Security roundup: Apple Watch a target for hackers, Windows Server end of life

We look at the week's biggest tech security news and opinions
Author:
Publish date:
1-security-roundup-apple-watch.jpg

Hackers will increasingly look to the emerging wearables and smartwatch market, especially when the Apple Watch is launched in early 2015, claims Kaspersky Lab.

“The day smartwatches become as popular as smartphones, cybercriminals will launch attacks against them too," said Dmitry Bestuzhev, Director of the Global Research and Analysis Team Latin America.

Ken Westin, security analyst at Tripwire, added: "In the same way the original iPhone became an immediate target for hackers, so too will any new device Apple releases. There will be a race to hack the Apple Watch. Even though Apple's security team will have vetted the product, whenever a new product is available to security researchers and hackers alike, weaknesses are discovered."

On the new iPhone 6, Bestuzhev added: "It’s important to note that any system is potentially vulnerable, and this usually happens when the value is high and effort needed to hack is low. Unfortunately iTunes account credentials have been readily available on the black market for a while meaning cybercriminals are able to easily access them. As the accounts store the main user’s payment information, it is likely that cybercriminals will improve their tactics to steal such credentials."

Regarding Apple's new Apple Pay mobile payment service, Tim Erlin, director of IT risk and security strategy at Tripwire, commented: "Apple has wisely let other vendors, like Google and PayPal, wade into the mobile payments market first, but there can be little doubt that the behemoth's entrance into the arena will greatly speed adoption of the technology, and the attention it gets from potential attackers.

“Near Field Communication isn't as well tested from a security perspective as the more common wireless technologies. If the Apple Watch takes off in the market, it will quickly become an interesting target for attackers. We may see the rise of the modern day pickpocket. After all, attackers follow the money, so if Apple puts your money 'on' a watch [as an attack vector], it suddenly becomes a very interesting target.”

In other tech security news this week, with all support for Windows Server 2003 ending July 14th 2015, companies must act swiftly to begin migrating to 2012 or be open to serious disruption and security risks, says IT services provider and Microsoft Gold partner ITC Infotech.

Microsoft estimates that the average Windows Server migration will take over 200 days to complete. ITC Infotech has cautioned that many companies are unaware of the workload, let alone the deadline. Once support ends next year, there will be no further patches or security updates, exposing companies to major security and compliance issues.

Anand Sukumaran, Vice President of Managed Services at ITC Infotech, said: “It is crucial for anyone still on Windows Server 2003 to begin planning immediately. Without security updates or patches, all applications and services on Windows 2003 are a security risk. Businesses also face the threat of serious legal and compliance issues."

Meanwhile, the National Audit Office published an update for the Committee of Public Accounts on the UK Government’s National Cyber Security Programme

Responding to the report, Hugh Boyes from the Institution of Engineering and Technology, said: “The current cyber security skills initiatives have been focused on providing the skills for individuals employed in cyber security roles. This is a short term solution which does not address the need to improve the security awareness and skills of everyone involved in the design, production and use of software-based systems. This requires significant investment in education and training at all levels in the UK to ensure that software is trustworthy and those involved in its development and maintenance are applying software engineering best practice."

Elsewhere, Netgear announced the European release of ReadyRecover, a hardware and software solution, enabling data backup and restoration for SMBs which promises to help businesses 'maximise continuity' should disaster occur. 

ReadyRecover mixes the enterprise-class features of Netgear’s ReadyData platform with StorageCraft’s ShadowProtect software in a single backup appliance.

F-Secure published a new threat report, which found that the first half of 2014 saw an increase in online attacks that lock up user data and hold it for ransom - even on mobile devices. This ransomware demands payment of a sum in exchange for unlocking a user’s files.

Data protection service CloudMask launched in the UK to protect sensitive information in the cloud. It offers a 'zero trust model' - new security technology that works on the premise that no one can be trusted with data - including cloud administrators, governments, employees, and even company IT administrators.

Kaspersky Lab also revealed that over 21 per cent of parental users have lost money or important data as a result of their child’s online activity.

With as many as 44 per cent of parents believing that their children know little about the internet and computers, 32 per cent are concerned about financial loss and 27 per cent are worried that their kids share confidential information too freely online. In addition, 35 per cent of kids know nothing about cyberthreats and this lack of awareness poses a real risk for a family’s online safety and security.

Related