Select Page
The Growth of the Internet of Things

The Growth of the Internet of Things

The Internet of Things, also commonly known as IoT, has been one of the hottest tech topics in recent years. IoT devices have a wide range of applications for both commercial and personal purposes including home security, supply chain control, motion detection, energy management, home appliances, health surveillance, and much more. There are an estimated 36 billion IoT devices worldwide, with that figure expected to climb to 75 billion by 2025. Today, it is already a $200 billion industry. Let’s look at some of the statistics and trends driving IoT in 2021 and beyond. 

5G Cellular Driving IoT Growth 

5G technology has become one of the primary drivers of the IoT, and this will continue in the coming years. By 2024 there will be almost 2 billion 5G cellular subscriptions, and it is estimated that 63% of mobile device subscriptions in North America will be 5G.

New Devices Coming Online

The seemingly exponential growth of both commercial and residential IoT devices will continue as internet-connected devices including televisions, medical sensors, watches, bike locks, alarm systems, microwaves, smoke alarms and even tennis rackets are created and utilized. 127 new devices are connected to the internet every second. 

Vehicles and IoT

Research suggests that internet-connected devices will become the norm in the next few years. Nearly 70% of vehicles around the world will be connected to the internet by 2023. In the U.S. the figure will be even higher, with an estimated 90% of vehicles connected to the internet.

Smart Cities Investing in IoT

Cities that embrace new technology like IoT and artificial intelligence will continue to pull away from other cities that have not invested (or don’t have the resources to invest) in this new technology infrastructure. The top 600 smart cities are expected to make up 60% of worldwide GDP by 2025. 

IoT and Cybercrime

Research suggests that it takes only an average of five minutes for an IoT device to be attacked after it has connected to the internet for the first time. While the IoT holds great promise for consumers, it also presents new opportunities for cybercriminal attacks. 

Business Cybersecurity 

Despite the rise in cyber attacks in the IoT, businesses have not fully caught on to how to defend against such attacks. 48% of businesses that use IoT can’t tell when they experience network breaches. This presents an urgent need for developers who know how to spot and defend against network compromises. 

Business Investment in IoT

Companies have quickly recognized how beneficial IoT technology can be to everyday operations and are expected to invest $15 trillion in IoT technology by 2025. There are a number of cities as well as companies like health care providers and manufacturers that have invested in IoT technology for the future to stay ahead of the curve.

The Future of the IoT Market

Various reports have suggested that the IoT could be worth $4 trillion, $5 trillion, or even $10 trillion in the next several years. Although the projections differ, they are agreed on one thing—there will be rapid and prolonged growth in the market.

It’s clear that the IoT isn’t going anywhere. Companies in a variety of industries will be in need of trained and skilled web developers and designers who know how to most effectively harness IoT technology to deliver consumers with the technology experiences they are looking for. The Web Professionals Organization is dedicated to all professionals who utilize the internet each and every day as the IoT continues to expand.

 

 

July, 2021 Desktop View

This month, I thought it appropriate to post some of my thoughts concerning web and security. Unless you have been unconscious for a while, you have seen so many news articles about ransomware attacks on various corporations. Since many readers work with clients (both internal and external), here are some of my thoughts regarding security. The sad thing is that most of these attack vectors are nothing new. They have been employed for some time, yet some people still fall victim.

I am focusing on what you can do as an individual. Obviously, this is a very large topic and I am just touching on some of the highlights as I see them. I look forward to your comments and encourage further discussion in our member Slack channels where we can focus on more specific items).

