Skip to main content


How 2020 Presidential Candidates Can Guard Against Cyberattacks

The 2016 presidential election witnessed unprecedented Russian cyberattacks and disinformation campaigns designed to disrupt the U.S. electoral system by influencing public opinion. The Russian goal is intended to destabilize the U.S.  through ideological activism, advancing their interest and further their political agenda. Their methods compromised computer systems of candidates and political parties using the exfiltrated data to spread disinformation and influence presidential elections.

On January 6, 2017, the U.S. Director of National Intelligence released a declassified report “Assessing Russian Activities and Intentions in Recent U.S. Elections.” According to the report, Vladimir Putin ordered a massive campaign orchestrating attacks from multiple fronts that involved spreading pro-Trump propaganda on social media to hacking the Democratic National Committee (DNC). Their methods resulted in massive data breaches within the DNC that included access to John Podesta's email f…

How Cybercriminals Attack the Internet of Things

The proliferation of the Internet of Things (IoT) devices is transforming entire industries requiring all of us to rely on the products they market.  According to a Gartner analysis, an estimated 20.4 billion IoT devices will be connected by the year 2020. This staggering number is making it far more accessible than ever for cybercriminals to execute an attack.

Cybercrime as a Business

Today, cybercrime is a business and is ruthlessly dangerous attacking a broad spectrum of devices from medical, to household thermostats, smart appliances, and every type imaginable connected to the Internet. The illicit business operates around the clock but typically attacks victims during unsuspecting hours. They measure their cost/benefit to mainly generate revenue by selectively striking them during off-hours. Their tools of choice are custom built and unleashed against a specific class of IoT devices. Malware is commonly acquired online then modified to exploit their victims.

There are many examples such as in medical systems where ransomware often is used for extortion. More importantly, their attacks have exfiltrated patient records, changing or deleting diagnosis and treatments, damage critical infrastructure, and hijacking life-saving medical equipment. In another example, the Mirai botnet compromised millions of DVR devices that created a massive denial-of-service attack shutting down large segments of the Internet.

Built with Incompetence

In a rush to market, many manufacturers of IoT devices are designing them without regard to security. These vulnerabilities are at the heart of cybercrime, and these bad actors are opportunistic. They prey on IoT built with unsecured communication protocols, sloppy code, backdoor passwords, weak to the non-existent device and user authentication.  Not surprising and common practice in the IoT industry, manufacturers routinely obtain their code from open source repositories. Without a doubt many vulnerabilities originate in a wide variety of IoT devices from a manufacturer and the pattern is seen with others.


Cybercriminals desire to cloak their activities and target IoT devices to provide a layer of anonymity. This is accomplished by using the victims’ device as a proxy to transmit data using it's assigned IP address.  By using this method to mask themselves, the actors are able to send spam, obfuscate networks, conduct click-fraud, and trade illegal contraband. 

Users of IoT must be vigilant with their devices as the cybercriminal will seek out to compromise the ones with weak authentication or engage with brute force attacks using default user ID and passwords.

Detecting and Protecting

Users of IoT will find it difficult to discover if their device is compromised without specialized software tools and techniques. However, these troubleshooting observations will expose it:

  • The sudden and unexplained increase in your Internet usage and service bill.
  • The device exhibits sluggish behavior, connections to the Internet is slow and may entirely stop functioning consuming available bandwidth.
  • With tools from the network gateway, detection of unusually high outbound DNS queries.
By employing these best practice techniques will provide an essential defense to guard against becoming a victim:
  • Change the default user ID and password making it easy to remember but hard to guess. An alpha-numeric sequence of 8 characters or more is recommended and change it periodically will thwart brute force attacks.
  • Reboot the device on a regular basis. Cybercriminals who might be camped on will be halted as most malware ran in memory and cleared at reboot. When you change the password always reboot, these bad actors commonly use harvested user IDs and passwords against other devices.
  • Install and use anti-virus (AV) making sure it is up to date. AV will detect and quarantine malware running in memory and residing in the device.
  • Ensure device firmware and security patches are up to date from the manufacturer. Researchers and industry sharing communities responding to incidences will expose security vulnerabilities requiring mitigation.
  • Configure the firewall to block all outbound traffic from unauthorized IP addresses and disable port forwarding. IoT devices commonly are assigned an IP address and communicate via designated TCP/UDP ports to function.
  • Isolate IoT devices via network segmentation. This is important as it will prevent a compromised one from having access to critical internal systems.
It is crucial to understand the advanced sophistication IoT cyber attacks have evolved into. They are orchestrated autonomously and with staggering scale against millions of victims simultaneously. The victims of ransomware will be asked how much will they pay to turn on a smart refrigerator, an entertainment center, or the home ventilation system. Hospitals will be asked by cybercriminals to pay dearly to restore a life-saving medical device.