Like most adware, ADW_DOWNWARE is furtively bundled with malware or grayware packages and is manually installed by the user. It uses the Windows Task Scheduler to execute the dropped file. This adware deletes the initially executed copy of itself and does not exhibit propagation routines.

    How can you protect yourself against adware?

    Think twice before immediately downloading and installing any software, particularly freeware. Read everything rigorously before digitally signing up or agreeing to terms and conditions to prevent the download of adware. Make sure to routinely check up your computer and regularly scan your systems. Take basic preventive measures like using a security solution software that will enable constantly updated protection.

    For more information on how to secure your system against the risks that adware may pose, watch our video below:

    You can also watch the first part of the Cybercrime series, which tackles the security risks of phishing.

     
    Posted in Bad Sites | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice