Month: May 2021

Security dangers of DNA based storages

Data storage was never such a big issue in the past. However, nowadays, every day, we produce a massive amount of data. The newest form of storing data is DNA sequencing. The current leader in long-term storage is magnetic tape. Unfortunately, magnetic tapes can store data only for thirty years. One device has the capacity of only a terabyte of data. In comparison, DNA Fountain-based storage could store data at a density of 215 petabytes per gram of DNA.

But to store a massive amount of data in such a tiny medium has its unique list of dangers. Let us look at those potential risks one by one.

  • Risk for Computers: At the moment, there is no threat to your computer by storing data into a DNA sequence. However, similar to every data medium, hackers can use DNA storage to keep and spread malware.
  • Intentional insertion of malware:  Unfortunately, one of the main disadvantages of using DNA-based storage is that the physical world can modify your DNA. A skillful attacker can create an entirely different set of threats such as biological viruses or bacterias, transmitting and injecting malware programs into your DNA storage.
  • No way to erase the storage: Once written, DNA is usually quite tricky to modify. We should treat the DNA-based storages such as highly capable compact discs with slow rewriting capabilities. The most trustful way to erase such storage is to eradicate it.
  • Easier to physically steal: How do you assure the physical security of under one gram of data? Do we store it in a safe? Sure, but hackers can make a hole in your safe and steal your data. The size of DNA-based storage devices introduces an entirely different set of challenges for your physical security.
A sample diagram of how DNA-based storage works. To record your data into DNA, you can create an entirely new footprint with your data encoded as Nucleo code. After that, you have to synthesis it into a DNA sequence.

Benefits of using DNA based storages:

Despite the threats, we could still prefer DNA-based storage in the future because it can store data for thousands of years, unlike hard drives. The information stored in DNA will not go extinct until human beings exist. These characteristics make DNA-based storage a perfect replacement for the currently used cold backup systems such as magnetic tapes.

How to control the security threats associated with DNA-based storages?

Fortunately, at this current moment, there is no significant adoption of DNA-based storage devices. The current leader is magnetic tape and will stay the same for foresee future. At the same time, the ordinary person does no use magnetic tape to store data. Usually, we use a collection of hard drives with multiple copies of our data. With this in mind, we can deduce that DNA-based storage will find its use mainly in data centers and big corporations’ data storage departments. Still, it is essential to understand that we must implement an entirely different set of techniques when we speak about DNA. With our current speed of technological development, it is quite possible to have DNA-based storage in our homes or bodies in the next decade or two.

Way Out of these Threats:

In conclusion, DNA-based storage is just another data medium. To secure the data stored there, we can use the same set of principles for storing data in hard drives. We could use strong encryption, excellent authentication, and a sound policy to store your data on a digital device or in paper documents.

Are law firms high value target for hackers?

New York-based law firm fell victim to a cyber attack. That wasn’t only unfortunate for the firm alone, but for the countless celebrity clients, they represent. Their client list comprises many A-level celebrities.

All these people fell victim to hackers.

The hacker group that carried out the attack remained unnamed. It got dubbed REvil because that’s the ransomware used by the group.

The cybercriminals targeted the law firm’s internal data systems. They managed to get away with 756 gigabytes of data, which they deemed was worth $21 million in ransom. When the law firm stated they had no intention of paying a dime in ransom, the criminals released a statement that they’re doubling their ransom request to the staggering $42 million.

After the firm refused to comply with the ransom demand, the hackers released an astonishing 2.4 gigabyte batch of data. It included private files and all sorts of sensitive information: contracts, non-disclosure agreements, promotional agreements, and expense sheets, among others.

The data dump wasn’t the only bombshell the cybercriminals dropped. They claimed to have an ace up their sleeve. They had private documents belonging to the American President. The law firm was quick to deny having any business dealings with the President. They only claimed that his name only got mentioned in some of their documents connected to their other clients.

Due to the hack’s success and the massive breach of privacy, the FBI got involved. They advised against paying the ransom as, in most such cases, payment doesn’t do much besides cost the victim money.

If you’re a victim of cybercriminals, you’re in a lose-lose situation. If you refuse to pay them, they can release the information they stole if that’s what they wish, and the victims get left to deal with the consequences. To pay the ransom they demand means you’re accepting their promise to destroy the data they stole.

You can see a standard distribution for malware types on the diagram and how the malware authors target their victims. In the case of organizations, the main approaches for crime making are data steal and ransomware

Can you trust the word of hackers? No, you can’t. However, it is essential to know that if the criminals do not hold their word, no one will pay the ransom to have this final option. Unfortunately, paying the ransom usually motivates more and more criminal groups to execute such operations.

This hack wasn’t their first attempt to score big. The attackers carried an attack on a foreign currency dealer as well. However, the ransom demand they went with paled compared to the $42, or even $21, million they demanded from the law firm. In this case, they asked for $6 million under threat to delete customer data. After a few weeks of having their services kept offline, the dealer caved and coughed up $2.3 million as payment.

