What if all the devices in your life could connect to the internet? Not just computers and smartphones, but everything: clocks, speakers, lights, doorbells, cameras, windows, window blinds, hot water heaters, appliances, cooking utensils, you name it. And what if those devices could all communicate, send you information, and take your commands? It’s not science fiction; it’s the Internet of Things (IoT), and it’s a key component of home automation and smart homes.
Home automation is exactly what it sounds like: automating the ability to control items around the house—from window shades to pet feeders—with a simple push of a button (or a voice command). Some activities, like setting up a lamp to turn on and off at your whim, are simple and relatively inexpensive. Others, like advanced surveillance cameras, may require a more serious investment of time and money.
There are many smart home product categories, so you can control everything from lights and temperature to locks and security in your home. They also happen to make fantastic gifts, whether you’re shopping for the holidays or buying a housewarming present. Here is a one of them.
The smart G-Spike Adapter ( Smart WIFI Power Strip ) comes with a master switch, indicator, safety shutter, international sockets, surge protector and Wi-fi Strip. It not only protects your appliances from harmful damage during electrical imbalances but also lets you operate your home appliances virtually from anywhere and everywhere. The G–Spike Adapter works with any Wi-Fi router without the need for a separate hub or paid subscription service. You can pair it with Amazon Alexa or Google Home and can run using voice command too. Each socket can be controlled and scheduled independently.
The G-Spike Adapter ( Smart WIFI Power Strip ) lets you control your appliances at your fingertips by using an iOS/Android App. You can Schedule on/off all those power hungry appliances which drain a lot of electricity and even check the energy usage in some cases. You’ll also get notified when your important devices are getting switched on/off.
Be it your coffee machine which you forgot after switching on or the light which was on throughout the night, G-Spike Adapter is one stop solution for all what you require to automate your home electronics and appliances. You can even appear at home when you’re away, set the G-Spike Adapter to schedule mode and it’ll automatically turn the light on and off to give an appearance that someone is home.
Works with Amazon Alexa And Google Home.
Control From Anywhere
Control With Voice Commands
Get Yours Today – https://grayhats.in/product/grayhats-g-spike-wifi-iot-adapter/
The smart G-Spike Adapter ( Smart Power Strip ) comes with a master switch, indicator, safety shutter, international sockets, surge protector and Wi-fi Strip. It not only protects your appliances from harmful damage during electrical imbalances but also lets you operate your home appliances virtually from anywhere and everywhere. The –Spike Adapter works with any Wi-Fi router without the need for a separate hub or paid subscription service. You can even pair it with Amazon Alexa or Google Home and can run using voice command too. Each socket can be controlled and scheduled independently.
The G-Spike Adapter lets you control your appliances at your fingertips by using an iOS/Android App. You can Schedule on/off all those power hungry appliances which drain a lot of electricity and even check the energy usage in some cases. The scheduler works even when the internet is down and you’ll get notified when your important devices are getting switched on/off.
This is a wifi enabled smart wifi strip,You can control this power extension using our Android/iOS App from anywhere. It has normal on/off button also for manual control
Works With AMAZON ALEXA and GOOGLE HOME. . When you are away from the device, you can get notification when your important devices are getting switched ON/OFF
Weekly and Daily Scheduling Facility. Scheduling works even if internet is down. You can specify the devices attached to it to be switched off or on at any time on daily basis.
NO MONTHLY SIM CARD CHARGES. It runs on your home WiFi.
Be it your geyser which you forgot after switching on or the light which was on throughout the night, G-Spike Adapter is one stop solution for all what you require to automate your home electronics and appliances. You can even appear at home when you’re away, set the G-Spike Adapter to away mode and it’ll automatically turn the light on and off to give an appearance that someone is home.
Crypto-mining is a new force, an attack on IoT is on the rise and ransomware is getting its act together to strike in a big way. According to new data collected by TechRepublic IoT threats have seen an 8500 % increase and keeping up with the pace is crypto-mining.
Ransomware Saturates the Cybercrime Market
Can you imagine a segment termed cybercrime-as-a-service, well, ransomware is now a commodity and everybody would like to have it? A hacker with no experience will be available to serve you on the technical front and be available for hire with their own version of ransomware.
The increased tool available in the market to deal with ransomware has caused the fee amount to drop significantly. This is way less to what the actual ransomware hackers demand. So this means businesses across the world should anticipate a more ransomware attack in the coming days.
Crypto-Mining the serious online threats of 2018
Now the next in line is Crypto-mining the hot cake on the of Internet security threats. According to Comodo “all it needs is just a few codes, and the hacker is ready to go as he seizes the device for a bounty”. The attacker can place crypto-mining software on systems and mine digital coin.
