https://blog.paessler.com/investments-in-iot-security-are-set-to-increase-rapidly-in-2018
The two biggest challenges in 2018 will continue to be protecting against unauthorized access, and patching/updating the software of the device. Companies must not neglect the security problems of IoT and IIoT devices. Cyberattacks on the Internet of Things (IoT) are already a reality.
According to Gartner‘s market researchers, global spending on IoT security will increase to $1.5 billion this year.
1,725 Comments
Tomi Engdahl says:
https://etn.fi/index.php/13-news/11933-yli-50-miljoonaa-iot-hyokkaysta
Kun erilaisten IoT-laitteiden määrä kasvaa koko ajan, kiinnostavat laitteiden takana olevat tiedot myös verkkorikollisia koko ajan enemmän. AtlasVPN:n mukaan IoT-haittaohjelmien hyökkäykset lisääntyivät viime vuonna maailmanlaajuisesti 66 prosenttia eli yli 50 miljoonaan hyökkäykseen.
AtlasVPN:n SonicWallin Global Cyberattack Trends -raportin perusteella IoT-hyökkäysten huippu saavutettiin lokakuussa, kun niiden määrä kasvoi 10,8 miljoonaan. Kaikista toimialoista eniten kärsivät koulutussektori, jolla koettiin keskimäärin 71 IoT-hyökkäystä kuukaudessa.
Tomi Engdahl says:
TrustCB SESIP Scheme
https://trustcb.com/iot/sesip/#:~:text=Security%20Evaluation%20Standard%20for%20IoT,of%20various%20commercial%20product%20domains.
Security Evaluation Standard for IoT Platforms (SESIP), published by GlobalPlatform, defines a standard for trustworthy assessment of the security of the IoT platforms, such that this can be re-used in fulfilling the requirements of various commercial product domains. TrustCB has used this standard to develop and operate the “TrustCB SESIP scheme”.
The security functionality provided by the platform is expressed using the catalog included. Commonly provided sets of functionality will be covered in SESIP profiles, such as Arm PSA L1 (Chip). Currently mappings for IEC 62443, Javacard, PP-0084, etc are also under development within TrustCB.
There are five Assurance Levels in SESIP, which are labelled and defined as:
SESIP Assurance Level 1 (SESIP1) is a self-assessment-based level. There is no independent check by the evaluators the platform actually implements the SFRs. SESIP1 provides a basic level of assurance.
SESIP Assurance Level 2 (SESIP2) is a black-box penetration testing level. This is the highest level that can be applied to a closed-source platform without cooperation by the developer. SESIP2 provides a moderate level of assurance.
SESIP Assurance Level 3 (SESIP3) is a traditional white-box vulnerability analysis. The evaluation is structured around a time-limited source code analysis combined with a time-limited penetration testing effort. SESIP3 provides a substantial level of assurance.
SESIP Assurance Level 4 (SESIP4) is exclusively for re-use of SOG-IS certified platforms or platform parts by licensed evaluation laboratories, allowing those platforms to utilize the mappings from SESIP to specific commercial product domains. A SESIP4 evaluation must then be performed as a complement to a SOG-IS certification that includes at least all the standard Common Criteria assurance components, and in particular AVA_VAN.4. The current methodology simply provides guidance on how to obtain a SESIP4 certificate in addition to such a SOG-IS certificate.
SESIP Assurance Level 5 (SESIP5) is exclusively for re-use of SOG-IS certified platforms or platform parts by licensed evaluation laboratories, allowing those platforms to utilize the mappings from SESIP to specific commercial product domains. A SESIP5 evaluation must then be performed as a complement to a SOG-IS certification that includes at least all the standard Common Criteria assurance components, and in particular AVA_VAN.5. The current methodology simply provides guidance on how to obtain a SESIP5 certificate in addition to such a SOG-IS certificate.
Technology Document Library
Protecting digital services through standardization
https://globalplatform.org/specs-library/security-evaluation-standard-for-iot-platforms-sesip-v1-0-gp_fst_070/
Tomi Engdahl says:
SESIP: An optimized security evaluation methodology, designed for IoT devices
https://globalplatform.org/sesip/
GlobalPlatform is here to support IoT device makers and certification bodies to adopt the Security Evaluation Standard for IoT Platforms (SESIP) methodology and establish their own IoT device security certification schemes.
SESIP provides a common and optimized approach for evaluating the security of connected products that meets the specific compliance, security, privacy and scalability challenges of the evolving IoT ecosystem.
In parallel, GlobalPlatform will align certification bodies and laboratories, to ensure comparable evaluations across the entire IoT ecosystem. GlobalPlatform welcomes engagement from certification bodies and laboratories.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2021/03/31/etaohjattavien-laitteiden-buumi-kiihtyy/
Mökkien etäohjattavien laitteiden kysynnän kasvu on ollut teleoperaattori Elisan mukaan viimeisen vuoden aikana hyvin nopeaa. Yrityksen kännykkäverkossa on jo nykyään kymmeniä tuhansia kuluttajien käytössä olevia tyyppisiä etäohjattavia laitteita ja niihin tarvittavia liittymiä. Uusi 5G tulee lisäämään niiden käyttöä edelleen etätöiden yleistyessä.
