Europol announced today that the suspected leader of an international bank heist scheme has been arrested. The arrest was a result of an investigation that involved a number of cooperating law enforcement groups including the Spanish National Police,…
Engadget RSS Feed
An unhackable smartphone may help businesses facing mounting pressure to combat cyber attacks.
The post Unhackable Smartphones Could Provide Refuge from Cyber Attacks appeared first on Futurism.
Every year we see new pressing cyber threats, from new targets for hackers to new issues cropping up in the cybersecurity space. 2018 will be no different. One area that has recently got a lot of attention is IoT devices, as the use of such devices has increased in both the public and private sectors. Here at Silobreaker we are keen to highlight three pressing cyber threats to IoT devices that we believe enterprises need to be aware of:
By 2020 it is expected that 25% of cyber-attacks will target IoT devices, many of which will be deployed in industrial environments. Infection and covert usage of IoT devices to mine cryptocurrencies or conduct DDoS attacks is a trend that isn’t slowing down, and one that is especially problematic in the industrial space because Industrial IoT devices tend to be both poorly secured and difficult to patch, especially across a distributed environment such as manufacturing.
It’s true that Mirai, and variants such as Okiru and Satori, pose a major risk to manufacturing, where the reduction of a connected device’s processing power can seriously impact safety or disrupt processes. But there is also the potential for untargeted, collateral damage in this space. The prospect of motivated attackers leveraging destructive malware such as BrickerBot to wipe devices is highly concerning, but such ‘attacks’ need not even be targeted to cause damage. A wormable exploit such as the one used by WannaCry could cause widespread infection of industrial IoT devices – to devastating effect – quite regardless of the original intentions of the attacker. We expect to see a major event of this kind take place in 2018.
Bringing in the professionals
Another pressing threat for 2018 is a dearth of skills and resources. Humans are still the weakest link in the security chain, but hiring and training people who can understand and respond to issues in the threat space is only becoming more difficult. Demand is rising much faster than supply, with 3.5 million unfilled positions in the cyber security field expected by 2021. At the same time, the eternal catch-up game played between criminals and analysts continues, with threats becoming more sophisticated and widespread every day.
As we further integrate IoT technology into our lives and into sectors such as manufacturing and critical infrastructure, this problem is not going to go away – it is going to get worse. The skills we need to protect ourselves: analysing information, separating intelligence from noise, and understanding the motivations of threat actors, are in short supply. They need to be cultivated. And to some extent this is happening; we’re simply not doing it fast enough. If this skills gap widens too fast, and too quickly, it won’t matter how much companies are willing to pay to fill these vital positions; we will all become victims.
To mitigate this issue, we need to put more effort than ever into hiring, training and retaining the next generation of cyber security experts. Information security is increasingly being viewed as more than an IT-only problem, which is a big step, but budgets don’t always scale with intentions. Yes, working to improve the “cyber hygiene” of employees is important, but no organisation is unbreachable. And we need many more skilled people if we want to be prepared for when the worst happens.
The most tantalising treasure is data
Theft and manipulation of personal information from IoT devices is a growing concern for 2018. With IoT machines becoming ever more popular with consumers, we need to come to terms with the idea that our personal information is more at risk than ever. Devices such as Amazon’s Echo and other virtual assistants allow us to (often unwittingly) sacrifice convenience for security – as we learned when a researcher used malware to stream audio to a remote server. Or when a Bluetooth vulnerability rendered Echo, Google Home and billions of other devices vulnerable to hijacking. We don’t know all the potential methods by which our personal information – what we say and do in our own homes – can be used against us, because having one’s personal life potentially exposed in this way is brand new. Identity theft and the resale of shopping habits are all perfectly possible, but this data can also enable crime in the physical world. If you’ve suddenly stopped ordering your weekly groceries, maybe there’s nobody at home? Assuming such information can be accessed, it will certainly be sold.
Mitigating data theft from devices like Echo is both a manufacturer issue and a consumer one. The more these devices are sold and used, the more attractive targeting them becomes for criminals. At the same time, the longer consumers wait before purchasing, the more tried and tested (and secure) this technology becomes. Purchasing from quality vendors will also reduce the risk of security ‘oversights’ and make sure that vulnerabilities are patched. Fundamentally, it also comes back to the very personal question of convenience versus security; to what extent are the risks worth the rewards? Caveat emptor.
“Let the road talk to your car” said tyre giant Pirelli, as it unveiled the latest iteration of its smart tyre system at the Geneva International Motor Show.
Pirelli’s Cyber Car technology enables each tyre to interact with the car’s onboard computer to ensure a safer, more economical drive.
Given that its tyres represent every car’s sole point of contact with the road, it’s little surprise that OEMs are working with Pirelli to gain as much data from that connection as possible.
Armed with information on the road conditions, tyre pressure and tread, those behind the wheel can alter their driving style. Onboard computer systems can adapt too, and the result is a more environmentally sustainable drive, for less.
It’s also a solution that’s guaranteed to speed up maintenance and take some of the guesswork out of tyre changing.