The crypto-mining code is lightweight so it escapes the radar and goes undetected, even though it is consuming your central processing unit. As miner makes their home on network and IoT devices, the resources take a toll and the energy cost rise. The crypto-mining is in the race of getting quick bucks and that new technology will not be enough to counter them, so all it needs to have is a well-informed and trained workforce.
Supply Chains caught in Crossfire
The supply chain is on the rise, and these incidents are on the rise, which means the criminals are on the lookout for better and easier ways and will target valuable corporate systems. In this case, the hacker will not target the supplier directly, but he will make a move by bypassing the organization’s network security. Take a look at how Ransomware made use of the flaws in the Ukrainian accounting software.
As always the supply chain partner will not know that their system has been compromised, and by the time they figure it out, it will be too late. According to Comodo, “companies must ensure maximum security protocols and put in place standard procedures”.
Targeted Attacks on the Rise
This can be attributed to the sheer fact that ‘spear phishing; has been used by 70 percent of the hackers so far, and now the threat is looming large. This is for the fact that stealing user credentials and skipping security is easier than breaking the firewalls.
Cloud backdoors pose a rising threat to enterprises, according to new research. Expert’s at grayhats explains what a cloud backdoor is and what mitigation options are available.
Is your cloud server infected by a Backdoor ?
According to Netskope Inc.’s February 2018 “Cloud Report,” backdoors are the second most common type of malware detected during the last quarter of 2017, accounting for 33.6% of detections.
While that may be interesting as a barometer of cloud-intersecting attacker tradecraft, the more salient point for security practitioners in organizations that make extensive use of the cloud is the need to understand what exactly a cloud backdoor is — and, more importantly, how a security team can detect and block it.
What is a cloud backdoor?
Defining this term — at least with a high level of granularity and specificity — is a little more complicated than it might seem on the surface. This is in part because the classification of malware — both in the cloud and otherwise — is a complicated and nuanced exercise.
There have been a number of attempts over the years to establish a naming standard for the unambiguous identification of malware between researchers, but the reality is that there’s so much malware out there and it evolves so quickly that adhering to a uniform standard for naming, taxonomy and classification is non-trivial. This, in turn, means that while general categories and families are agreed upon by the research community, how a particular researcher categorizes a given sample from among the various strains and variants out there is largely up to the researcher.
As a general rule, backdoors are classified by what they are designed to do: to enable an attacker to control a victim resource — such as a virtual or physical host or cloud resource. So, a cloud backdoor is exactly what it sounds like: a channel that gives an attacker some level of command and control over an organizational resource.
That’s true of any backdoor, but what makes it specifically a cloud backdoor is that the channel is either facilitated by the cloud, uses an artifact in the cloud or uses cloud resources to propagate itself. The form that this can take varies by the cloud model.
In the case of an IaaS deployment, a cloud backdoor could refer to malware that enables access to a remote virtual environment hosted by an IaaS provider, such as a backdoor into a cloud environment.
How can an organization detect and prevent a cloud backdoor? The specifics of doing so depend on the type of cloud environment in question.
For an IaaS deployment, the process is similar to mitigating the same issues in an internal, on-premises deployment using malware prevention tools, SIEM tools, intrusion detection tools and so on. The implementation details might vary depending on the provider in use, the degree of control you have over the environment, and so forth. But, at the technical level, they operate fairly consistently with what is used elsewhere.
Nevertheless, it is useful to think these details through in a manner separate and distinct from on-premises implementations because there might be different teams supporting these environments and they may use different tools depending on usage specifics, as well as other factors.
SaaS is where it gets more complicated. There are, of course, tools in the marketplace — notably within the cloud access security broker (CASB) category — that address certain types of backdoor threats. Netskope is one such vendor. Other examples include Skyhigh Networks, CipherCloud and Symantec. These tools can help directly by finding and blocking malware, including backdoors. They can also help indirectly by monitoring cloud access and enforcing security policies in the cloud.
For those organizations that don’t use a CASB, other strategies can be useful. Keep in mind that, for a backdoor to be useful to an attacker, it must enable the attacker to command and control a targeted resource. To the extent that what they’re looking to backdoor into is an entity on a network, the internal defense strategies in place already — such as exfiltration controls, behavioral monitoring and antimalware — can help to detect and prevent this.
The broader concern would be access to those resources from devices that aren’t directly managed by the organization, such as a personal or home device belonging to an employee. Because those devices could have access to corporate resources, having a plan to help mitigate this issue is also prudent.
The short answer is that organizations should evaluate, plan and defend against backdoors in the cloud the same way they would for internal threats. The actual mechanics of how they do this will depend on the tools available and the specific cloud usage in question, but thinking it through ahead of time — particularly in light of the prevalence of backdoors as reflected in Netskope’s research — is time well spent.
