16 |^ |^ May 2020
nothergrowingthreatto
yourcomputer– and
widernetwork– comes
fromso-calledhack
tools.Thesearepartofa
widerrangeoftools
knownas‘riskware’,whicharetoolsthat
aren’tinthemselvesmalicious,but
capableofbeingusedfornefarious
endsbyhackers.Thisisa greyarea
usuallyignoredbysecuritysoftware
becausethetargetsareperfectly
legitimateprogramsthatperformuseful
functionality– forexample,Nirsoft’s
ProduKeyisdesignedtohelpyou
recoverWindowsandOfficeproduct
keysfromyourcomputer,butbecauseit
canalsobedeployedtopullproduct
keysfromothercomputersonyour
networkisdesignateda hacktoolby
MalwarebytesAnti-Malware.
Othertypesoftoolthatfallintothis
categoryarenetworkscanners,SSHand
eventoolsdesignedtoperformillegal
activitiessuchasGameHack,a familyof
toolsthatbypassgamingplatform
serverrestrictionsorpaywalls.
If youwantprotectionagainst
thesethreats– aswithadware,then
MalwarebytesAnti-Malware(www.
malwarebytes.com)isa must-have.
Networkthreats
Manyoftheseappropriatedtools
- alongwithtoolsdevelopedspecifically
forcybercriminals– areusedtoattempt
drive-byhackingsofcomputersand
theirnetworks.Thetoolsareusually
indiscriminate– scanningthousandsof
publicIPaddressesinthehuntforweak
spotsthatgivehackersaccesstohome
andbusinessnetworks,givingthem
carteblanchetodowhattheywill.
Youcanreduceyourriskofattackby
followingthestep-by-stepguide
opposite.It involvesstrengtheningthe
devicethatprovidesa gatewaytoand
fromtheinternet:yourrouter.Theseare
oftenshippedwithgapingsecurity
holes,sofollowtheadviceacrossthe
pagetoinstantlyimprovematters– and
alsoincreaseprotectionagainstanyone
withinphysicalrangeofyournetwork
(includingneighbourspiggybackingon
yourinternetconnection).
Anotherweakpointarethedevices
onyournetwork.Theirconnectionsto
theinternetare‘guaranteed’inthat
they’retrusted,buttheyalsomakeit
possibletotargetyournetworkthrough
a specificdeviceratherthana generic
attackthroughyourgateway.YourPCs
(andMacsif youhavethem)should
alreadybeprotectedwithstrong
securitysoftware,butyou’llneed
anti-virusforyourAndroidmobiletoo.
Appledevicesaremoretightlylocked
down,buthereit’simportanttoinstall
thelatestupdates,avoidinsecure
wirelessnetworksandexercisethesame
cautionopeningemailsandvisiting
websitesasyouwouldwithyourPC.
IoTvulnerabilities
ThegrowthoftheInternetofThings
- smartdevicesspanningfromspeakers
toenergymeters,securitycamerasto
lights– posesitsownthreat.TheIoTis
oftenoverlookedwhenperforming
securityauditsbutisparticularly
vulnerabletoattack.Sadly,securityis
oftenofsecondaryimportanttoIoT
manufacturers– thedeviceshave
limitedstorageorlackmechanismsfor
firmwareupdatestoclosevulnerabilities
whendiscovered.
If you’venotyetdoneso,takethe
timetoidentifyallthesedevicesand
performa securityauditonthem.More
reputabledevices– includingSamsung’s
SmartThingshubandAmazon’sAlexa
rangeofspeakers– shouldbe
constantlyonthelookoutforfirmware
updates,andalertyouviawhichever
appsyouhaveinstalled.
Otherdevices,however,maynothave
thisability,relyingonyoutohuntdown
andapplyfirmwareupdatesyourself
(thisistrueofyourroutertoo).Visitthe
devicemanufacturer’swebpageand
lookinthesupportordownloads
sectionforpossibleupdates.If none
exist,tryGooglingtheproductname
andkeywordslike‘vulnerability’or
‘hack’toseeif attackshaveoccurred.
If devicesarenolongersupported,
considerup-to-datereplacements.
Failingthat,followtheadviceinthe
step-by-steptoplacethemontheirown
isolatedguestnetworkawayfromyour
computerandotherimportancedevices
- youmaywishtodothiswithallyour
IoTequipment.Youshouldstillbeable
toaccessthem,buttheconnectionwill
bemadeovertheinternetratherthan
throughyourlocalnetwork.
Prevent drive-by hacking
Keep hackers out of your home network and
awayfrom all your devices, not just your PC
$
Malwarebytes
takes an
aggressive
stance against
tools that can
be used
maliciously.
SmartThings hubs update their own firmware
- the hub goes offline during the update.
“The IoT is often overlooked when
performing security audits but is
particularly vulnerable to attack”