Pirelli’s Cyber Car system relies on a sensor placed on the inside of the tyre, which connects to the Pirelli Cloud. Weighing just a few grams, the sensor is able to track the status of the tyre and transmit that data to an electronic control unit inside the car.
Tyre pressure monitoring systems are commonplace. But Pirelli’s Cyber Car system aims to take things to the next level by integrating all of that data, and more, into existing driver aids.
Live tyre information on pressure, internal temperature, and tread depth can all be used by the Cyber Car system, which is able to intervene with the car’s onboard computers, adjusting ABS and stability control to suit the tyre conditions.
Notifications and system setup can both be configured with Pirelli’s app.
A solution for the future of automation
As well as tyre-centric data, each sensor combines to provide an accurate assessment of the car’s vertical load. For electric vehicles, this information represents the difference between battery life estimates using standard parameters and truly accurate predictions.
The first models fitted with Pirelli’s Cyber Car are due to arrive this year. Several car manufacturers are already taking steps to integrate the tyre specialist’s technology into their own onboard systems.
Internet of Business says
So far, 2018 has been the year of the connected car and the connected driver.
Cars are getting smarter – as is transport generally. Smart, connected services, and the data that results from them, will be one of the major battlegrounds over the next few years, both among car makers and their technology partners.
Cars are massive data points, in terms of how they’re performing, how they’re being used, and how they relate to the organisations that manage them – and the world around them.
Pirelli’s data is genuinely on the road, and that will be one of the most valuable data resources yet.
The post Pirelli smart tyres underpin its Cyber Car strategy appeared first on Internet of Business.
CyberX, an IIoT and industrial control system (ICS) security company raised a $ 18M Series B round led by Norwest Venture Partners, early investors in cybersecurity leaders FireEye and Fireglass (acquired by Symantec). Existing investors that participated in the round include Glilot Capital Partners, Flint Capital, ff Venture Capital, and OurCrowd.
To date, CyberX raised a total of $ 30M in venture funding. The company plans to use the proceeds to expand in the United States and Europe, product development, and to grow security research and threat intelligence teams.
CyberX’s continuous ICS threat monitoring platform uses ICS-specific self-learning that enables it to map and predict information security threats (in operational technology) in less than an hour.
A key factor that differentiates CyberX is it does not rely on rules, specialized skills, or any prior knowledge of a user’s environment.
The company’s target market includes companies from energy, oil & gas, and manufacturing. The customers can protect their operational technology from attackers performing cyber reconnaissance to sniff passwords and crucial network credentials.
It appears that cyber incidents like WannaCry and NotPetya have made executives from legacy industries like manufacturing and oil & gas nervous. There are reasons for the worry.The latest research by CyberX, based on analyzing 375 industrial control networks via Network Traffic Analysis (NTA), reveals that every one out of three industrial sites is connected to the public internet making it vulnerable to cyber-attacks. The company also found that un-patchable Windows operating system is found everywhere in the industrial settings. It reported such systems can be easily compromised by malware such as WannaCry/NotPetya.
Pointing towards CyberX’s technology, Dror Nahumi, general partner at Norwest Venture Partners dais that “there is a growing need in many enterprises to connect their IIoT and ICS networks to corporate IT networks for performance, monitoring, and manageability reasons. This trend creates a new security risk which requires a modern, IIoT-optimized, security solution”.
An Urgent Call
Cyber warfare is as real as it gets; the flurry of cyber attacks that made headlines and disrupted industries in 2017 alone attests to that. If it was up to United Nations (U.N.) Secretary-General Antonio Guterres, the globe would already have international rules to minimize damage to civilians from cyber attacks, or to prevent them altogether.
These attacks can range from accessing otherwise confidential files to hijacking entire network systems. There are also so-called ransomware attacks, where hackers use malware to gain access to a computer and lock the user out until they pay for access.
A rather silly version of these attacks was recently featured in the TV series Homeland, but the reality could be far worse — like in the case of the WannaCry security hack in May last year, which crippled over 200,000 businesses, governments, and even hospitals. The United States alone has lost some $ 1.3 billion due to cyber crime in 2016, a recent report by the Federal Bureau of Investigation (FBI) finds.
“What is worse is that there is no regulatory scheme for that type of warfare, it is not clear how the Geneva Convention or international humanitarian law applies to it,” Guterres said.
Indeed, cybersecurity is increasingly becoming a complex issue, with hackers able to commit cyber crimes seemingly without consequence.
What Rules Can(t) Do
Existing cybersecurity regulations, particularly those in the U.S., simply mandate that institutions protect themselves from cyber attacks. These rules are obviously defensive in nature, and as recent incidents have proven, are not quite sufficient enough to bar hackers from accessing computer systems.
It’s difficult to say what kind of rules Guterres has in mind in place of current regulations. He did suggest the role the U.N. could have in all of it: serving as a platform for experts to work with governments “to guarantee a more humane character” to these rules, and to keep the internet as “an instrument in the service of good.”
Experts have suggested that, with internet access considered a basic human right — although not without controversy — cybersecurity should also be a guaranteed right. At the very minimum, they say, the right to privacy should extend online just as it does offline. To the average folk, this perhaps is the most important point to consider: that their access to the internet is assured while, at the same time, they are kept safe and secure.
