This sent me down a path of reconfiguring my home network and re-adding a bunch of devices to a new network.
Even though this sounds like a totally basic skill for anyone who works in cybersecurity, it was a big deal for me to set up a separate IoT-only network.
Many readers may have even gotten a new IoT device for a holiday gift.
We all know that, by being connected to the internet, many of these IoT devices are going to be vulnerable to adversaries.
Last week, researchers found a network-connected torque wrench used in many industrial environments could be infected with ransomware.
I wanted to take this space to share a few reminders and best practices of how to best set up these devices and manage them.
Use network mapping software to track which devices connect to your network using what communication methods.
This keeps these devices segmented so that, if a bad guy is lurking, they stay on that IoT-specific network that doesn't talk to your more sensitive devices like a work laptop.
Immediately change the default usernames and passwords that come with any new WiFi-connected device you're setting up.
Any home routers or IoT devices could point to OpenDNS servers for an additional layer of security.
The prime example of this for me is Amazon Sidewalk, the community network that allows Amazon devices to talk to one another and send alerts to users about various goings-on in their respective communities.
The main drawback for me is that it allows your neighbors to pull off just a little of your internet bandwidth for their connected devices, too, and opens a whole slew of privacy concerns.
Cisco Talos recently worked with fellow security company Avast to release a new version of the decryptor for the Babuk ransomware.
Our researchers obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor in its latest variant.
Babuk is one of the most prevalent ransomware families in the wild right now, so any additional resources for victims to potentially recover faster, and for free, is good news.
Dutch Police, acting on threat intelligence supplied by Talos, identified, apprehended and the Dutch Prosecution Office prosecuted the threat actor behind Babuk Toa bad guy is lurkingtilla operations, demonstrating the power of cooperation between law enforcement agencies and commercial security organizations such as Talos and Avast.
Continued action from law enforcement to track down, apprehend and charge the operators behind ransomware is one of the many important steps we can take as a society and security community to reduce the prevalence of ransomware.
Security researchers are warning of actively exploited vulnerabilities in the Ivanti Connect Secure VPN that, as of Wednesday, still did not have a patch available.
In the meantime, users should follow the mitigation steps outlined by Ivanti, and implement a new scanner that can detect exploitation attempts.
The Rhysida ransomware group initially took credit for the attack in October 2023, claiming it was offering personal information for sale on the dark web.
This Cyber News was published on blog.talosintelligence.com. Publication date: Thu, 18 Jan 2024 19:13:05 +0000