“These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $ 100,” he said.
“Alongside this trend is an attacker arms race to infect vulnerable devices, effectively thwarting other attackers from commandeering the device. Cyber criminals try to harness more and more Internet-connected devices to build ever larger botnets. The potential scale and power of IoT botnets has the ability to create Internet chaos and dire results for target victims.”
According to the company’s latest DDoS Trends and Analysisreport, hackers are using sophisticated, quick-fire, multi-vector attacks against organizational security. It said that a fifth of the DDoS attack attempts recorded during the second quarter of 2017 used multiple attack vectors. These attacks utilize several techniques in the hope that one, or the combination of a few, can penetrate the target network’s security defences.
“Despite the industry fascination with large scale, internet-crippling DDoS attacks,” said Stephenson, “the reality is that they don’t represent the biggest threat posed by DDoS attacks today.”
“Often lasting just a few minutes, these quick-fire attacks evade security teams and can sometimes be accompanied by malware and other data exfiltration threats. We believe they are often used in conjunction with other cyber attacks, and organisations that miss them do so at their peril.”
The WannaCry ransomware attack from this May made the whole world think about cyber security issues once again. Another unique point for WannaCry versus previous cyber attacks is IoT also got involved with the crisis as well. We learned from the news reports that this worm virus was different from usual. It had not only tried to encrypt computer data, but it had also attacked connected devices such as medical and teaching equipment in hospitals and schools. This is also why this May’s cyber attack has influenced so many industries.
IoT has minimized the barrier between the Internet and devices. Once one of these two is attacked, the other one would also be involved inevitably. As for the IoT security, cameras on our smart devices and smart homes are the most associated aspect of every one of us and may have influence on our everyday life.
Thanks to the IoT technology, we can remote control those connected cameras. Even if we are not home, we still can access these devices and check our properties. However, just because we are using those connected cameras and devices, if we do not do a good job in terms of security, such as utilizing weak passwords, or even no pin, criminals could easily access and control our devices by large scale scanning. According to Gao Sheng, senior software engineer from China’s national Internet Emergency Center, passcodes like “user”, ”admin”, and pure numbers have been widely used, and are the easiest ones to decrypt and hack.
As the concept of a connected world is becoming more and more popular, different types of smart home appliances have become first choice for millions of families. And because of this, the cyber attacks on IoT are changing to multiple modes. Outlaws can access all connected appliances by only hacking one router. According to Helpnetsecurity, U.S. (28%) and China (7%) are the two countries that experience the most cyber attacks. In 2015, the X-code Ghost incident had deeply influenced China’s iOS development environment. It still reigns as the most famous cyber security accident regarding the Internet and IoT in China.
Lots of Chinese developers used an unofficial iOS development kit that had been modified by malware, later dubbed X-code Ghost. The malware injected third party code into apps compiled with it. Since this attack happen on the developer side at compile time, even jail broken devices were affected. The X-code Ghost incident influenced lots of popular apps that have billions of users, such as WeChat, Didi, and so on. Both of these popular apps affect every facet of Chinese user’s normal life because of IoT.
IoT security attacks caused because of the Internet will not only impact normal people’s life, but also produce more serious problems to large-scale enterprises. Based on the report titled Toward New Possibilities in Threat Management from Price Waterhouse Coopers in 2017, the number of cyber attacks in the East Asia region has rapidly increased by 969%, and security incidents of industrial IoT have increased over 22x. Due to most enterprises using semi-automatic production models, and the popularity of smart connected systems, countless IoT devices have been utilized into the production process. But, many parts of these devices are still keeping the factory passwords, which are weak pins like “user” and “admin”.
They Get You Coming in and Going Out
For general users like us, right now, there are two kinds of cyber attacks: inbound and outbound. Inbound cyber attacks target our smart devices like phones, tablets, or cameras directly. DNS Amplification Attacks are common outbound attacks, with over 80% of family level cyber attacks resulting from router issues. To this point, Helpnetsecurity suggested three tips to actively avoid attacks. First, we need to periodically change the passcode of our smart devices and family Internet. Second, do not connect to unknown Wi-Fi and Bluetooth devices. Last but not least, upgrade device software in a timely fashion.
