Secure wiping of devices and media during their disposal processes is a standard security control that we recommend to our clients. There have been a number of examples of how failure to wipe hard drives prior to disposal has resulted in embarrassment to individuals or organisations.
Reports surfaced on the 12th of April of a botnet that attacks IoT running BusyBox and other Linux-based devices. The bot, which is believed to be active since the 20th of March 2017, exploits hard-coded passwords of devices with published SSH or telnet, as well as attempting to brute-force passwords of devices with non-default credentials. As the name suggest, BrickerBot bricks the devices and leaves them completely useless. This is done by executing a set of commands to delete storage, corrupt routing and others.
The world does not suffer from a shortage of hostile individuals or nations, from politically motivated parties, groups and nations, to ideologically motivated individuals and profit-motivated criminals. Information security attacks remain on the top of the list for being a global extensible war tool.
On Friday, Ian Simpson the Chief Executive of the Earthquake Commission (EQC) held a media conference and announced that a staff member had accidentally sent an email with an attachment containing a spreadsheet with the details of 9,700 Christchurch residents and their claims, to a recipient outside of the organisation.