Tomi Engdahl says:
https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/
Tomi Engdahl says:
SHAREHOLDER ALERT: Ubiquiti, Inc. Investigated for Possible Securities Laws Violations by Block & Leviton LLP; Investors Should Contact the Firm
Block & Leviton LLP
Tue, March 30, 2021, 9:48 PM·2 min read
https://finance.yahoo.com/news/shareholder-alert-ubiquiti-inc-investigated-184800904.html?guccounter=1&guce_referrer=aHR0cHM6Ly9rcmVic29uc2VjdXJpdHkuY29tLzIwMjEvMDMvd2hpc3RsZWJsb3dlci11YmlxdWl0aS1icmVhY2gtY2F0YXN0cm9waGljLw&guce_referrer_sig=AQAAAD0hql2upkm0jWhHUmkngJALlLLoetKLlZaVf8QD7rJ7QYjqnfXxTo8z436EhInf-BbG0YwyWcRA-vTcaXH6Ex_tnbYS7mdu0A-a5pi3mxhQ–jtn9vsH3p0j9tlut09ciFRzEi5jyGl00vAtFiXFJR27DVpHTpoDbEROlS0g19i
BOSTON, March 30, 2021 (GLOBE NEWSWIRE) — Block & Leviton LLP (www.blockleviton.com), a national securities litigation firm, announces that it is investigating Ubiquiti, Inc. (NYSE: UI) for potential violations of the federal securities laws.
Ubiquiti is a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, and security cameras. On January 11, 2021, Ubiquiti disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Shares fell approximately 5.3% over the next two trading days.
On March 30, 2021, well known cybersecurity analyst Brian Krebs reported that “a source who participated in the response to that breach” is alleging that Ubiquiti “massively downplayed a ‘catastrophic’ incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication.” This anonymous security professional stated that the breach “was catastrophically worse than reported, and legal silenced and overruled efforts to decisively protect customers. . . . The breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk.” On this news, shares are down significantly in intraday trading.
Block & Leviton LLP (www.blockleviton.com) is investigating whether Ubiquiti and certain of its executives may be liable for securities fraud.
Tomi Engdahl says:
One-Way Data Transfer Secures Industry 4.0 Networks
https://www.eetimes.eu/one-way-data-transfer-secures-industry-4-0-networks/?utm_source=eeteurope&utm_medium=nl&utm_campaign=2021-04-01&utm_content=head
The internet of things and Industry 4.0 networks require reliable, safe, and secure data links. However, these days, any network is prone to cyberattacks even when secured by traditional security methods. To solve this issue, the data diode, a hard- and software device, allows only data uploads to the external world and avoids, for security reasons, any backward data downloads.
The cyber-diode extends the capabilities of traditional solutions for network security. The importance of safe and secure networks is proven by a study on cyberattacks conducted by the Bundesamt für Sicherheit in der Informationstechnik (BSI or, in English, German Federal Office for Information Security). According to the study, the amount of malware, including Trojans, ransomware, and trickbots, increased between June 2019 and May 2020 to 117 billion, with the variations and intensity of the malware continuing to rise. The requirements for optimal security in the interconnected industry and in critical infrastructures are very high, and industrial equipment interfaces must be fully protected to avoid any negative impact. Another important point is that the data transmitted must be confidential and non-manipulable.
“But even with existing security solutions, there is still a remaining risk,”
The poor security in industrial networks as IT and OT become more and more interconnected is the reason why many companies are forgoing the advances made by connecting their factories to the outside world via the internet. Networking enables efficient, cost-effective, and flexible manufacturing down to lot size 1. It also allows monitoring and optimizing machines and systems (e.g., for predictive maintenance and analytics). With internet connection, however, Industry 4.0 networks are becoming a target for sabotage and espionage by cybercriminals.
Maximized cybersecurity
“Because existing solutions for cybersecurity are either proprietary or very expensive, we developed our industrial cyber-diode, which ensures secure, reliable, manufacturer- and platform-independent communication,” Schoner explained. “It is worldwide the only data diode based on a certified confidential product.” For secure data transfer in industrial environments, it supports OPC UA Protocol (OPC Unified Architecture), an open standard for exchanging machine data. It also allows encrypted transmission of data to client applications via IPSec VPN. If IPSec is activated, external clients can communicate with the diode only by using encrypted communication. This is ensured by the diode-internal firewall, and it enables extremely secure data transmission to any desired service in the cloud or any other external location.
Tomi Engdahl says:
IoT #security solution merges #SoC hardware with #cloud software NXP Semiconductors Azure #processors
https://buff.ly/3cI8XdZ
Tomi Engdahl says:
https://etn.fi/index.php/13-news/11983-kyberiskut-aiheuttavat-jopa-paivien-katkoksia-alytehtaissa
Tomi Engdahl says:
https://resources.trendmicro.com/Industrial-Cybersecurity-WP.html
Tomi Engdahl says:
https://etn.fi/index.php/13-news/11992-siemensin-uusi-tyokalu-varmentaa-piirin-jarjestelman-ja-ohjelmiston
Tomi Engdahl says:
https://www.uusiteknologia.fi/2021/04/13/huipputason-iot-suojaus-langattomalle-jarjestelmapiirille/
Yhdysvaltalainen Silicon Labs on saanut ensimmäisenä valmistajana PSA Certifiedin korkeimman IoT:n laitteisto- ja ohjelmistosuojauksen. PSA myönsi PSA-sertifioidun tason 3 statuksen piirivalmistajan langattomalle EFR32MG21-järjestelmäpiirille.