Nowadays, both iOS and Android will send out an upgraded version regularly, even every app on our phone will release upgrades frequently. Some users think these upgrades are annoying and choose to shut down this function, but most of the upgrades are related to security issues. As normal users, timely upgrading of our devices and apps is our best way to increase our cyber safety.
Today, a new vulnerability affecting the security of WPA2 protected wireless networks was disclosed. The Key Reinstallation Attack (KRACK) can render the network encryption transparent, allowing traffic to be viewed and – in certain circumstances – interfered with.
While the attack poses challenges for some network users, it does not affect the security of Electric Imp devices. The Electric Imp IoT platform was designed from the start to deal with real-world issues such as weak (or non-existent) network encryption, and so our platform treats all network links as untrusted. Instead, we rely on a mutually-authenticated TLS1.2 ECDHE link to secure the traffic between endpoint and cloud, preventing MITM attacks, data snooping and malicious traffic injection.
In addition to this transit security, we implement an Ed25519 based challenge-response to prevent device impersonation even in the event of a TLS key compromise.
When our silicon provider patches their WPA supplicant to withstand the KRACK attack, we will incorporate the fixes in our next impOS release, just as impOS 36 addressed the Broadpwn vulnerabilities revealed earlier this year. All devices on the Electric Imp IoT platform receive OS and security updates directly, relieving our customers from security maintenance duties and keeping the entire installed base fully patched and up to date.
Until that point, though an attacker within wireless range can – at worst – cause denial of service problems, they cannot interfere with, decrypt, or impersonate, valid imp traffic. It should be noted that any attacker within wireless range can also simply use a jammer to prevent network operation, which is a problem no amount of software can fix.
Panasonic has launched an automotive intrusion detection and prevention system designed to defend connected cars.
Cyber attacks on vehicles could result in death or injury. Most of these vehicles will be connected over mobile networks and, as our sister publication Telecoms wrote earlier today, these are inherently vulnerable. With this in mind, a system which is able to detect attacks is vital.
Panasonic’s latest technology is able to discover and simultaneously prevent attacks in real-time. Similar to an anti-virus on a computer, it will detect and isolate the attack before it affects the vehicle, and then safely discard it.
There are two parts to the system — the ‘monitoring module’, and the ‘monitoring cloud’.
Monitoring module – This is installed within the vehicle itself and checks all its functions based on the monitoring rules.
Monitoring cloud – Attacks which are unable to be detected by the in-vehicle monitoring module are uploaded to the cloud; where the updated rules can be pushed to other users to detect and prevent similar attacks on their vehicles.
This is where connected cars are able to improve security. Whereas many older vehicles are rarely updated, and any vulnerabilities that were present at manufacturing continue to pose a threat, patches and rules downloaded from the cloud can quickly be distributed to fix issues.
Connected cars are quickly growing in prominence. In fact, some analysts expect the market to grow threefold to £120bn by 2022. New technologies such as NVIDIA’s Pegasus, announced today, are also bringing the dream of fully-autonomous ‘Level 5’ self-driving vehicles closer to reality.
Ensuring the highest levels of security for all connected and self-driving cars is paramount; so it’s good to see Panasonic taking it seriously.
What are your thoughts on Panasonic’s intrusion detection system?
It feels like barely a week goes by without another breaking news account of a terrorist attack involving vehicle ramming, a form of attack in which a perpetrator deliberately aims a motor vehicle at a target with the intent to inflict fatal injuries or significant property damage by striking with concussive force.
From 2014 through 2017, terrorists carried out 21 known vehicle ramming attacks worldwide, resulting in over 220 fatalities and 800 injuries, including cities such as London, Stockholm, Berlin, Jerusalem, and Barcelona.
It’s fair to say that people connected to the ideas of terrorism will use any form of weapon possible to maim and kill at their disposal and a car or truck is just one tool in their potential arsenal. It’s also true that preventing terrorism is a multifaceted problem that encompasses law enforcement, intelligence, politics, and surveillance as well as of course, attempts to prevent people becoming attracted to terrorist acts in the first instance. We currently see the installation of bollards and other barriers being erected in public spaces, which may prevent or ameliorate some attacks.