Passwords

  • Passwords should be long and complex. If in doubt, length wins over complexity. Consider using passphrases.
  • Passwords should be changed on a regular basis. You decide on what is comfortable for you.
  • Passwords should never be reused on more than one site. Never. There is no reason why you need to do this.
  • If you can’t recall passwords, use a password vault. There are a number of alternatives. Just make certain it is secure and your passwords are updated in the vault as you change them.
  • Passwords should never be shared with others. Never. If there is some unusual situation where another must access your information, change your password, give that party the new one, then change the password again once the need for their access has passed. Frankly, I can not think of any situation where this is warranted, but…

email

  • Never open links included in email messages. If you receive a link to a website (such as a banking site), open a browser and type the URL. It is so easy to spoof website addresses these days. That is why you should manually enter any site URL where you are required to authenticate.
  • Unless you are expecting an attachment from someone, never open email attachments. Never. This is where most malware gets started. I recommend using some form of online storage (which is virus checked) if you must share documents these days.

2FA

  • Whenever possible employ two factor authentication as part of your login. In a nutshell, there are three ways to prove you are who you say you are – something you know (like a password), something you posess (like an authentication app), and something you are (like facial recognition or fingerprints). I recommend using the first two in combination since it is very difficult to change your bio-metrics.

Phone calls

  • I recommend activating the feature found on modern mobile devices which only allow for incoming calls from those in your list of contacts. Anyone else must leave a voice message. Most scammers rely on a sense of urgency to get you to take an action you would typically not do (for example, say “yes” or share a password. Review the voice message and only call back if you are certain you need to speak with the individual leaving the message. Most scammers will likely not even leave a voice message. I assure you, the sheriff’s department will never call you to let you know they are coming to arrest you. It is best to delete similar junk.

Final thoughts

I know this list is not complete, and should be obvious to readers. However, it never hurts to review the basics periodically. Always apply a healthy dose of skepticism when anyone contacts you and asks you to take action. The more immediate their request, the greater the likelihood it is a scam.

WordPress Vulnerability Updates

WordPress Vulnerability Updates

March 2021 has seen 10 vulnerable plugins and themes for WordPress sites, which has affected about 400,000 total websites. Running WordPress sites requires keeping up to date on the latest security vulnerabilities and fixes like the ones below. 

Although these vulnerabilities have received a virtual patch to the WebARX firewall, to be safe you should update or delete the plugins immediately from your site.

WooCommerce Upload Files Premium

Enables users to upload files, preview images, add additional fees, and more. Vulnerability affects over 5,000 sites.  

Solution: Update WordPress WooCommerce Upload Files premium plugin to the latest available version.

User Profile Picture

Sets/removes profile images for users using the standard WordPress media upload tool. Vulnerability affects 60,000 sites.

Solution: Update WordPress User Profile Picture plugin to the latest available version.

Forminator

Form builder for WordPress. Vulnerability affects 100,000 sites.  

Solution: Update the WordPress Forminator plugin to the latest available version.

Dokan

WordPress marketplace plugin. Vulnerability affects 60,000 sites. 

Solution: Update WordPress Dokan plugin to the latest available version.

Defender Security 

Security plugin for WordPress. Vulnerability affects 50,000 sites.

Solution: Update WordPress Defender Security plugin to the latest available version.

Abandoned Cart Lite for WooCommerce

Helps recover carts from WooCommerce shop. Vulnerability affects 30,000 sites. 

Solution: Update WordPress Abandoned Cart Lite for WooCommerce plugin to the latest available version.

Style Kits for Elementor

Adds UI controls to Theme Styles for layout systems in Elementor. Vulnerability affects 10,000 sites.

Solution: Update WordPress Style Kits plugin to the latest available version.

WP ERP

WordPress business management solution. Vulnerability affects 10,000 sites.

Solution: Update WordPress WP ERP plugin to the latest available version.

WP Project Manager

WordPress project management tool. Vulnerability affects 10,000 sites.

Solution: Update WordPress WP Project Manager plugin to the latest available version.

WP Travel 

Travel engine for making customized travel websites on WordPress. Vulnerability affects 6,000 sites.

Solution: Update WordPress WP Travel plugin to the latest available version.

We at the Web Professionals Organization are not endorsing WebARX, but they have put together a great list from their research and work in server security, protection and monitoring. For more information on these vulnerabilities on the WebARX site, click here.

