Telecommunications and mobile technologies are important for the inhabitants of the metropolis, such as electricity and water supply. But people forget that you can not blindly trust the device, applications and operators. Positive Technologies experts reminded how intercepted GPS-Signal, where vulnerabilities in networks and the dangerous Android-smartphone.
In the field of cyber security in 2016, as noted by experts from Positive Technologies, I remember burglary Telegram, powerful DDoS-attack, which left half the world without social networking, and GPS-signal lost near the Kremlin.
The problem with a GPS-signal, which suddenly disappears near the Kremlin in Moscow, has no fundamental solutions. Drivers using navigators … →
Senior Information Security Sergey Puzankov company called telecommunication systems do not trust 100% satellite.
The expert did not avoid the story of the “Yandex.Maps” and the GPS-signal, which “cast” of passing or walking near the Kremlin wall Muscovites at the Vnukovo airport. The point, explains Puzankov, was not chosen by chance. FSO, among other things, it is also necessary to protect the territory of the Kremlin from the drones. Devices at the program level is forbidden to be in the air in no-fly zones, which are just airports.
The speaker added that what usually forget the rest: the substitution of the coordinates – not the fault of “Yandex” and the American GPS. Mechanisms confusing signal and navigation systems, affect the activity of any other service and GLONASS systems and BeiDou (Chinese satellite navigation system).
But one thing – security services, and the other – the fraudsters, who are also subject to similar mechanisms.
Forge coordinates for the implementation of the so-called GPS Spoofing if you wish, you can use special tools on the market.
As for the messenger, the scandal Russian activists whose Telegram-accounts have been hacked in the spring, has forced users in 2016 to reflect on the security services. However, the Positive Technologies believe that the cause of the leak was not the application itself, and Signalling System No.7 protocol (SS7), which is used to send messages to a phone number as authentication in Telegram and WhatsApp. Vulnerabilities found in more modern protocol Diameter.
On Friday, Oct. 21, the US Internet users began to complain about the problems in the work of such popular sites like Twitter, To Reddit … →
Puzankov recalled imperfection in terms of cyber security of mobile networks as a whole. According to him, it has long been hacked GSM-network, but also the current 3G / LTE are not protected from intruders properly.
Carriers for their stupidity can become a platform for making powerful DDoS-attacks. From botnet Mirai, by which attackers managed to destroy the hosting provider Dyn, which provides work Twitter, Spotify, Reddit and other portals, and later suffered subscribers Deutsche Telekom.
Malicious software is specialized not only in the Internet of things things, but simply connected to the network devices that are exposed by default usernames and passwords, or defense in general is low. These steel routers which Deutsche Telekom offered to its customers.
Once the operator has become a victim of Mirai, he declared that “reconsider business relationships” with suppliers vulnerable router Speedport from Arcadyan.
This Puzankov praised Russian Internet providers, which, in his opinion,
using more reliable equipment as well check it out before you adopt and offer their subscribers.
The danger lies not only on the level of communication networks, but is enclosed in mobile devices themselves. And especially in the Android-smartphone owners who run the risk of becoming a victim of a malware.
BuzzFeed portal published a report in which, in addition to the Russian special services collected compromising material on President-elect of the USA Donald … →
Department of Safety Research Specialist mobile applications Positive Technologies Nikolay Anisenya stressed that pose a threat, and the official application with elevated privileges, which contain the vulnerability could allow an attacker to carry out attacks almost imperceptibly.
Mobile devices are also very effective to attack corporate networks from inside the network, bypassing perimeter security:
its users connect infected devices to a working Wi-Fi-networks, and malicious applications infect routers and user workstations.
Device, among other things, through their microphones and sensors able to provide opportunities for industrial espionage.
Global hacking messengers and social networking, networked “smart” toasters and other Internet items of things, attacks on critical facilities, iron and vulnerability cyberwar – that such events have become the most important for the IT-sphere in 2016 by Positive Technologies version.
Representatives of the company, showing the results of their research in the last year and marking the trends for 2017 minutes, immediately said they would not discuss the sensational topic “Russian hackers”. However, experts could not ignore the elections in the United States and confirmed that simple cyber attacks escalated into full-scale cyberwar.
In 2016, according to Positive Technologies, the greatest interest among hackers caused the data to some extent, were more valuable than money. One example of how time was the publication of the correspondence of the US Democratic Party, which allegedly could affect the outcome of elections.
We concentrate on the attackers and targeted attacks aimed at the corporate segment.
“The average time attacking presence in the system increased to three years. However, only 10% of attacks are detected by the victims themselves: 90% of cases they know that were attacked from external sources ”
– Concluded the company.
Hackers have received 2.2 million rubles. via phishing emails, “mules” and public programs. Neglect to cyber defense, feykovye … →
In this issue, as it turned out, it lies not so much in the technical vulnerabilities, such as in the old proven techniques like phishing. Properly hit the target fraudulent emails can bring companies a headache worth up to € 50 million. Major victims in 2016 became the Austrian FACC aerospace company and the Belgian bank Crelan. It began with phishing emails, and many successful attacks on Russian financial sector.
Among the potential victims of such mailings, as explained during the presentation of the head of the department to respond to the Positive Technologies of information security threats Elmar Nabigaev, and subscribers were “Gazety.Ru” and RIA “Novosti”.
In 2017, according to experts, it will continue to progress, not only this kind of kibermoshennichestva, but also malicious software that requires victims to ransom. These include Trojans, cryptographers, who overtook not only individuals, but the whole subway to San Francisco, the threat of DDoS-attacks of a portal and a ransom for information about the vulnerabilities found by hackers in the companies web applications.
Complications in the political environment and weak protection of industrial control systems, as experts predict, may result in 2017 to increase the number of cyber attacks on industrial facilities, especially in the energy sector.