Taattua tietoturvaa IoT-ohjaimiin – PSA- ja SESIP-sertifikaatit
https://www.uusiteknologia.fi/2021/03/15/taattua-tietoturvaa-iot-ohjaimiin/
Tomi Engdahl says:
NAME:WRECK, a potential IoT trainwreck
https://blog.malwarebytes.com/reports/2021/04/namewreck-a-potential-iot-trainwreck/
A set of vulnerabilities has been found in the way a number of popular
TCP/IP stacks handle DNS requests. Potentially this could impact
hundreds of millions of servers, smart devices, and industrial
equipment. The researchers that discovered the vulnerabilities have
named them NAME:WRECK.. For an attacker to use these vulnerabilities
they have to find a way to send a malicious packet in reply to a
legitimate DNS request. So the attacker will have to run a
person-in-the-middle attack or be able to use an existing
vulnerability like DNSpooq between the target device and the DNS
server to pull this off.
Tomi Engdahl says:
At Least 100 Million Devices Affected by “NAME:WRECK” DNS Flaws in TCP/IP Stacks
https://www.securityweek.com/least-100-million-devices-affected-namewreck-dns-flaws-tcpip-stacks
Popular TCP/IP stacks are affected by a series of Domain Name System (DNS) vulnerabilities that could be exploited to take control of impacted devices, researchers with IoT security firm Forescout reveal.
Collectively called NAME:WRECK and identified in the DNS implementations of FreeBSD, Nucleus NET, IPnet, and NetX, the flaws could also be abused to perform denial of service (DoS) attacks, to execute code remotely, or take devices offline.
The bugs were identified as part of Project Memoria, a research initiative aimed at improving the overall security of IoT devices and which has already resulted in the finding of more than 40 issues in popular TCP/IP stacks, critical components providing basic network connectivity for a wide range of devices.
Collectively referred to as AMNESIA:33 (33 bugs in four open source TCP/IP stacks) and NUMBER:JACK (nine flaws in as many stacks), the issues previously brought to light as part of Project Amnesia are as severe as the Ripple20 and URGENT/11 bugs that were detailed over the past two years.
ThreadX, FreeBSD and Siemens’ Nucleus NET are estimated to have a deployment base of roughly 10 billion devices, yet not all of them are affected. However, the researchers point out that, should only 1% of these devices be vulnerable, their number would still be above 100 million.
“The widespread use of these stacks and often external exposure of vulnerable DNS clients lead to a dramatically increased attack surface. This research is further indication that the community should fix DNS problems that we believe are more widespread than what we currently know,” Forescount points out.
The identified security holes are tracked as CVE-2020-7461 (FreeBSD), CVE-2016-20009 (IPnet – the flaw was originally identified in 2016 and a CVE ID with an end-of-life tag was issued), CVE-2020-15795, CVE-2020-27009, CVE-2020-27736, CVE-2020-27737, CVE-2020-27738, and CVE-2021-25677 (Nucleus NET). No CVE ID has been issued for the NetX bug.
Attackers, Forescout explains, could chain together three vulnerabilities to inject malicious code into a target: CVE-2020-27009 to write data to device’s memory to inject the code, CVE-2020-15795 to craft meaningful code for injection, and CVE-2021-25667 to bypass DNS query-response matching to deliver the malicious packet.
Tomi Engdahl says:
Welcome to iot and the edge…
why don’t they run IoT devices in isolated networks
I doubt the admin knew someone put this on the network
A Casino Gets Hacked Through a Fish-Tank Thermometer
https://www.entrepreneur.com/amphtml/368943
That was the lessoned learned a few years ago from the operators of a North American casino. According to a 2018 Business Insider report, cybersecurity executive Nicole Eagan of security firm Darktrace told the story while addressing a conference.
“The attackers used that (a fish-tank thermometer) to get a foothold in the network,” she recounted. “They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.”
Maybe you’ve heard of IoT, but in case you haven’t it’s easily explained. It’s all about dumb, inanimate objects. And no, I’m not talking about members of Congress. These are elevators, engines, machinery, trucks, phones, sprinkler systems, inventory and, yes, even fish-tank thermometers. These objects are being equipped with sensors and then connected back to networks, databases and communication systems. So much so that by 2025 some analysts predict that there will be as many as 31 billion connected devices worldwide.
Connected devices are helping us track the status of deliveries, the hydration of golf courses and the optimal flow of water through pumping stations. And yes, even the temperature of fish tanks in a casino. Because no one wants to see dead fish when gambling away their life savings. It’s kind of a buzzkill.
“The industrial sector is facing a new set of challenges when it comes to securing a converged IT-OT environment,” Tim Erlin, vice president of product management and strategy at security firm Tripwire, told Security Info Watch. “In the past, cybersecurity was focused on IT assets like servers and workstations, but the increased connectivity of systems requires that industrial security professionals expand their understanding of what’s in their environment. You can’t protect what you don’t know.”
