Tag Archives: Cybersecurity

Kleinschalige DDoS-aanvallen leveren het grootste gevaar op

7 Jun

Hacker (bron: FreeImages.com/Jakub Krechowicz)

Kleine DDoS-aanvallen met een beperkte omvang leveren de grootste bedreiging op voor bedrijven. Dergelijke aanvallen kunnen firewalls en intrusion prevention systems (IPS) offline brengen en security professionals afleiden, terwijl de aanvallers malware installeren op systemen van het bedrijf.

Dit meldt beveiligingsbedrijf Corero Network Security in haar ‘DDoS Trends Report’. 71% van alle DDoS-aanvallen die het bedrijf in het eerste kwartaal van 2017 heeft gedetecteerd duurde minder dan 10 minuten. 80% had een capaciteit van minder dan 1 Gbps. Dit zijn dan ook de aanvallen die Corero Network Security als kleine DDoS-aanvallen omschrijft.

Nieuwe aanvalsmethoden testen

“In plaats van hun vermogen volledig prijs te geven door grootschalige, omvangrijke DDoS-aanvallen uit te voeren die een website verlammen, stelt het gebruik van korte aanvallen kwaadwillenden in staat netwerken te testen op kwetsbaarheden en het succes van nieuwe methodes te monitoren zonder gedetecteerd te worden. De meeste cloud-gebaseerde scrubbing oplossing detecteren geen DDoS-aanvallen die minder dan 10 minuten duren. De schade is hierdoor al veroorzaakt voordat de aanvallen zelfs maar gerapporteerd kan worden”, aldus Ashley Stephenson, CEO van Corero Network Security.

“Veel niet-verzadigende aanvallen die aan het begin van dit jaar zijn waargenomen kunnen dan ook onderdeel zijn van een testfase, waarin hackers experimenteren met nieuwe technieken voordat zij deze op industriële schaal inzetten.”

Gemiddeld 4,1 cyberaanvallen per dag

Gemiddeld hebben bedrijven te maken met 4,1 cyberaanvallen per dag, wat 9% meer is dan in het laatste kwartaal van 2016. Het merendeel van de aanvallen is klein in omvang en duurt slechts kort. Wel meldt Corero een toename van 55% te zien in het aantal aanvallen met een capaciteit van meer dan 10 Gbps in verhouding met Q4 2016.

Tot slot waarschuwt Stephenson voor de komst van de Algemene Verordening Gegevensbescherming (AVG), die vanaf mei 2018 van kracht is. Zij waarschuwt dat kleinschalige DDoS-aanvallen aanvallers de mogelijkheid kunnen bieden bedrijfsnetwerken binnen te dringen en data te stelen. Het is volgens Stephenson dan ook noodzakelijk dat bedrijven goed inzicht hebben in hun netwerk om potentiële DDoS-aanvallen direct te detecteren en blokkeren.

Source: http://infosecuritymagazine.nl/2017/06/07/kleinschalige-ddos-aanvallen-leveren-het-grootste-gevaar-op/

How connected cars are turning into revenue-generating machines

29 Aug

 

At some point within the next two to three years, consumers will come to expect car connectivity to be standard, similar to the adoption curve for GPS navigation. As this new era begins, the telecom metric of ARPU will morph into ARPC (average revenue per car).

In that time frame, automotive OEMs will see a variety of revenue-generating touch points for connected vehicles at gas stations, electric charging stations and more. We also should expect progressive mobile carriers to gain prominence as essential links in the automotive value chain within those same two to three years.

Early in 2016, that transitional process began with the quiet but dramatic announcement of a statistic that few noted at the time. The industry crossed a critical threshold in the first quarter when net adds of connected cars (32 percent) rose above the net adds of smartphones (31 percent) for the very first time. At the top of the mobile carrier chain, AT&T led the world with around eight million connected cars already plugged into its network.

The next big event to watch for in the development of ARPC will be when connected cars trigger a significant redistribution of revenue among the value chain players. In this article, I will focus mostly on recurring connectivity-driven revenue. I will also explore why automakers must develop deep relationships with mobile carriers and Tier-1s to hold on to their pieces of the pie in the connected-car market by establishing control points.

After phones, cars will be the biggest category for mobile-data consumption.

It’s important to note here that my conclusions on the future of connected cars are not shared by everyone. One top industry executive at a large mobile carrier recently asked me, “Why do we need any other form of connectivity when we already have mobile phones?” Along the same lines, some connected-car analysts have suggested that eSIM technology will encourage consumers to simply add to their existing wireless plans connectivity in their cars.

