Cyber security is an essential and underlying part of our digital future. A future in which the boundaries between technology and the physical world are blurred – The Internet of Things, operational technology, connected and autonomous vehicles, smart cities, smart homes are highlighting the trend.
Cyber security is facing a new reality and only few organisations are well prepared for this new digital future, in which machines are taking over controls of humans’ homes, routines, and even decision making processes.
Whilst organisations are transiting towards complete digital integration, the scope of cyber security is shifting towards “cyber safety” in a much broader sense. The basic cyber security triad of CIA (confidentiality, integrity, and availability) is no longer sufficient to meet new challenges of hyper-connected environments or ensure safety of an organisation’s expanded and intertwined business ecosystem.
In this new reality incorporating machine to machine communications, autonomous decision making, and omnipresence of Artificial Intelligence, all stakeholders, including suppliers, employees, clients and customers must become aware of increased cyber risks. Cyber threats have become potent enough to disrupt critical infrastructures, turn smartphones into monitoring devices, take control of driverless vehicles and put safety of healthcare patients at risk. Over the past year we have seen an increase in cross-over threats that compromise organisations’ and individuals’ privacy, security and safety. With the rapid adoption of interconnected things from home appliances, cars to medical devices, we expect a great increase in data privacy breaches, fraud and identity theft, cyber extortion, and espionage.
At CyNation, we believe that the threat landscape in 2017 and 2018 will be dominated by growing number of crimes around smart-phones and mobile devices, Internet of Things, the Cloud and IT Infrastructure.
Smartphones and Mobile Devices. Convenience drives risks.
Smartphones are an increasingly attractive target for online criminals. As a result, attacks are becoming more sophisticated and effective in stealing valuable personal data or extorting money from victims. Although Android users remain the main target, iOS devices will continue to experience effective attacks when devices do not even need to be jail-broken to be compromised.
According to IDC’s Worldwide Quarterly Mobile Phone Tracker (July 28, 2016), there are more than 1.6 billion smart-phones being used around the world today. This number is forecast to reach 6.4 billion by 2020 according to Samsung and Ericsson. Such rapid adoption, coupled with enhanced processing powers, high bandwidth connectivity (4G and 5G) and mobile payment systems such as Apple Pay, Samsung Pay and Android Pay, smart-phones are an attractive target for cyber criminals. As a result, the number of mobile phone vulnerabilities has increased dramatically by at least 200% in the past couple of years.
With many app stores accessible from desktops and laptops, users are able to browse, purchase, and remotely install apps. This provide a unique opportunity for a cross-over threats. Several Windows malwares already exploited this by stealing browser cookies for Goggle play sessions from the infected computer and used the users’ credentials to impersonate the user and remotely install apps onto the victims’ phones and tablets without their knowledge or consent. Besides the usual trick of hiding malicious code inside allegedly legitimate apps, attackers are developing more sophisticated techniques to make money from their victims. One technique we have recently seen is the use of a phishing Trojan. It tricks users into entering their banking credentials through the pop-up of a fake login page or payment form on top of a legitimate banking or shopping application. Similarly, mobile ransomware is getting more convincing by using operating systems design or authorities to intimidate the user and lure them into paying their fine or subscription by unlocking their device.
At CyNation, we usually recommend organisations and individuals to:
- Not jailbreak their devices, as this increases the likelihood of being targeted
- Pay close attention to the permissions and consents requested and required by installed apps
- Download and install apps from trusted sources only and to avoid downloading apps from unknown websites
- Update phone OS and apps as often as possible, as long as the update source is trusted
- Delete any suspicious app identified
- Change your mobile OS and app store ID every 3 months
- Install additional mobile security solutions, like mobile antivirus and anti-malware apps from trusted providers
- Automate your device back-up and keep your back-ups up to date
- Use on device encryption and remote find and wipe tools in case the device is stolen or lost
Internet of Things. It is just warming up.