Tomi Engdahl says:
Security Gaps in IoT Access Control Threaten Devices and Users
https://beta.darkreading.com/perimeter/security-gaps-in-iot-access-control-threaten-devices-and-users
A team of Internet of Things security researchers has discovered
vulnerabilities in the way IoT device vendors manage access across
multiple clouds and users, putting both individuals and vendors at
risk.
Tomi Engdahl says:
Biden Races to Shore Up Power Grid Against Hacks
https://threatpost.com/biden-power-grid-hacks/165428/
A 100-day race to boost cybersecurity will rely on incentives rather
than regulation, the White House said. President Biden is putting the
final details on a plan to encourage American electric utilities to
strengthen their cybersecurity protections against hackers in the next
100 days, amid increasing cyberattacks.
Tomi Engdahl says:
Google backs new security standard for smartphone VPN apps
https://www.zdnet.com/article/google-backs-new-security-standard-for-smartphone-vpn-apps/
The Internet of Secure Things Alliance, an IoT security certification
body (a.k.a. ioXt), has launched a new security certification for
mobile apps and VPNs. The new ioXt compliance program includes a
‘mobile application profile’ a set of security-related criteria
against which apps can be certified. The profile or mobile app
assessment includes additional requirements for virtual private
network (VPN) applications.
Tomi Engdahl says:
Remote code execution vulnerabilities uncovered in smart air fryer
https://www.zdnet.com/article/remote-code-execution-vulnerabilities-uncovered-in-smart-air-fryer
In another example of how connectivity can impact our home security,
researchers have disclosed two remote code execution (RCE)
vulnerabilities in a smart air fryer.Remote code execution vulnerabilities uncovered in smart air fryer
https://www.zdnet.com/article/remote-code-execution-vulnerabilities-uncovered-in-smart-air-fryer
In another example of how connectivity can impact our home security,
researchers have disclosed two remote code execution (RCE)
vulnerabilities in a smart air fryer.
The team tested the Cosori Smart 5.8-Quart Air Fryer CS158-AF (v.1.1.0) and discovered CVE-2020-28592 and CVE-2020-28593. The first vulnerability is caused by an unauthenticated backdoor and the second, a heap-based overflow issue — both of which could be exploited via crafted traffic packets, although local access may be required for easier exploitation.
The vulnerabilities have now been disclosed without any fix. According to Talos researchers, Cosori did not “respond appropriately” within the typical 90-day vulnerability disclosure period, and so — perhaps — now the vendor will consider issuing a patch now the issues are public.
Tomi Engdahl says:
Internet of Threats: IoT Botnets Drive Surge in Network Attacks https://securityintelligence.com/posts/internet-of-threats-iot-botnets-network-attacks/
As Internet of things (IoT) devices in homes, industrial environments, transportation networks and elsewhere continue to proliferate, so does the attack surface for malicious IoT network attackers. IoT attack activity in 2020 dramatically surpassed the combined volume of IoT activity observed by IBM Security X-Force in 2019.
Tomi Engdahl says:
https://www.zdnet.com/article/remote-code-execution-vulnerabilities-uncovered-in-smart-air-fryer/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/12054-ensimmaiselle-32-bittiselle-huipputason-turvasertifiointi
Tomi Engdahl says:
Remote code execution vulnerabilities uncovered in smart air fryer
Updated: The impacted vendor has not responded or fixed the security issues.
https://www.zdnet.com/article/remote-code-execution-vulnerabilities-uncovered-in-smart-air-fryer/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/12054-ensimmaiselle-32-bittiselle-huipputason-turvasertifiointi
Japanilainen Renesas kertoo, että sen RX-sarjan 32-bittinen mikro-ohjain on saanut amerikkalaisen NIST-järjestön 3-tason sertifioinnin salausmoduulilleen. Käytännössä tämä tarkoittaa, että ohjaimen suojaustaso täyttää esimerkiksi valtion viranomaisten ja rahoituslaitosten turvallisuusvaatimukset.
CMVP-sertifiointi on NIST:n (National Institute of Standards) ja Kanadan kyberturvallisuuskeskuksen yhdessä laatima ohjelma. RX65N-ohjain on ensimmäinen yleiskäyttöinen MCU-piiri, jolle määritysten 3-tason mukainen sertifiointi on myönnetty.
CMVP-sertifiointi perustuu FIPS 140 -standardiin.
Tomi Engdahl says:
Keeping OT environments cybersecure
What can engineers do to protect their processes and plants from cyberattack? Consider these best practices from cybersecurity and manufacturing experts.
https://www.controleng.com/articles/keeping-ot-environments-cybersecure/
Be aware of cybersecurity attack consequences
The first step to protect processes and plants is to be aware of the consequences of cyber attacks, according to Massimiliano Latini, ICS cybersecurity & special projects director at H-ON Consulting.