Although there are differing points of view, it’s clear to me that built-in embedded-SIM for connectivity will prevail over tethering with smartphones. The role of Tier-1s will be decisive for both carriers and automakers as they build out the future of the in-car experience, including infotainment, telematics, safety, security and system integration services.

The sunset of smartphone growth

Consider the U.S. mobile market as a trendsetter for the developed world in terms of data-infused technology. You’ll notice thatphone revenues are declining. Year-over-year sales of mobiles have registered a 6.5 percent drop in North America and have had an even more dramatic 10.8 percent drop in Europe. This is because of a combination of total market saturation and economic uncertainty, which encourages consumers to hold onto their phones longer.

While consumer phone upgrades have slowed, non-phone connected devices are becoming a significant portion of net-adds and new subscriptions. TBR analyst Chris Antlitz summed up the future mobile market: “What we are seeing is that the traditional market that both carriers [AT&T and Verizon] go after is saturated, since pretty much everyone who has wanted a cell phone already has one… Both companies are getting big into IoT and machine-to-machine and that’s a big growth engine.”

At the same time, AT&T and Verizon are both showing a significant uptick in IoT revenue, even though we are still in the early days of this industry. AT&T crossed the $1 billion mark and Verizon posted earnings of $690 million in the IoT category for last year, with 29 percent of that total in the fourth quarter alone.

Data and telematics

While ARPU is on the decline, data is consuming a larger portion of the pie. Just consider some astonishing facts about data usage growth from Cisco’s Visual Networking Index 2016. Global mobile data traffic grew 74 percent over the past year, to more than 3.7 exabytes per month. Over the past 10 years, we’ve seen a 4,000X growth in data usage. After phones, cars will be the biggest category for mobile-data consumption.

Most cars have around 150 different microprocessor-controlled sub-systems built by different functional units. The complexity of integrating these systems adds to the time and cost of manufacturing. Disruptive companies like Tesla are challenging that model with a holistic design of telematics. As eSIM becomes a standard part of the telematics control unit (TCU), it could create one of the biggest disruptive domino effects the industry has seen in recent years. That’s why automakers must develop deep relationships with mobile carriers and Tier-1s.

The consumer life cycle for connected cars will initially have to be much longer than it is for smartphones.

Virtualization of our cars is inevitable. It will have to involve separate but interconnected systems because the infrastructure is inherently different for control versus convenience networks. Specifically, instrument clusters, telematics and infotainment environments have very different requirements than those of computing, storage and networking. To create a high-quality experience, automakers will have to work through hardware and software issues holistically.

Already we see Apple’s two-year iPhone release schedule expanding to a three-year span because of gentler innovations and increasing complexity. The consumer life cycle for connected cars will initially have to be much longer than it is for smartphones because of this deep integration required for all the devices, instruments and functionalities that operate the vehicle.

Five factors unique to connected cars

Disruption is everywhere within the auto industry, similar to the disruption that shook out telecom. However, there are several critical differences:

  • Interactive/informative surface. The mobile phone has one small screen with all the technology packed in behind it. Inside a car, nearly every surface could be transformed into an interactive interface. Beyond the instrumentation panel, which has been gradually claiming more real estate on the steering wheel, there will be growth in backseat and rider-side infotainment screens. (Semi-) autonomous cars will present many more possibilities.
  • Processing power. The cloud turned mobile phones into smart clients with all the heavy processing elsewhere, but each car can contain a portable data center all its own. Right now, the NVIDIA Tegra X1 mobile processor for connected cars, used to demonstrate its Drive CX cockpit visualizations, can handle one trillion floating-point operations per second (flops). That’s roughly the same computing power as a 1,600-square-foot supercomputer from the year 2000.
  • Power management. The size and weight of phones were constrained for many years by the size of the battery required. The same is true of cars, but in terms of power and processing instead of the physical size and shape of the body frame. Consider apps like Pokémon Go, which are known as battery killers because of their extensive use of the camera for augmented reality and constant GPS usage. In the backseat of a car, Pokémon Go could run phenomenally with practically no affect on the car battery. Perhaps car windows could even serve as augmented reality screens.
  • Risk factors. This is the No. 1 roadblock to connected cars right now. The jump from consumer-grade to automotive-grade security is just too great for comfort. Normally, when somebody hacks a phone, nobody gets hurt physically. Acybersecurity report this year pointed out that connected cars average 100 million lines of code, compared to only 8 million for a Lockheed Martin F-35 Lightning II fighter jet. In other words, security experts have a great deal of work to do to protect connected cars from hackers and random computer errors.
  • Emotional affinity. Phones are accessories, but a car is really an extension of the driver. You can see this aspect in the pride people display when showing off their cars and their emotional attachment to their cars. This also explains why driverless cars and services like Uber are experiencing a hard limit on their market penetration. For the same reasons, companies that can’t provide flawless connectivity in cars could face long-lasting damage to their brand reputations.