The difficulty comes in ensuring that these rights are upheld by governments everywhere. Perhaps the best hope for this future is that technology becomes more robust in the face of cyber threats. That, however, can also be quite tricky. In the same way that many see quantum encryption to be a buffer for hackers, it could just as well become a tool for hacking. Cyber warfare could simply end up becoming a race for a better technology.
Guterres’ plea becomes all the more urgent when viewed with an eye for the future: “I am absolutely convinced that, differently from the great battles of the past, which opened with a barrage of artillery or aerial bombardment, the next war will begin with a massive cyber attack to destroy military capacity… and paralyze basic infrastructure,” the U.N. Secretary-General warned.
The post Cyber Warfare Is Growing. We Need Rules to Protect Ourselves. appeared first on Futurism.
North Korea is ramping up its hacking efforts. The existence of a new group of hackers in the hermit kingdom has been disclosed Tuesday. And they’re allegedly targeting major international firms.
A new group of North Korean spies and hackers has been identified, and their available methods and tools are extremely sophisticated. The group — known alternatively as “Reaper,” “Labyrinth Chollima,” or “APT37” — can even steal documents from computers that are disconnected from the internet, according to a research paper published Tuesday by cybersecurity firm FireEye.
Worryingly, FireEye’s intelligence arm has tracked the group’s efforts and says that Reaper has “expanded its operations in both scope and sophistication.” It has been active since 2012 and focuses on South Korean defense targets.
Reaper is apparently an entirely different group than the one that has been previously tied to alleged North Korean cyber attacks in the past, including the 2014 Sony Pictures attack and the WannaCry ransomware campaign last year. That hacking outfit is known as Lazarus.
But according to FireEye, Reaper could become a global threat that both governments and companies should take seriously.
John Hultquist, FireEye’s director of intelligence analysis, told CNN Tech that Reaper has been stepping up its spying initiatives on South Korean companies. These companies, Hultquist added, are multinational firms with offices and infrastructure across the globe.
And while he declined to name any particular firms, he told the publication that the South Korean firms are Fortune 500 companies and are “crown jewels” of the economy in the country.
Some notable firms that fit that description? LG Electronics, Hyundai and South Korean tech juggernaut Samsung Electronics, which is the largest smartphone manufacturer in the world.
In a separate interview with NBC News, Hultquist said that North Korea’s cyber campaigns have become “increasingly aggressive.” And along with espionage, the efforts have branched out into disruption attacks and cybercrime.
There’s evidence that the group is expanding its focus beyond South Korea, too — and picking targets in the Middle East, Japan and Vietnam. And FireEye believes that Reaper is only going to become more active.
“We expect very aggressive activity in the near future,” Hultquist told CNN Tech.
Cyber attacks are increasingly becoming a fact of life. North Korea attacked aerospace and telecom networks last year. Olympics officials confirmed a recent attack that took place during the opening ceremonies. While Russia denied its involvement in…
Engadget RSS Feed
Apple on Monday announced a new initiative that will help businesses protect themselves against cyber attacks or deal with the aftermath of one. The company partnered with Cisco, Aon, and Allianz, to introduce a new type of product: insurance against cyber incidents.
Cisco and Apple will provide the technology supposed to keep business users secure against cyber threats including malware, ransomware, and other similar threats. Aon and Allianz, meanwhile, will offer cyber resilience evaluation services and insurance coverage against cyber attacks.
Apple explains in the press release that Aon will offer a cyber resilience evaluation, meaning that they’ll assess a company’s “cyber security posture” and recommend ways to improve it.
Cisco, meanwhile, will provide its Ransomware Defense product that’s able to see threats once and block them everywhere. “The solution includes advanced email security, next-generation endpoint protection and cloud-delivered malicious internet site blocking, to strengthen an organization’s defenses against malware, ransomware, and other cyber threats,” the announcement explains.
Apple, meanwhile, will provide hardware solutions including iPhone, iPad, and Mac that come with strong security and always-on hardware encryption. That said, Apple did have to patch a variety of unexpected security issues in the past few months.
“The choice of technology providers plays a critical role in any company’s defense against cyber attacks. That’s why, from the beginning, Apple has built products from the ground up with security in mind, and one of the many reasons why businesses around the world are choosing our products to power their enterprise,” Apple’s CEO Tim Cook said. “iPhone, iPad, and Mac are the best tools for work, offering the world’s best user experience and the strongest security. We’re thrilled that insurance industry leaders recognize that Apple products provide superior cyber protection and that we have the opportunity to help make enhanced cyber insurance more accessible to our customers.”
Allianz, is in charge of the insurance business, providing insurance to Apple and Cisco partners. Again, the new endeavor target business customers not regular consumers. But businesses will have to buy Apple gear and Cisco cyber security products to take advantage of great cyber insurance plans. This certainly seems like a smart play from Apple, which might help it increase its iPhone, iPad, and Mac sales to businesses of all sizes.
A video posted on Cisco’s site explains how the entire process works.