While the IT world is already aware of security issues, OT security has opened up a world that was previously hidden and unknown. “OT networks are much more accessible than traditional IT systems and consequently much more attractive to cybercrimes, where hackers can easily breach those most vulnerable parts of industrial automation control systems,” said Latini. He believes that the most dangerous effects of a cyber attack are related to business continuity, due to the possible shutdown of the plant assaulted, and also to safety and environment issues, in other words, injury or accidents involving people and hazardous environmental emissions.
“Above all other things, engineers can protect their processes by tidying up their data infrastructure,” said Latini. He advises that the first measure that companies should implement – in compliance with the international standard IEC 62443, which is the most important reference for industrial cybersecurity – is organizing the network into zones with a clear separation between IT and OT, and where the segmentation of the OT network is rigorously managed in case of remote access as well.
“I strongly recommend the use of firewalls designed specifically to manage issues related to industrial infrastructures is strongly recommended,” he said. “The selection of high-quality tools is also crucial to counter attack the hackers. This obviously depends on the type of infrastructure and the problems that need to be managed. The most effort must be employed in investigating what are the most adequate firewalls and Layer 3 switches for segmenting the network in accordance with the IEC 62443. And finally, a software for monitoring the network can be also very useful for identifying what vulnerabilities are affecting a system.”
Know your cybersecurity system
Edward Kessler, technical executive at EEMUA, believes that the most important consideration, when looking at securing process and plant cybersecurity, is to know what you have and what it is connected to – in terms of both networking and control – and to educate yourself on industry best-practice.
It is important to have a good idea of the roadmap for developing a cybersecurity strategy, and while there is a huge body of information available – in the form of standards which are still being developed – in many cases there is too much information for a busy engineer to take on.
“There are a number of places that easily digestible best-practice information can be found,” said Kessler. “You could look at EEMUA guidance and in the UK there is also HSE guidance. This will help engineers to better understand their equipment, what each element is dependent on, what the dataflows are and what the basic network map is.”
Kessler points out many organizations will already have a fixed asset register, but this is not likely to contain the information that is most useful from a cybersecurity perspective. “It is important to examine in detail what the connections are. Just saying it is an Ethernet or RS232 connection, for example, may not be what is significant when it comes to cybersecurity. You also need to look at dataflows and what is dependent upon what – for example, you might think that you are just sending control information to a device. But you may have a logging function on it which is dependent on GPS, so you need to know where this comes from too. All of these elements need to be brought into the mix because they may be significant from a cybersecurity point of view.”
Kessler concludes by warning that the cybersecurity risk in the OT environment is growing because the only real interest of many attackers is to make money, so attacks are likely to be be random – but opportunistic – targeted at the most easy to access systems. Those organizations that practice good cyber security hygiene will stand a better chance of deterring attackers. It is important to stay one step ahead of the attackers, so cybersecurity needs to be a continuous process and when it comes to cybersecurity prevention is definitely better than the cure.
Tomi Engdahl says:
Reveal: The First Pillar of Industrial Cybersecurity
https://www.securityweek.com/reveal-first-pillar-industrial-cybersecurity
Companies in the industrial space face unique challenges when it comes to revealing what needs to be secured
For years now, the U.S. government has been warning openly and clearly of targeted attacks against government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. However, in the months following the COVID-19 crisis, threat activity surged and the U.S. National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) issued a new alert stating: “We are in a state of heightened tensions and additional risk and exposure.” The broad warnings of an imminent and serious threat across all 16 critical infrastructure sectors included lengthy, detailed sets of recommendations for how to protect operational technology (OT) environments, beginning with “create an accurate, as operated, OT network map immediately.”
Tomi Engdahl says:
CISA, NIST Provide New Resource on Software Supply Chain Attacks
https://www.securityweek.com/cisa-nist-provide-new-resource-software-supply-chain-attacks
n a joint document published this week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) provide information on software supply chain attacks, the associated risks, and how organizations can mitigate them.
The software supply chain is part of the information and communications technology (ICT) supply chain framework, which represents “the network of retailers, distributors, and suppliers that participate in the sale, delivery, and production of hardware, software, and managed services,” CISA and NIST explain.
Aside from the SolarWinds incident, other notorious supply chain attacks over the past several years include the CCleaner malware campaign, the MeDoc (Ukrainian accounting software) compromise leading to NotPetya, Operation ShadowHammer, the infection of IoT devices running Windows 7, and the abuse of Kaspersky Lab software to steal NSA files.
Tomi Engdahl says:
Adobe Releases Open Source Anomaly Detection Tool “OSAS”
https://www.securityweek.com/adobe-releases-open-source-anomaly-detection-tool-osas
Adobe this week announced the open-source availability of ‘One-Stop Anomaly Shop’ (OSAS), a new tool designed to help security teams discover anomalies in datasets.
Building on previous research, white papers, and other projects from Adobe’s Security Intelligence Team, OSAS out-of-the-box allows researchers to experiment with datasets, control data processing and feature combining, and help identify a solution for detecting security threats.
The new open-source project tackles the issue of data sparsity, which may appear when using machine learning (ML) algorithms and models with security logs that present a large feature-space, in which case previously unseen examples may be poorly handled.
To reduce this effect, OSAS implements a two-step approach to data processing, where raw data is first consumed and tagged based on standard recipes (and complex features are also created), and labels are then used as input features for both supervised and unsupervised ML algorithms.