 

Should I use a VPN?

Did you know that while you browse your favorite sites across the internet, your internet provider secretly sits on the other end of your screen watching your every move? Scary? While just makes for a funny scary story, the reality isn’t much different from this scenario.

Although there’s no one looking out for the sites you visit, there are people who can do so if they wish. Also, some internet companies record user browsing data and internet behavior to bag revenue from advertisement companies.

What’s more? In 2017, some members of the U.S. Senate voted in favor of selling internet browsing data recording from millions of people like yourself. If you are uncomfortable with this, you may want to do something. The solution? Get a VPN for yourself!

What Is a VPN?

VPN is an abbreviation for Virtual Private Network. As the name suggests, it’s a private network that overrides your original internet connection and directs you towards, safe, protected servers.

This means the VPNs route your data through encrypted servers that work to hide your online browsing details. Consequently, the private network saves you from all kinds of dangers lurking online such as hackers, identity theft, and commercial data selling. 

We know what you’re thinking, you don’t really care who knows what you’re up to right? Here’s a secret, VPN can help you get into content and restricted web searches that you can’t access through your local network. 

How? Well, you must’ve noticed how your local internet provider directly takes you to the regional page of websites like Amazon and eBay. Meaning, they know where you’re logging in from. Your VPN gives you a whole new identity online, which means you can access online material that’s not available in your regions, such as movies and educational resources as well.  

Nowadays, VPNs are being used everywhere from corporate offices to top-secret government agencies. They are essential to organizations that need remote access to their networks on a regular basis. Also, it’s a valuable solution for people who value their privacy and get the protection they need from virtual threats.

Why Do You Need a VPN?

To make the reason as clear as possible, a VPN simply creates a direct, secure passage connecting one computer to another. If you’re not convinced yet and need specific reasons to use get a VPN for yourself, here are some situations where a VPN can mean a lot to you.

Be Safe On Public WiFi

It’s commonplace for us to inquire about the free WiFi services before choosing a restaurant to dine in. Believe it or not, connecting your device to one of these WiFi connections without a VPN can be the biggest risk to take. That’s because, these networks are open to anyone, and can provide a straight passage for malware from other devices to invade yours.

Similarly, the WiFi can also be a trap to get you into phishing scams raging through the internet these days. A VPN connection helps ensure you don’t fall prey to any of these situations.

Get Through Streaming Restrictions

Are you tired of Netflix blocking certain content because of your geographical location? The same dilemmas can get you on BBCi and even YouTube and Instagram. While browser proxies can get you through these restrictions, they slow down the streaming speed making for an unpleasant viewing experience. To get through these restrictions, a VPN is the best option.

Avoid Censorship Regulations

Some oppressive governments impose restrictions on their citizens regarding what they view and visit. These regulations are also virtually reinforced to combat any intrusion, so if you try to get into any prohibited online pages, they’ll know. 

That’s where a VPN comes in. As mentioned before, it encrypts your data and conceals your identity completely. This way, you can get through the oppressive regulations and censors without exposing yourself in any way.

Encrypt Your Online Data

When you’re using a VPN, the network creates a secure passage for you to send your data through. So any activity you conduct with the VPN app running will be private and encrypted. Every VPN connection offers an app that you can use to activate and deactivate the connection on your device according to your needs.

How To Choose Your VPN?

Convinced? Then you’ve probably started conducting your search for the perfect VPN for yourself. Attributing to the high consumer demand, there are a plethora of companies providing VPN services. If you choose the wrong one, you’ll end up exposing your data to yet another unreliable third party, which can be hazardous to your privacy. Here’s how to choose an ideal VPN network.

Price And Security

Most of the time, the level of security you’ll get with a VPN is directly proportional to the price. For normal users, mainstream VPN providers costing under $5 will work well. To choose the best one, you should go through the user reviews to get a clear evaluation of the service you’re about to purchase. Also, go with well-known and reputable companies to avoid getting into a scam.

