Best of the Checklist: February 6th, 2020
The Checklist is taking a brief hiatus, but will return next week with a new show. In the meantime, check out these Checklists from the archives — specially chosen because they’ll help shed some light on the week’s breaking news!
This Best of the Checklist will cover:
Smart things: Not such a bright idea?
Security researchers announced this week that they’d found a vulnerability in the popular Philips Hue smart light bulb which could allow malicious actors to gain access to home networks and potentially plant malware there.
This isn’t the first time we’ve talked about the potential dangers posed by IoT devices, and believe it or not, it’s not even the first time we’ve talked about the dangers of smart light bulbs!
Checklist 53 delves into the details of how hackers look for and exploit vulnerable IoT things, using smart light bulbs as our example. Give it a listen — and remember to update your smart devices to get the benefits of the latest security patches.
A new kind of ransomware
Hackers have upped the ante yet again, infecting industrial control systems (ICS) with ransomware for the first time, according to a threat report released by a private security firm. The researchers behind the report say that the “EKANS” ransomware is the first example of ransomware specifically targeting the ICS networks used by manufacturers.
It’s unclear how widespread this EKANS ransomware actually is, but to get a sense of the potential havoc that a new kind of ransomware can wreak, it can be useful to look to past cases for some insights.
Checklist 38 covers the 2017 WannaCrypt ransomware attack that infected computer networks worldwide and crippled the UK’s national health care system. It’s an excellent case study for understanding the effects of ransomware on unprepared networks (and also a good, if somewhat anxiety-producing, story).
Phishing with fear
Proving once again that there’s no tactic too sleazy for cybercriminals, news outlets reported this week that hackers are exploiting people’s fears over the deadly Wuhan coronavirus outbreak to spread Emotet malware. The attackers sent out emails and messages claiming to offer health information and alerts, but actually containing malicious files and links.
Phishing campaigns are sneaky and, as this week’s news demonstrates, shamelessly opportunistic. That’s why it’s always a good time to brush up on your phishing awareness!
Checklist 37 is a classic episode completely devoted to the topic, covering the various forms of phishing attacks, how to spot them, and what to do about them. Give it a listen!
We’ll be back soon, but if you want to reach out before then, you can contact us at Checklist@SecureMac.com with security questions or topic requests for future shows.