Tomi Engdahl says:
In Fixing GPS, Timing is Everything
https://www.eetimes.com/in-fixing-gps-timing-is-everything/
Global Navigation Satellite Systems, particularly the vulnerable U.S. Global Positioning System, represent a single point of failure that can be rendered inoperable by unintentional or intentional inference. That reality, along with over-dependence on the nearly five-decade-old satellite constellation, has forged a western consensus to accelerate development of terrestrial GPS backups and other mitigation strategies built around complementary position, navigation and timing technologies.
Known in the industry as PNT, several federal agencies are working on demonstration projects aimed at testing and developing a terrestrial backup system should GPS be knocked out by jamming, spoofing or interference aimed at the satellite constellation’s inherently weak signal.
“A clear common denominator in reducing economic and safety risk exposure due to dependence on GPS is to consider investment in complementary PNT services,” notes a January 2021 assessment from the U.S. Department of Transportation.
Tomi Engdahl says:
Facial Recognition on the Rise to Verify Payments
https://www.eetimes.com/facial-recognition-on-the-rise-to-verify-payments/
Tomi Engdahl says:
“BadAlloc” Memory allocation vulnerabilities could affect wide range
of IoT and OT devices in industrial, medical, and enterprise networks
https://msrc-blog.microsoft.com/2021/04/29/badalloc-memory-allocation-vulnerabilities-could-affect-wide-range-of-iot-and-ot-devices-in-industrial-medical-and-enterprise-networks/
Microsoft’s Section 52, the Azure Defender for IoT security research
group, recently uncovered a series of critical memory allocation
vulnerabilities in IoT and OT devices that adversaries could exploit
to bypass security controls in order to execute malicious code or
cause a system crash. These remote code execution (RCE)
vulnerabilities cover more than 25 CVEs and potentially affect a wide
range of domains, from consumer and medical IoT to Industrial IoT,
Operational Technology (OT), and industrial control systems.
Tomi Engdahl says:
BadAlloc: Microsoft Flags Major Security Holes in OT, IoT Devices
https://www.securityweek.com/badalloc-microsoft-flags-major-security-holes-ot-iot-devices
Security researchers at Microsoft are raising the alarm for multiple gaping security holes in a wide range of enterprise internet-connected devices, warning that the high-risk bugs expose businesses to remote code execution attacks.
According to an advisory from Redmond’s Azure Defender for IoT security research group, there are at least 25 documented vulnerabilities (CVEs) affecting a wide range of IoT and operational technology (OT) devices the industrial, medical, and enterprise networks.
Microsoft is calling the family of vulnerabilities “BadAlloc”.
“Our research shows that memory allocation implementations written throughout the years as part of IoT devices and embedded software have not incorporated proper input validations. Without these input validations, an attacker could exploit the memory allocation function to perform a heap overflow, resulting in execution of malicious code on a target device,” Microsoft explained.
[Adversaries] could exploit to bypass security controls in order to execute malicious code or cause a system crash, Microsoft warned.
A separate advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) provides a list of affected devices and information on applying available security patches.
According to Microsoft, the vulnerabilities exist in standard memory allocation functions spanning widely used real-time operating systems (RTOS), embedded software development kits (SDKs), and C standard library (libc) implementations.
The list of affected products include IOT/OT devices sold by Amazon, ARM, Cesanta, Google Cloud, Samsung, Texas Instruments and Tencent. US-CERT says various open-source products are also affected.
ICS Advisory (ICSA-21-119-04)
Multiple RTOS
https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04
Tomi Engdahl says:
10, 000+ unpatched home alarm systems can be deactivated remotely https://therecord.media/10000-unpatched-home-alarm-systems-can-be-deactivated-remotely/
Thousands of ABUS Secvest smart alarm systems are currently unpatched and vulnerable to a bug that would allow miscreants to remotely disable alarm systems and expose homes and corporate headquarters to intrusions and thefts. ABUS patched the bug in January, but three months later, more than 90% of its customers have yet to apply the firmware patch.
Tomi Engdahl says:
Security Gaps in IoT Access Control Threaten Devices and Users https://beta.darkreading.com/perimeter/security-gaps-in-iot-access-control-threaten-devices-and-users
A team of Internet of Things security researchers has discovered vulnerabilities in the way IoT device vendors manage access across multiple clouds and users, putting both individuals and vendors at risk.
Tomi Engdahl says:
Google backs new security standard for smartphone VPN apps https://www.zdnet.com/article/google-backs-new-security-standard-for-smartphone-vpn-apps/
The Internet of Secure Things Alliance, an IoT security certification body (a.k.a. ioXt), has launched a new security certification for mobile apps and VPNs. The new ioXt compliance program includes a ‘mobile application profile’ a set of security-related criteria against which apps can be certified. The profile or mobile app assessment includes additional requirements for virtual private network (VPN) applications.
Tomi Engdahl says:
Biden Races to Shore Up Power Grid Against Hacks https://threatpost.com/biden-power-grid-hacks/165428/
A 100-day race to boost cybersecurity will rely on incentives rather than regulation, the White House said. President Biden is putting the final details on a plan to encourage American electric utilities to strengthen their cybersecurity protections against hackers in the next
100 days, amid increasing cyberattacks.