Especially with COVID-19, more and more law and financial companies can become a target to attackers. It is essential to understand that blind fate into your cloud provider is only part of the equation. Every organization must take care of its defenses and upgrade them as much as it can. Only doing this can make attackers’ life harder.

Why You [Don’t] Need a VPN in 2021?

In 2021, the VPN users are in their billions, with an average user growth of 8%. According to a recent study conducted in early 2021, 50% of the respondents claimed to be using a VPN regularly to access usually restricted entertainment content. These VPN users were predominantly younger, and 62% identified as male by gender. Geographically users in the Asia-Pacific region make up a majority of all those who access a VPN with 30%, compared with Europe and North America, who combined made up 32% of those accessing a VPN worldwide.

VPNs are getting pushed as a must-have multi-service product. Are they?

VPN stands for Virtual Private Network, and it gets used for a variety of things. It can protect your online privacy by hiding your traffic and location. It masks your IP address making it easier to bypass censorship and geo-blocks. But its primary purpose is to provide your organization an encrypted tunnel to your enterprise network.

On the diagram, you can see how different users connect to a VPN (black is for the local user network, and red is for the connection to the VPN). After that, the VPN server redirects your connection to the website you want to use. The website will see your IP as the VPN’s IP (blue connections).

A remote-access VPN creates a connection between individual users and a remote network.

Remote access VPNs use two key components: Network Access Server (NAS), a dedicated server, or a software application on a shared server connected to the business’s internal network. And the second component is VPN client – software installed on a user’s computer or mobile device.

VPN protocol secures the data you input when registering on websites and creating accounts. It ensures that even if attackers manage to sniff data from you, they will need more resources to decrypt it. Some VPNs even block malicious ads, trackers, and websites that stealthily download malware on your device without you even realizing it. That’s how VPNs get advertised, and on the surface, all that sounds useful, right? The critical thing is, you don’t need a VPN to do everything listed above.

With all that they do, many people wonder if VPNs are even legal. VPNs are legal in most countries, with only a few exceptions. Places that either regulate or outright ban VPNs are China, Iraq, North Korea, Oman, Russia, and the UAE, to name a few. A downfall of using a VPN is that your connection speed will suffer slightly. Many will also admit that setting up a VPN, especially for some specific business needs, could be time-consuming and may challenge your tenacity.

A negative aspect of VPNs is that while you may be keeping your data encrypted and safe from hackers, that doesn’t apply to the VPN company. Whichever provider you’re using, it has access to all of your information – location, IP address, which sites you frequent, all manner of sensitive data. Do you think it wise to trust a company with such private information?

You can ensure your online security without turning to the services of a VPN. There are a few key steps to follow.

As already mentioned, make sure only to visit secure websites – starting with HTTPS:// instead of HTTP://. Next, two-factor authentication is your best friend when logging into a site. Add an extra layer of protection. Physical keys are an excellent option for that task. They vary in price, but there are affordable options. If you can’t manage to get one, use an SMS or email authentication. Use whatever you can to ensure a two-step verification when accessing sites. It can save you a ton of trouble. A username and password aren’t enough.

Another helpful step to ensure security is not to use shared devices. Sharing a laptop or a PC with a third party is a terrible idea as it can open the floodgates to malware, keyloggers, and who knows what else. And, lastly, update regularly. That may sound like a no-brainer, but people tend to postpone updates indefinitely. Don’t do that. Timely updates go a long way.

But, if you want to use VPN, please use providers, which offer VPN over Tor and anonymous registration. They must take payments in cryptocurrencies as well. This setup provides you some privacy and a way to avoid firewalls. However, this setup can be categorized as a grey or black hat technique in many countries and could bring you troubles.

Does Your VPN Protect From Cybercriminals, or Invite Them In?

The Coronavirus pandemic forced a variety of new adjustments on people. Most offices had to close down, and workers had to turn to their home offices to do work. Schools, universities, most places of education did the same and introduced home learning. Most entertainment outlets were no longer accessible either – the movies, theatres, concerts, everything got canceled or delayed. Home computers and laptops became an essential piece of technology at home. We use them for work, study, and fun. But can you trust them to be secure enough not to lead to trouble? You might be thinking, ”Well, I have a VPN, I’m safe.” But are you?
What is a VPN, and what does it do? VPN stands for virtual private network, and its general role boils down to two words – connectivity and security. A VPN extends a private network across a public network and allows users to exchange data across shared or public networks as though their devices connect directly to the private network. VPNs shield your original IP address and protect your data. If you join a VPN to your router, it covers all your devices connected to said router. Like, phone, PC, laptop, gaming console, smart TV, and other IoT devices.

On the diagram, you can see a standard VPN network configuration. The blue lines represent encrypted tunnels from different networks to your company infrastructure. After packet inspection with the red line, your Firewall sends the traffic to your VPN server. Finally, the VPN server decrypts the traffic and sends it to your local corporate network.