User Data Logs

If security is your main concern when getting a VPN connection as compared to unlimited access to content, you should check whether or not the company keeps logs of their user data. These logs can be used to track you or your online activity. For extra security, you should choose one that doesn’t save your online browsing details.

Network Servers

What could be worse than paying for a VPN service that slows down your device and makes streaming almost impossible? To avoid this situation, you should do your research about the number of servers a VPN network has. This way, you won’t put yourself at risk of overcrowded servers and slow connections.

Multiple Device Compatibility And Clear User Interface

Many VPN networks allow you to sign in with your account on multiple devices. If you can get this service at an affordable price range, you should definitely go for it as it keeps you from getting restricted to one device. 

Most importantly, check the interface of the app you’re purchasing. The most clutter-free and clear the interface is, the easier it’ll be to use.

Conclusion

We hope you found this guide for VPNs useful. It’s a great personalized tool for people in favor of internet freedom and browsing privacy. Select the ideal VPN service for yourself today and go incognito for all your online operations.

Inside a DDoS attack

Everyone who runs a website has heard of DDoS attacks and hopes never to see one at their doorstep. But, what do you really know about these attacks? Our perception can be muddied by several myths and misconceptions. Also, to efficiently protect one’s website from such attacks one needs to understand what they are. Let’s review the fundamentals.

Understanding DDoS attacks

A DDoS (Distributed Denial of Service) attack takes place when a hacker sends a lot of traffic to a particular website, essentially overwhelming it. The website server gets overloaded with these malicious requests and can’t function properly so it becomes inaccessible to visitors.

Perhaps you have seen situations when a website of some company can’t be accessed at the time of an important event or release connected to it (maybe it has even happened to you – and hey, there’s no shame in it; it has also happened even to Amazon). It occurs when the traffic is too high and the company’s servers can’t handle it.

A DDoS attack seeks to emulate such a situation, only without the pleasant (save for the headache that is fixing it!) feeling that you managed to draw so many people to your website.

In a sense, this type of attacks is somewhat similar to spam: flooding some resource with tons of undesired information and making it hard to find legitimate emails. Or, in this case, just crashing the website.

In a DDoS attack, the perpetrator gains access to computers or other devices that are connected to the Internet and uses their bandwidth to perform the attack. It is most often done with the users whose devices are being used for this purpose are not even aware. Usually, to hijack the device, the hacker needs to inject it with malware but it isn’t always so.

Sometimes, one can find themselves as a part of a DDoS attack because of some seemingly safe activity they did online.

One example of that is the 2015 attack on 8chan. To gather their army of invading devices, the hacker bought bandwidth of the users of a popular VPN/proxy address provider through its sister company. Then, people who simply wanted to hide their IPs basically had them borrowed to commit a crime. While the use of that bandwidth to perform an assault on any website is illegal, buying and selling IPs is not. Those users should have read the terms of service which allowed it.

Since malicious traffic is coming from so many sources at once, it is nearly impossible to stop it and block all of it.

Why are such attacks carried out? The primary reason is money, as it’s possible to extort some from the unfortunate victim to stop the attack. On the other hand, sometimes DDoS attacks are performed just out of spite and to sow discord.

But why are DDoS attacks particularly dangerous today, you might ask? The answer is simple. Just like with any technology, modern Internet of Things devices that we all love so much can and are used by bad actors for their purposes which often involve conducting denial-of-service attacks on websites.

And the scariest thing here is the number of IoT devices. As of 2019, there are almost 27 billion of them worldwide. Moreover, the security of such devices is often lacking as their developers tend to focus more on functionality and, pardon the slang, oomph of their tools than on the questions of cybersecurity that are generally rather boring to the public and can’t be used in advertising as effectively. These two factors put together make our IoT environment something of a time bomb waiting to go off at some hacker’s prompt. The most famous example of an IoT-powered DDoS attack is, perhaps, the Mirai botnet one that happened in 2016.