Tomi Engdahl says:
NAME:WRECK, a potential IoT trainwreck
https://blog.malwarebytes.com/reports/2021/04/namewreck-a-potential-iot-trainwreck/
A set of vulnerabilities has been found in the way a number of popular TCP/IP stacks handle DNS requests. Potentially this could impact hundreds of millions of servers, smart devices, and industrial equipment. The researchers that discovered the vulnerabilities have named them NAME:WRECK.. For an attacker to use these vulnerabilities they have to find a way to send a malicious packet in reply to a legitimate DNS request. So the attacker will have to run a person-in-the-middle attack or be able to use an existing vulnerability like DNSpooq between the target device and the DNS server to pull this off.
Tomi Engdahl says:
Gafgyt Botnet Lifts DDoS Tricks from Mirai https://threatpost.com/gafgyt-botnet-ddos-mirai/165424/
The IoT-targeted malware has also added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices.
Huge upsurge in DDoS attacks during pandemic https://blog.malwarebytes.com/reports/2021/04/huge-upsurge-in-ddos-attacks-during-pandemic/
Tomi Engdahl says:
Hakkerit murtautuivat kotien turvakameroihin salasanoja ja lähes loputtomasti videoklippejä kaupan, hinta riippuu sisällön “mielenkiintoisuudesta”
https://www.tivi.fi/uutiset/tv/a54ea81b-c1cd-426f-a1e4-0186cfba5a8d
Kiinan kansalaiset ovat saaneet tottua siihen, että heidän tekemisiään pidetään tarkoin silmällä eikä yksityisyyttä juuri vaalita.
Valtiohallinto pitää kirjaa “sosiaalisista pisteistä”, ja lisäksi joutuu pelkäämään pahantahtoisia hakkereita, jotka saattavat tunkeutua ihmisten elämään muun muassa kotien turvakameroiden kautta.
Tomi Engdahl says:
Enisa: How to Secure the Connected & Automated Mobility (CAM) Ecosystem https://www.enisa.europa.eu/news/enisa-news/how-to-secure-the-connected-automated-mobility-cam-ecosystem
The recommendations issued contribute to the improvement and harmonisation of cybersecurity in the CAM ecosystem in the European Union.
Tomi Engdahl says:
Kaiken internet IoE vaatii vahvaa tietoturvaa
https://www.uusiteknologia.fi/2021/05/06/kaiken-internet-ioe-vaatii-vahvaa-tietoturvaa/
Internetin laajeneminen yksittäisistä kohteista kaikkialla tarjolla olevaksi kaiken internetin ratkaisuiksi vaatii tietoturvalta aivan uusia toimia. ”Kaiken internet (IoE) ilman salattua tietoliikennettä on vastuuton”, korostaa tamperelaisen Unikien toimitusjohtaja Seppo Kuula. Yritys on liittynyt suomalaisen kyberturvallisuuden järjestön Kyberala ry:n jäseneksi.
Tamperelaisen teknologiakehittäjä Unikie keskittyy toiminnassaan kolmen globaalin makrotrendin, IoE:n, 5G:n ja tekoälyn risteykseen, jossa yrityksen teknologia mahdollistaa jatkuvan tietoisuuden ympäristöstä sekä siihen perustuvan päätöksenteon ja ohjauksen.
”Tulevaisuudessa yhteiskuntien ja yritysten menestystarinat perustuvat yhä enemmän turvalliseen digitaaliseen toimintaympäristöön, jossa reaaliaikaisen dataliikenteen vahva suojaaminen ja salaaminen on itsestäänselvyys”, Kuula taustoittaa.
”Meille on tärkeää, että voimme myös FISCin kautta rakentaa älykästä ja dataturvallista toimintaympäristöä kaiken internetille”, Unikien toimitusjohtaja Kuula sanoo.
Tomi Engdahl says:
Connected Places: new NCSC security principles for ‘Smart Cities’
https://www.ncsc.gov.uk/blog-post/connected-places-new-ncsc-security-principles-for-smart-cities
NCSC Technical Director warns that ‘Connected Places’ will likely be a target for malicious actors. It wasnt a teenager accidentally taking control of nuclear command and control, or a magic box that can decrypt anything stolen and used by shady Bond villains intent on taking over the world. It was an attack against a citys centralised traffic management system in the 1969 film ‘The Italian Job’. As part of an elaborate heist, a dodgy computer professor (played by Benny
Hill) switches magnetic storage tapes for the Turin traffic control to create a gridlock. Chaos ensues, they blow the bloody doors off, and the thieves escape with the gold.
Tomi Engdahl says:
Apple AirTag jailbroken already hacked in rickroll attack https://nakedsecurity.sophos.com/2021/05/11/apple-airtag-jailbroken-already-hacked-in-rickroll-attack/
Apple recently announced a tracking device that it calls the AirTag, a new competitor in the smart label product category. The AirTag is a round button about the size of a key fob that you can attach to a suitcase, laptop or, indeed, to your keys, to help you find said item if you misplace it. If you remember those whistle-and-they-bleep-back-at-you keyrings that were all the rage for a while in the 1990s, well, this is the 21st century version of one of those. Unlike their last-millennium sonic counterparts, however, modern tracking tags come with loads more functionality, and therefore present a correspondingly greater privacy risk.