“Even if you hate security audits, it’s in your best interest to make sure they’re done right.” – Ameen Khan
Cyber Security Audit
The ever changing cyber-security landscape requires info-sec professionals to stay abreast of new best practices on how to conduct information security assessments. Read www.grayhats.in/blog here for updated security assessment strategies you can apply to your own organization.
None of us relishes an audit–outsiders poking around for the holes in my system? When someone says “audit,” you probably think of the surprise inspections your company’s auditors pull to try to expose IT weaknesses.
Information security assessments can be effective for identifying and fixing issues in your enterprise’s policies. Which are highly sensitive for an organisation.
But you’re the one on the hot seat if your organization gets hacked. Dont worry, call Grayhats for a an audit. If you’re responsible for information security, you should want–you should insist–on thorough annual audits. In some cases, you may have no choice. Financial institutions, for example, are required to have external auditors certify compliance with regulations such as the Gramm-Leach-Bliley Act (GLBA). Your own organization’s audit department may require it. Or potential partners or customers may insist on seeing the results of a security audit before they do business with your company and put their own assets at risk.
we at grayhats can help you with such audits.
So you bring the auditors in. But what if the auditors fail to do their job correctly? You’re still the one feeling the heat after an attacker brings your Web site down or steals your customers’ financial information.
How to manage a successful audit
Establish a security baseline through annual audits.
Spell out your objectives.
Choose auditors with “real” security experience.
Involve business unit managers early.
Make sure auditors rely on experience, not just checklists.
Insist that the auditor’s report reflects your organization’s risks.
Don’t let this happen to you.
And it won’t, if you know how to:
Choose a good auditor.
Spell out your requirements.
Make sure the audit is conducted properly.
Intelligently evaluate the ultimate deliverable–the auditor’s report. An audit can be anything from a full-scale analysis of business practices to a sysadmin monitoring log files. The scope of an audit depends on the goals. The basic approach to performing a security assessment is to gather information about the targeted organization, research security recommendations and alerts for the platform, test to confirm exposures and write a risk analysis report. Sounds pretty simple, but it can become quite complex.
Establish a Security Baseline
Your security policies are your foundation. Without established policies and standards, there’s no guideline to determine the level of risk. But technology changes much more rapidly than business policies and must be reviewed more often. Software vulnerabilities are discovered daily. A yearly security assessment by an objective third party is necessary to ensure that security guidelines are followed.
Security audits aren’t a one-shot deal. Don’t wait until a successful attack forces your company to hire an auditor. Annual audits establish a security baseline against which you can measure progress and evaluate the auditor’s professional advice. An established security posture will also help measure the effectiveness of the audit team. Even if you use different auditors every year, the level of risk discovered should be consistent or even decline over time. Unless there’s been a dramatic overhaul of your infrastructure, the sudden appearance of critical security exposures after years of good reports casts a deep shadow of doubt over previous audits.
If you don’t have years of internal and external security reviews to serve as a baseline, consider using two or more auditors working separately to confirm findings. It’s expensive, but not nearly as expensive as following bad advice. If it isn’t practical to engage parallel audit teams, at least seek a second opinion on audit findings that require extensive work.
Objectives: Know What You Want
Spell out what you’re looking for before you start interviewing audit firms. If there’s a security breach in a system that was outside the scope of the audit, it could mean you did a poor or incomplete job defining your objectives.
Let’s take a very limited audit as an example of how detailed your objectives should be. Let’s say you want an auditor to review a new Check Point firewall deployment on a Red Hat Linux platform. You would want to make sure the auditor plans to:
Review and document the security mechanisms configured on the Check Point firewall and the Check Point Management Station.
Review the Check Point firewall configuration to evaluate possible exposures to unauthorized network connections.
Review the Red Hat Linux OS configuration to harden it against security exposures.
Review router configuration and logging procedures.
From a security perspective, certify the firewall and OS for production.
Document disaster recovery procedures for the firewall and OS and “good housekeeping” procedures for Check Point’s Object Management.
Perform a penetration test once the firewall and OS are in production.
Hiring an Auditor
You may be tempted to rely on an audit by internal staff. Don’t be. Keeping up with patches, making sure OSes and applications are securely configured, and monitoring your defense systems is already more than a full-time job. And no matter how diligent you are, outsiders may well spot problems you’ve missed.
The Audit Report
The audit’s done, and you look at the report. Did you get your money’s worth? If the findings follow some standard checklist that could apply to any organization, the answer is “no.” If you see pages of reports generated by a vulnerability scanner, but no independent analysis, the answer is, again, “no.”
However, it should be clear that the audited system’s security health is good and not dependent on the recommendations. Remember, the purpose of the audit is to get an accurate snapshot of your organization’s security posture and provide a road map for improving it. Do it right, and do it regularly, and your systems will be more secure with each passing year.