How can DDoS attacks be prevented?

Most of the ways to protect one’s network or website from DDoS attacks rely on rapid detection. Speed is very important here because the faster the attack is blocked, the less damage it can do.

Detecting a DDoS attack can’t be reliably done by a human specialist due to how much data they would need to sift through and how rapidly. Therefore, technical methods have to be used. Of course, since they are not operated by humans, they must be given some criteria to work with and understand what qualifies as abnormal activity. Such criteria may include certain IP addresses and IP ranges that are to be blacklisted, variations of HTTP cookies, etc.

Once a likely attack is detected, it needs to be quarantined. Today, it is done via a cloud-based solution most of the time because hardware solutions are often too limited in their scope and don’t have enough capacity to deal with all malicious traffic coming with a DDoS attack.

There are various means of getting your website rid of this undesirable traffic. Black-hole routing, for example, routes it to a dead address that no host machine is assigned to, causing DDoS traffic to be “dropped” there harmlessly.

Scrubbing” data centers are another way of traffic filtering. All traffic coming to your website is transferred to such a data center where it is determined if it’s legitimate or not.

Another undoubtedly cool way to protect your website from DDoS attacks is a very futuristic one. However, today, we have technologies that weren’t imaginable just a few decades ago as something that will be actually available to the mortals.

I’m talking, of course, of artificial intelligence and machine learning (AI and ML).

The main benefit of machine learning is that it’s not simply a set of filters that legacy protection measures often provide. It can, indeed, learn to see patterns that are common to something. What interests us the most is that AI can be taught what a particular website’s traffic normally looks like and notice any irregularities faster and more efficiently than any human can.

However, unlike simple filtering mechanisms, AI is not limited in it. It doesn’t need a strict set of filters to determine if an attack is happening because just like a human being (at least, in theory), it can recognize something it has never seen before (and hasn’t been told by a human that this is a malicious attempt) as a threat.

All in all, there are many methods of protection against DDoS attacks. Most of them come in the form of a service that can be acquired from a security firm. And indeed, such protection is not cheap. It is a difficult question if your website needs it and there is no universal answer. Some sites are more likely to get attacked than others. Some can afford to go down for a couple of hours while others can’t.

The choice is yours. But I hope that now you know a bit more about DDoS attacks and approaches to defend against them.

[Editor’s note: this is a contributed article. Information about the author is found below.]

Sam Chester is a co-founder of Cooltechzone.com, a website dedicated to online privacy and cybersecurity. His area of expertise includes data security and analytics, software, and Internet censorship. He is a staunch supporter of limiting the role of government agencies in the lives of the citizens.

7 Ways Hackers Avoid Detection

7 Ways Hackers Avoid Detection

It’s hard to stay anonymous on the internet…

Between government surveillance systems and advertising tracking tools, your every move online can be monitored.

But if that’s the case, then why are hackers and cybercriminals so successful in their nefarious endeavors? Shouldn’t it be easy to watch their activity too?

In reality, hackers spend as much time designing their attacks as they do finding ways to stay below the radar. A single slip-up can result in the end of their malicious enterprise.

The list below covers the seven most common methods that hackers use to stay a step ahead of those chasing them.

1. Adding Layers of Virtual Machines

In movies and television, you’ll often see a supposed hacker using a basic Windows laptop to launch a major attack. That’s rarely how it works in the real world. Hackers usually operate on Linux machines and are careful to add extra layers of infrastructure between them and their operation.

Before beginning an attack, a hacker will likely connect through a series of virtual machines that are hosted in different regions of the world, acting as sort of a private cloud network. These access points are sometimes referred to as ghost machines and are replaced on a regular basis so that a hacker can cover their tracks.

