When talking about cyberthreats and protection, we typically have our computers and smartphones in mind. These devices contain our messages, photos, notifications, banking, social media apps, work files, and much more – if not physically, then in the form of login details to access them in the cloud – so we mostly realize that security is important, and we take steps.
However, we tend to forget that there is a whole other group of devices that need securing too. How about a fitness band that needs to sync with a mobile app? Smart TV? Remotely controlled A/C system? Or that digital photo frame bought as a gift for grandma so that she can see a new pic of her grandchildren every day?
The fact is that any online device of any type needs to be protected. What from and how? Let’s see.
Malware is the widest term covering all kinds of malicious software, from traditional viruses and Trojan horses, borderline categories such as spyware and adware, to very dangerous new threats such as ransomware, designed for blackmail and forcing victims to pay a ransom for their personal files.
Nowadays, the most common method of distributing malware is via malicious websites. These websites can be either purposely built to infect visiting devices, or they can be legitimate websites that have been compromised without their owners’ knowledge. Either way, getting infected by a website like that is very easy as it does not require anything else than one visit – from a web browser, e-mail, SMS, instant message, or social media app. A malicious website does not even have to be visited directly, it can load as part of another website, for example in the form of an advert or other type of dynamic content. In this case, “being careful” is commendable, but an entirely insufficient security measure.
Probably the most popular method of cybercrime is targeting the human factor. Methods of social engineering rely on an average mind being easy to manipulate, and they are indeed successful. Instead of trying to crack a password with brute force, it is usually easier, quicker, and cheaper to trick a human into giving it away.
For example, phishing websites are specifically designed to lure users into entering valuable information such as their credit card details. In case of phishing, this is usually done by mimicking a website of a bank, national post office, or a similar reputable institution, and prompting people to update their details stored with that institution. Other types of social engineering include false notifications of winning a prize, free gifts, obtaining a large sum of money, or a similar attractive offer; when the prey falls into the trap, they are asked to pay a postage fee or tax first, with more requests like that coming if the first one is successful. Obviously, no prize or gift ever arrives.
Many people might say: “But I’m not stupid, I will not fall for a free iPhone giveaway, or send my payment details to a Nigerian prince.” It is important to realize that these well-known scam tricks are just the tip of the iceberg. Others, especially the latest ones, may be difficult to unmask even for a security-savvy person. Cybercriminals are rather inventive and always one step ahead.
Internet of Things is a network of various devices, sensors, and applications connected to the Internet. Any online item, however small and simple, is part of it, and the list constantly grows. Internet of Things may consist of wearables, such as a fitness watch or your dog’s collar, healthcare gadgets and monitoring devices, a wide range of smart home equipment such as a TV, fridge, thermostat or even a smart mirror, security equipment such as cameras or electronically secured gates, smart toys, and of course, all kinds of vehicles including cars (and they can be basic models, not fully self-driving cars).
So, what is the problem with these devices? The simple fact is that if they are online, they can be compromised. Internet of Things is still a relatively new concept and universal security standards have not yet been put in place, which possesses some serious security risks. People are generally aware that they need to secure their home network gateways, such as wi-fi routers, but it may not be sufficient. The general lack of security measures and standards for IoT devices makes it possible to bypass those that are in place, such as a strong password – in fact, the password even may get exposed because of issues on the manufacturer’s side.
Now, what are the actual risks? Many connected devices are deceivingly simple, so their lack of security tends to get underestimated. For example, a lightbulb. What kind of serious trouble can a compromised lightbulb cause? Or a fridge? Can it order a broccoli pizza instead of a salami one?
Admittedly, that is not a typical use case. What is entirely possible, though, is that a poorly secured device becomes part of a botnet – a huge network of compromised devices, called “zombies”, that can be used for various harmful purposes. If we get back to the example with a fridge, there is a documented case of one becoming part of a botnet used to send out large quantities of spam. In a darker scenario, an army of such zombie devices can be used for a DDoS attack (Distributed Denial of Service) that overloads and brings down a target, for example, a server or a power grid, resulting in the unavailability of a critical service or an extensive power outage. And if a fridge turned cybercriminal is not serious enough, let’s realize that doing extra tasks such as sending spam also affects its power consumption and service life.
A similar example of hijacking IoT devices is crypto mining. Again, a single device such as a camcorder does not have enough resources to be useful for crypto mining, but tens or even hundreds of thousands of them do. And who wants their camcorder to mine cryptocurrency for an Internet pirate instead of doing its job for the rightful owner?
Finally, there is the unlikely, but entirely possible scenario of a device being compromised with the intention to harm specifically its owner. A spamming fridge may not sound that alarming to some, but how about a hacked security camera?
Now the important question: How to prevent all the mentioned use cases? Sounds difficult. So many different devices and threats! Is there some kind of broad-spectrum protection?
The answer is yes. A common denominator to all the scenarios is Internet connectivity, and that is also the point where all the threats can be stopped.
In the early days, viruses would be created by geeks who wanted to test the limits, annoy people, or have fun. It usually started and ended with an infected floppy drive. Today, malicious activities are designed almost exclusively for the purposes of cybercrime, which means that online contact is needed to control an infected device or get data from it. Of course, the initial infection also happens online. Any unwanted activity can be therefore recognized and stopped at the online contact with the malicious remote point, and that is precisely what Whalebone Aura can do.
Based on a combination of website blacklists, pattern databases, machine learning methods, and powerful AI capabilities, Whalebone Aura can protect any device in a home network, be it a wi-fi router or a robot lawnmower, from any online threat. As it is cloud-based, the protection is very fast, always up-to-date, and does not require any installation. Just one click and the protection of all endpoints is on.