Tomi Engdahl says:
Öljyputken hakkerointi nostaa esiin kyberturvan merkityksen Öljyteollisuus jäljessä kyberhyökkäysten torjunnassa
https://www.kauppalehti.fi/uutiset/oljyputken-hakkerointi-nostaa-esiin-kyberturvan-merkityksen-oljyteollisuus-jaljessa-kyberhyokkaysten-torjunnassa/d65cf0ab-dc3f-4e41-9537-095a11e29841
Haavoittuvainen infrastruktuuri tarjoaa iskun paikkoja sekä rikollisille että vieraille valtioille. Yhdysvalloissa kyberhyökkäyksen kohteeksi joutunut öljyputki on aiheuttanut reaktioita markkinoilla ja huolta keskeisen infrastruktuurin toimintavarmuudesta. Polttoaineiden saatavuuden pelätään heikkenevän, mikäli lähes 9 000 kilometriä pitkän öljyputken sulku kestää alkuviikon yli. Ulkopoliittisen instituutin johtajan Mika Aaltolan mukaan sulun pitkittyminen voisi johtaa jopa öljyntuotannon rajoittamiseen Meksikonlahdella.
Recommendations Following the Colonial Pipeline Cyber Attack https://www.dragos.com/blog/industry-news/recommendations-following-the-colonial-pipeline-cyber-attack/
On May 7th, public reporting emerged about Colonial Pipeline operations being impacted by a ransomware incident in their IT environment, and then operators temporarily halted OT operations as a precaution. Like any pipeline, Dragos would expect Colonial Pipeline to have so many dependencies between their control and SCADA systems into their business systems that it becomes hard to reasonably delineate and separate. With this in mind, out of an abundance of caution, halting operations becomes the safest choice.
Tomi Engdahl says:
Microsoft Warns of 25 Critical Vulnerabilities in IoT, Industrial Devices
https://threatpost.com/microsoft-warns-25-critical-iot-industrial-devices/165752/
Tomi Engdahl says:
100 million more IoT devices are exposed—and they won’t be the last
Name:Wreck flaws in TCP/IP have global implications
https://www.wired.com/story/namewreck-iot-vulnerabilities-tcpip-millions-devices/
Tomi Engdahl says:
https://techcrunch.com/2021/01/29/internet-of-cars-a-driver-side-primer-on-iot-implementation/
Tomi Engdahl says:
Safety and Security in Medical Devices
Adoption of the IoT in the medical industry has had great advances, yet a cyber-attack on a hospital could have devastating implications
https://www.hackster.io/news/safety-and-security-in-medical-devices-1195f915ae8a
Tomi Engdahl says:
How to Secure the Connected & Automated Mobility (CAM) Ecosystem
The European Union Agency for Cybersecurity discloses an in-depth analysis of the cybersecurity challenges faced by the CAM sector and provides actionable recommendations to mitigate them.
https://www.enisa.europa.eu/news/enisa-news/how-to-secure-the-connected-automated-mobility-cam-ecosystem
The Connected and Automated Mobility sector in a nutshell
Today, connected vehicles, environments and infrastructures need to be designed with new capabilities and features. These capabilities and features should aim to provide:
increased safety;
better vehicle performance;
competitive digital products and services;
improved comfort;
environmental friendliness;
user-friendly systems and equipment convenient for its customers.
The Connected and Automated Mobility (CAM) sector is a whole ecosystem of services, operations and infrastructures formed by a wide variety of actors and stakeholders.
This ecosystem not only generates transformation in the industries but also considers how to meet the needs of the citizens. It is therefore intended to ensure transportation is made safer and easier. In addition, it also needs to align with the EU efforts towards cleaner, cheaper and healthier forms of private and public transport.
The recommendations proposed by ENISA aim to guide all CAM stakeholders in today’s context of growing cybersecurity threats and concerns.
In order to aggregate the information presented in the new report released today, ENISA performed surveys, interviews and an extensive desktop research of official statistics. The subsequent findings were validated through discussions with key stakeholders from the CAM sector.
The recommendations issued contribute to the improvement and harmonisation of cybersecurity in the CAM ecosystem in the European Union.
https://www.enisa.europa.eu/publications/recommendations-for-the-security-of-cam/
Tomi Engdahl says:
Connected Places: new NCSC security principles for ‘Smart Cities’
NCSC Technical Director warns that ‘Connected Places’ will likely be a target for malicious actors.
https://www.ncsc.gov.uk/blog-post/connected-places-new-ncsc-security-principles-for-smart-cities
One of the first Hollywood depictions of a cyber attack was against critical infrastructure.
It wasn’t a teenager accidentally taking control of nuclear command and control, or a magic box that can decrypt anything stolen and used by shady Bond villains intent on taking over the world.
It was an attack against a city’s centralised traffic management system in the 1969 film ‘The Italian Job’. As part of an elaborate heist, a dodgy computer professor (played by Benny Hill) switches magnetic storage tapes for the Turin traffic control to create a gridlock. Chaos ensues, they “blow the bloody doors off”, and the thieves escape with the gold.