2. Spoofing IP and MAC Addresses

Overview of steps to spoof a MAC address

Every single device that wants to connect to the public internet must get an internet protocol (IP) address assigned to it by an internet service provider (ISP). This IP address will identifies the computer, tablet, or smartphone so that it can easily send and receive requested data from websites through a browser.

A media access control address (MAC address) is similar to an IP address except it is assigned during manufacturing and is specific to a network adapter. A computer with an ethernet port and a wi-fi access card will have two separate MAC addresses linked to it.

IP addresses and MAC addresses are the most common ways that people are tracked online. To get around this, hackers use a variety of tools to spoof addresses to disguise location and which devices they are using. Certain versions of the Linux operating system make it easy for a user to set a custom IP or MAC address.

3. Communicating With IRC

Overview of IRC clients for Android devices

There’s a good reason you don’t see groups of cybercriminals talking about their enterprises on social media or message boards. Those types of forums are prone to eavesdropping and do not offer true anonymity.

Instead, you’ll find that most hackers rely on internet relay chat (IRC) implementations for all forms of communication. IRC apps are typically run on individual servers that do not interface with the public cloud. As a result, content on IRC channels is considered very secure and hard to trace.

4. Switching Between VPNs

When talking about internet security, virtual private networks (VPNs) are considered to be one of the smartest investments a person can make. With a stable VPN you can be confident that your internet activity is fully encrypted and protected from hacking.

But VPNs can be used for malicious purposes as well. In fact, hackers often maintain accounts with dozens of VPN providers and rotate between them on a regular basis. When it comes to choosing the best VPN service provider, it’s all about anonymity (ie, no logging). A properly functioning VPN connection will disguise a user’s true IP address, which makes it difficult to track their activity or determine their physical location.

In addition, some VPN providers offer an easy way to switch between access points. This means that a hacker can route their web traffic through a Canadian server one day and then move their activity to a German server the day after.

5. Using the TOR Browser

Screen grab of TOR browser interface

A typical internet user connects to websites using a popular browser application like Google Chrome or Mozilla Firefox. Hackers, on the other hand, have a different browser of choice. They primarily use a tool called the Tor browser, which offers built-in privacy advantages inherent with the great unindexed abyss that is the Dark Web.

When a webpage loads through the Tor browser, the initial request is actually first routed through a number of relays spread across the globe. This layered concept is known as onion routing, and that’s how The Onion Router became known simply as Tor.

At each stop on the onion relay, traffic is encrypted and then passed to a new IP address. This makes it almost impossible for outside entities to trace a user’s session and follow their activity.

6. Masking Email Addresses

Information that you share with another person over email might seem like a private communication, but that’s not the case for the largest email providers on the internet. These companies all have full access to the content of your messages, some of which may be used in government surveillance programs.

For this reason, you’ll rarely find an experienced hacker who relies on a Gmail or Outlook address, especially if part of their enterprise involves spam messages or other phishing attacks. Instead, like with IRC channels, they’ll host their own email server and use that exclusively.

Hackers have also developed a number of ways to mask their true email address when blasting large audiences with spam. Sometimes it’s as simple as adding a typo to an official-looking address that most internet users won’t notice. There are even services that offer temporary email addresses that expire after a certain period of time.

7. Encrypting Hard Drives

For a hacker, most of the focus is on network connections and covering their tracks on the internet. However, they also take careful steps to secure their physical devices. One of the most common ways is to use encrypted hard drives that require a special passcode to use.

In the fallout from a data breach, authorities may try to hack back and infiltrate the cybercriminals’ systems. Using an encrypted hard drive makes this almost impossible.

The Bottom Line

The point to all this talk about how hackers manage to stay clear of the long arm of the law is not to provide you, dear reader, with a primer on a new online crime career but rather to offer insight into how the bad guys stay out of sight.

The smartest thing you can do is take appropriate precautions to protect yourself with a VPN, updated security software, and a dose of common sense. Make no mistake, hackers are out there and you probably won’t see them coming.