Software over hardware

The value in connected cars will increasingly concentrate in software and applications over the hardware. The connected car will have a vertical hardware stack closely integrated with a horizontal software stack. To dominate the market, a player would need to decide where their niche lies within the solution matrix.

However, no matter how you view the hardware players and service stack, there is a critical role for mobility, software and services. These three will form the framework for experiences, powered by analytics, data and connectivity. Just as content delivered over the car radio grew to be an essential channel for ad revenue in the past, the same will be true in the future as newer forms of content consumption arise from innovative content delivery systems in the connected car.

In the big picture, though, connectivity is only part of the story.

As the second-most expensive lifetime purchase (after a home) for the majority of consumers, a car is an investment unlike any other. Like fuel and maintenance, consumers will fund connectivity as a recurring expense, which we could see through a variety of vehicle touch points. There’s the potential for carriers to partner with every vehicle interaction that’s currently on the market, as well as those that will be developed in the future.

When consumers are filling up at the gas pump, they could pay via their connected car wallet. In the instance of charging electric cars while inside a store, consumers could also make payments on the go using their vehicles. The possibilities for revenue generation through connected cars are endless. Some automakers may try the Kindle-like model to bundle the hardware cost into the price of the car, but most mobile carriers will prefer it to be spread out into a more familiar pricing model with a steady stream of income.

Monetization of the connected car

Once this happens and carriers start measuring ARPC, it will force other industry players to rethink their approach more strategically. For example, bundling of mobile, car and home connectivity will be inevitable for app, data and entertainment services as an integrated experience. In the big picture, though, connectivity is only part of the story. Innovative carriers will succeed by going further and perfecting an in-car user experience that will excite consumers in ways no one can predict right now. As electric vehicles (EVs), hydrogen-powered fuel cells and advances in solar gain market practicality, cars may run without gas, but they will not run without connectivity.

The first true killer app for connected cars is likely to be some form of new media, and the monetization potential will be vast. With Gartner forecasting a market of 250 million connected cars on the road by 2020, creative methods for generating revenue streams in connected cars won’t stop there. Over the next few years, we will see partnerships proliferate among industry players, particularly mobile carriers. The ones who act fast enough to assume a leadership role in the market now will drive away with an influential status and a long-term win — if history has anything to say about it.

Note: In this case, the term “connected” brings together related concepts, such as Wi-Fi, Bluetooth and evolving cellular networks, including 3G, 4G/LTE, 5G, etc.

Featured Image: shansekala/Getty Images
Source: http://cooltechreview.net/startups/how-connected-cars-are-turning-into-revenue-generating-machines/

Power-Grid Hacked? Where’s the IoT?

1 Apr

Writing about the IoT (Internet of Things), or what was once called M2M, is something that people want to read about, a lot. It’s only recently that people are really catching on that everything is going to be connected. So when an article appeared on the front page of the USA Today about the smart grid stating that it was open to hack certainly deserved a chuckle or two, especially from people who are IoT advocates. No offense to my colleagues at the USA Today, but this nationally syndicated newspaper chain was covering the topic as if the fact that vulnerabilities could threaten lives was a breaking news story.

Ironically, there are days people talk about the IoT as if is something brand spanking new. Today newspapers and the broadcast news eagerly espouse the virtues of connected devices because there are apps or gadgets for just about everything imaginable in the IoT. We are now seeing a consumer frenzy surrounding smartphones, fitness trackers, lights, toasters, automobiles, and even baby bottles being connected.

Many people are just beginning to understand the IoT is more than connecting a computer to the Internet, or surfing the Web or watching a YouTube video. To really understand the Internet of Things is to recognize it is more than the everyday consumers gadgets that are getting all the media play these days. Much like the USA Today was so eloquently trying to point out is that the power grid is under attack every day—and what the author stated so clearly—and at any moment, it would leave millions of people without power for days or weeks. And that’s not even the worst of what could happen. Most residents do not equate the average brownout they experience for a few hours to the blackout that could be on the horizon in their neighborhood.

But again most people don’t give the IoT much thought. It’s kind of like their cellphones. Most people don’t know how they work. Nor do they care. They only care they work when and where they need it. The same holds true about their connected gadgets. Most consumers really don’t give their connected gadgets much thought until they need them for tracking their fitness, or turning on their lights or thermostats, or for finding the closest fast food restaurant when traveling in their cars. However, as more and more consumers adopt and adapt to electronic devices as part of their everyday lifestyle, this will change their attitudes and perceptions forever and the excitement for connected devices will trickle over into the enterprise. It is already happening with smart cities, with parking meters, trash pickups, snow removal, first responders, and smart utility meters.

