CyberSec Watch Report 201708 August

CyberSec Watch Report – August 2017

Co-written by Florian Boudot and Charles Le Reun, with the contribution of Quentin Bedeneau.

Hello everyone, I hope you had a great summer break!

The cyber world does not take any vacation though, and this month we will talk about cryptocurrencies and ICOs, pacemakers and IoT.

Cryptocurrencies

The cryptocurrency market is making a lot of noise recently, as hackers managed to stole tens of millions of dollars, either by compromising a wallet software, hacking an exchange platform or more recently by just scamming future ICO (Initial Coin Offering is a cryptocurrency fund-raising system) investors.

The market is drawing public attention, and obviously hackers too. If you want to invest, be very careful and be aware of offline wallet as Ledger or Trezor to safely store your coins!

Pacemakers

How would live with the thought that someone could control your heartbeat? 500,000 patients probably have the answer, as their pacemakers have been recalled due to a security flaw that let the attacker to reconfigure the device, including modifying their heartbeat. It is not the first time such a problem occurs. Indeed, last year, critical vulnerabilities that affected pacemakers and defibrillators were patched in haste.

The health sector is struggling to secure its IT infrastructure and equipment, directly putting patient’s lives in danger.

The road ahead will be rough (it already is), but mandatory in order to protect the patients.

Internet of Things

IoT devices are now everywhere and we rely more and more on them. But are they secured? Well we already know the answer, most of them are not, and the report from Digital Security covering almost 100 connected solutions gives us the main weaknesses.

Default credentials can still be found on the Internet, as the majority of logins from recent leak are « admin:admin » or « root:root ».

There is still a chance for improvement, as U.S. senators are proposing a bill to provide regulation for IoT devices.

Bonus

This month, we provide you a technical analysis of the recent DNS attack that targeted Wikileaks.

You can find your other monthly Cyber Watch Report here: July 2017September 2017 and October 2017.