In Corona-times, VPNs are a godsend for employees who aim to reach and use corporate resources. They connect to the company VPN and go about their daily business. The question is, do they use a company device to do their work, as a company PC or laptop, or do they use a home one? That makes all the difference. If you connect the company VPN on your home network, you expose your company to malware. Think about it. What if you, or a family member, carelessly clicked on something they shouldn’t have, and now malware lurks on the PC that you’re connecting to your corporate network?
Another issue with that scenario is what type of VPN the home-office employee turns to exactly? Is it a consumer VPN server based in a different country? That’s risky.
Employees find themselves in a completely new situation, unique to both them and their employer. What had previously gotten used only on rare occasions or emergencies is now used on a regular day-to-day basis, given that 100% of the workload gets done from home. That makes workers vulnerable to targeted attacks. There are already examples of that. According to Sultan Meghji, CEO of Neocova (a cloud-based suite of banking solutions company), several bank CFOs became victims of criminals and state-based attackers.
Cybercriminals are on the lookout for easy targets. They search for open WiFi and encryption that they can break easily. Don’t be that easy target! An excellent way to up your home cybersecurity is to update your router. Ask yourself whether the router you use daily is older than your phone. If yes, replace it ASAP.
Another way to keep the office and home systems safe is education. Employers should educate their employees on cybersecurity and the best practices to implement for the most protection.

Cybersecurity tactics for small teams – Physical Security – part 1

In the next couple of months, I shall write series of articles covering the topic of cybersecurity on a limited budget. The idea is to show you different methodologies for how to keep you safe without spending too much. The articles will cover various topics such as physical, computer, and mobile security. Additionally, as part of this series, I shall publish two articles covering business security and public image preservation. A final overview article will summarize all written and consist of a sample budget to cover your cybersecurity needs. It will be a good reference for startup and SME organizations. They can use it to establish or upgrade their cybersecurity defenses.

Different authors wrote many books and articles on keeping your computer and mobile phone safe for the past couple of years. Unfortunately, most of these writings ignored one fundament of cybersecurity. Without properly secured hardware devices, all of your defenses are meaningless. Of course, other authors wrote whole books on physical security, but no one covered it from a cybersecurity perspective. This article aims to cover this perspective and give an exemplary workflow of achieving adequate protection on a tight budget.

You can see a sample dependency graph of how an organization must structure its cybersecurity defenses on the diagram. As you can see, everything starts with physical security, and after that, you build more pieces on this fundament.

So let’s start it. 

There are multiple online threats to your security, and let’s start with them. During my time working in different companies, I saw many people neglecting these threats. Fortunately, these mistakes did not lead to escalation. But let me list them and give a short explanation of how they can affect you.

  • Social Platforms: Sharing your life is an excellent way to keep in touch with your friends and relatives. At the same time, it opens possibilities for hackers to monitor you. Monitoring is essential for other types of attacks. Usually, hackers execute these attacks in the following phases.
  • Shared Travel: Shared travel is a new way of traveling around. It increases comfort and lowers down the price of travel. At the same time, travelers organize the travel in public social media groups. Everyone can join this group and monitor when you travel. Such information is valuable, mainly if attackers target your home or office space.
  • Cyberstalking: Your online persona can trigger destructive emotions, and usually, this evolves into cyberstalking. It is essential to limit down exposure to such threats because they can end up into physical ones.
  • Navigation Devices: Using online navigation is lovely in terms of comfort, but most navigation software collects a considerable amount of data. Hackers can correlate this data to your real persona and monitor your life and travel plans.

As you can see from the list, different parties can monitor a good number of your online activities. With enough time and resources, these parties can execute future attacks on you. For real estates, we can create a similar list:

  • Social platforms: The situation is the same as in the previous paragraph. Attackers can execute multiple attacks using the information gathered by your social media accounts.
  • Smart Home Assistants: Smart assistants are hardware devices placed in your home. Usually, they have always turned on microphones to catch your commands and execute different orders regarding your house. At the same time, they can be hacked and used to monitor your activities.
  • Camera arrays and sensors: These days, many people install cameras and sensors attached to the Internet. Without proper cybersecurity protection, attackers can use these hardware devices to monitor your activities.
  • Laptop and smartphones: Same is true for laptops and smartphones without a proper security defense. Hackers can use them for monitoring your activities.

Intruders can use all of the upper threats to execute next-stage attacks on your real estate. Another aspect of your physical security is the security of your vehicle (car, truck, and other vehicles). As vehicles become more and more intelligent and automated, their vulnerability to hacks increases. Next are the common threats you can face with intelligent vehicles:

  • WiFi Access Points: Modern cars have WiFi access points in them. Or in simple words, this is a network router, which is part of your car’s computer. This router can be hacked and used for malicious activities.
  • Smart Locks: The current trend in the automotive industry is making cars more and more intelligent, including their locks. Of course, this is a wrong decision in cybersecurity because the makers increase the penetration surface with new functions and capabilities. Some of these locks use older encryption protocols, not updated with years.
  • Autopilot: Most modern e-cars support autopilot as a feature. Autopilot is a fancy name for a sophisticated computer program, which drives the car for you. And being a program, autopilot runs on a computer, and this computer can be hacked and used for malicious activities.
  • Real-time Updates: Newer car models receive constant updates on the fly. They follow the process your operating system uses to update itself. How secure this process is rarely publicly disclosed.

Next part is – here.