The Internet of Things has arrived. Even though in its early days, we can see the impact it will have on our lives and the environment: smart devices and wearable technology download updates from the Internet; point-of-sale terminals at shops are 24/7 interconnected with the company’s central system; smart thermostat allows us to control the temperature in our homes through the internet, and connected and driverless cars are already roaming our cities’ streets.
With billions of people connected to the internet today and the number of connected devices to exceed 21 billion by 2020 (Gartner Inc., press release, November 10, 2015), IoT represents a major transformation in the digital world. In order for it to deliver the estimated two trillion USD economic benefit, manufacturers, designers and users have to address fundamental cyber security challenges. Devices that were not meant to be internet-enabled are now online and potentially open to attack. Without proactive testing, this presents an increasingly attractive target to attackers who look for easy targets and entry points to our homes and businesses – our private and professional lives.
As with all cyber security threats, some are more dangerous than others. A hacked fitness monitor may be an inconvenience, while a vulnerability in millions of cars will present a serious danger on a massive scale. Similarly, a backdoor in a medical device may give thieves access to a person’s medical records, a data confidentiality breach, but it also has the potential to lead to serious injury or even to a death.
Taking all these factors into consideration, protecting the Internet of Things and ensuring physical safety of its users requires a comprehensive and proactive approach to cyber security. If we couple this with security and privacy by design, meaning safety built into devices themselves, their underlying infrastructure and the systems that manage them, we can reach cyber safety.
As organisations embark on this transformational journey, CyNation’s assists them by:
- Adopting strong SSL/TLS encryption technology to secure devices’ connectivity and authenticity
- User threat modelling and code signing throughout the application development
- Add on-device security, such as physical un-clonable functions and embedded critical system protection
- Pen-testing their connected technology and audit it against common criteria and known security standards.
Cloud Computing and IT Infrastructure.
Cyber security, or lack if it, affects us all. Just like bacteria and viruses surround us and are not going to miraculously go away, vulnerabilities are a “natural” part of our computing ecosystems. They are here to stay whether you like it or not – acquiring ever changing forms and manifestations. A careless approach to monitoring and updating our systems will be a major cause of malware infections and cyber-attacks plagues.
With organisations moving their IT infrastructure and systems to virtual and cloud hosted environments, visibility and control of systems are reduced and almost entirely entrusted to third party service providers. As a result, the complexity of protecting businesses’ infrastructure and systems will increase and bring new cyber security challenges to the organisation and its stakeholders.
This doesn’t mean the cloud and virtual environment are less secure than traditional IT services. However, as with any system, each time a new layer is introduced to a service stack, the attack surface increases. For example: poorly configured and administrated virtual environments can allow attackers to escape from a guest virtual machine (VM) and access the native host’s operating system, alongside other VMs running on the same platform. Attackers exploiting such this type of vulnerability can steal sensitive data of any of the virtual machines in the affected system and gain elevated access to the host’s local network and systems. Other trends we’ve seen over the past two years, mostly as a result of poorly-managed security of cloud environments, are ghost-ware and two-faced malware.
In view of these threats, we recommend organisations to:
- Stay informed about emerging threats & trends
- Keep all systems and devices patched and updated
- Employ multi-layer protection
- Apply good policies and train staff well
- Control access to the infrastructure and systems on a least-privilege basis
- Ensure that you understand the settings of your cloud resources and configure them accordingly
- Read the cloud providers’ service-level agreements to learn how data in the cloud is secured
- Control access to the cloud administrator infrastructure on a “need to know basis”
- Enable event logging to keep track of who is accessing data in the cloud and when
- Always back up your system and virtual environment and keep the backups offsite
The presented above picture of the future may seem a bit gloomy and dull for a mentality that most of the organisations and individuals carry today. However, we believe that digital shift brings more opportunities than threats, and embracing cyber security mindset is the first step towards safe digital future.
If you would like to hear more about Cyber Security or CyNation, please do give us a shout.