I have lived in two cities where people who died due to car ramming — Melbourne and Berlin — and technology writers are familiar with the trolley car problem when it comes to the ethics of self-driving cars. Along with deliberate acts of terrorism, we also have the reality of vehicles hitting people or places in the event of an ill or unconscious passenger or a driver poorly following GPS instructions too literally.
So what does this mean for technology, can it solve the problem or will it contribute to the ease of future attacks?
How technology could (and does) help
In Berlin last year a truck was driven by terrorists through a local Christmas market attack in Berlin, resulting in significant casualties, but they could have been worse: the assailant’s truck reportedly stopped early on during the attack. The truck had been fitted with an automatic emergency braking system, something that is covered under a regulation that is now mandated for heavier trucks in the EU.
EU Regulation No. 347/2012 specifies the technical requirements and test procedures for advanced emergency braking systems (AEBS) that detect the possibility of a collision with a preceding vehicle, warn the driver by a combination of optical, acoustic or haptic signals and, if the driver takes no action, automatically apply the vehicle’s brakes. In this instance the application meant that the trajectory of the truck was stopped earlier than intended, thus potentially saving many lives. Similar regulations have been proposed in the U.S.
It’s also worth considering instances where stolen vehicles are being used as attack vehicles as in Stockholm. Delivery trucks are increasingly embedded with sensor technology and one option would be a kill switch that would shut down the truck and transmit its location as soon as it was reported lost. However, according to security researchers at Cisco, the reality is not quite so simple. I spoke to Barry Einsig, Global Automotive and Transportation Executive, and Franc Artes, Architect, Security Business Group last week who explained that the technology to shut a vehicle down exists today, “and has for probably almost a decade.” According to Artes, this a particularly relevant when we talk about connected vehicles:
“Because they’re connected it creates the opportunity to host the system and update or revoke certificates and ultimately you could geofence these devices and then you could shut those vehicles down. It’s not a technology problem it’s more of a security problem and also a process problem.
There was a lot of studies right after 9/11 regarding being able to shut vehicles down and part of the reason they didn’t advocate it was cyber security related and also because it could cause a bigger safety issue to shut down a big heavy vehicle when it’s going at highway speeds.”
How technology could make attacks easier
We already have ample examples of the ease of car hacking thanks to the efforts of white hat enthusiasts and researchers. It’s thus entirely possible that a car (self-automated or not) could be utilized in a terrorist attack. According to Einsig and Artes, the transportation industry’s technology infrastructure was traditionally built on closed, proprietary systems. The industry is on a journey to switch to modern connected networks, but security leaders fear the exposure to attackers during this transition period.
As we see the move into connected transport systems such as v2v communication and intelligent transportation enterprises. According to security analyst Sam Bocetta, one of the challenges is that with each branch in that chain of community you open yourself up to MITM attacks (Man in the Middle Attacks).
“An example of this is an IMSI catcher which works to basically intercept the communication between a node and a hub. This is done without either party knowing about the breach, allowing the MITM attacker to send a command or message to the node (in this situation the car).”
Criminals are also heavily invested in new technology. Cisco’s Ensig says:
“Cyber criminals think further outside the box than the engineer who’s developing the technology who is focused is solving the problem. Whether it is car technology that notices that you’re starting to swerve into a lane so your vehicle automatically shunts the steering wheel in the other direction to swerve back, hackers have already found a way to activate that to force you into oncoming traffic. Then there are acts like remotely engaging the brakes and crash sensors in the vehicle.”
He also notes that colloquially people connect terrorism with Luddites living in mud huts when they are as likely to be highly educated and intelligent with tech skills:
“Criminals will alway adapt technology faster than anyone…The cyber criminal is always looking far outside the box compared to the engineer developing the technology.”
Although as Bocetta notes:
“Hacking into an autonomous car using the latest technology is a LOT harder than learning how to drive a truck.”
At any rate, it is clear that car makers are working with federal agencies to address many of these issues. We just have to hope that terrorists and other offenders, don’t stay ahead of them.