Perhaps that is why the USA Today story has some real significance now and enterprise companies are starting to move away from just talking about the IoT to figuring out ways to implement solutions and services.

Part of the problem with the grid today is that it was designed with OMS (outage-management systems) that were configured to be reactive to signals that indicated outages and managed restoration. However, going forward the IoT systems being designed are able to prevent outages and restore services. These services, as one analyst firm says, could lead to a very bright future for the smart-grid, and as a result, projections based on these services makes sense and are very tangible.

While enterprises are looking to adopt the IoT, there seems to be a blurring of the lines between actual growth and hyperbole in market estimates. Vendors want to make huge growth predictions—50 billion devices—which currently is the buzz of the industry. However, these enormous market amplifications have already proven they will undoubtedly stall growth.

Corporate America seeks growth forecasts that are meaningful and that help deliver solutions to improve bottomline results and shareholder value. Again, one network carrier’s conjecture boasting the number of connections could quadruple by 2020, reaching more than 5 billion, doesn’t mean anything if all of these devices and connections are going to be hacked and CEOs heads are on the chopping block.

The same carrier was even quoted as saying in order for the IoT to reach these prognostications, networks must be reliable, the data from all of these connected endpoints must be able to be stored reliably and securely, infrastructures must be secure, and there must be ways to achieve device management.

If all the stars are in alignment, there is no question the IoT is poised for growth. But, that means everyone has to focus on making security a top priority to fend off the bad guys and to consider the market unknowns that can slow or delay IoT development.

That’s why the formation of groups like the ITA (Illinois Technology Assn.), www.illinoistech.org, Internet of Things Council—a public/private partnership that aims to assure civic leadership in the Internet of Things can will help companies sort through the facts from the fiction to jumpstart their initiatives.

Thus, it’s no wonder the more the industry does its crystal ball gazing, we are doing a disservice to IoT’s true potential. Even Federal Energy Regulatory Commission Chairwoman Cheryl LaFleur was pretty poignant in her remarks when she was quoted in the USA Today article referring to the potential of an attack, “One is too many, so that’s why we have to pay attention. The threats continue to evolve and we have to continue to evolve as well.”

Makes you wonder if the industry is evolving or just continuing to bandy about forecasts with little or no regard for living up to market or shareholding expectations much like it has for the past 15 years. Regardless of what you believe in all of this, the IoT is changing our lives one way or the other and it will certainly have an even greater impact on each and every business. How and when, those are the billion dollar questions.

Source: http://connectedworld.com/power-grid-hacked-wheres-the-iot/

4G LTE could spur DDoS, mobile data theft

3 Oct

Hackers can leverage high speed and data capacity of LTE networks to perpetrate distributed denial-of-service attacks on networks, and also target data on mobile devices.

The rise of 4G LTE networks can bring about security incidents such as distributed denial-of-service (DDoS) attacks on corporate and home networks, and data theft on mobile devices, industry watchers say.

According to Michela Menting, cybersecurity senior analyst at ABI Research, hackers can leverage the high speed and increased data capacity of LTE networks, and fast processing capabilities of smartphones to perpetuate DDoS attacks.

Most nations are susceptible to this as they increasingly wire up with LTE networks and smartphone adoption is increasing rapidly worldwide, she observed.

Elaborating, she noted LTE networks use Internet Protocol (IP) based communication in their transport network and base stations. Their core network point of entrance being through femtocells, a base station which acts as a wireless access point for a home or business, she pointed out.

While femtocells are popular among operators because they are a less expensive alternative to upgrade, they also require the exposure of public IP addresses of security gateways to enable communication between the end-user device and the core network, she noted. An increase in femtocell deployment could lead to more exposure to IP-based threats such as denial-of-service attacks, she said.

“Consequently, increasingly aggressive network attacks against subscriber identity management, routing and roaming, can be expected,” she added.

Mobile devices, data potentially more vulnerable Another observer Patrick Lum, senior consultant at Verizon’s risk group, noted hackers can design malware which create botnets, or centrally controlled networks of compromised systems, and they can be used for the purposes of sending spam or participating in DDoS attacks.

With LTE operating as an IP network and providing higher bandwidth, mobile phones will be a “lucrative” target for hackers looking to expand their existing botnets, Lum explained.

This will also result in a significant increase in new IPs, which could lead to hackers to create phishing attacks which can lead to data theft and loss since many users tend to store sensitive data on their mobile phones, he said.

Femtocells will be deployed wherever people and businesses need them, such as inside homes, shopping centers, airports and hospitals, Menting warned. This means it will be much easier for hackers to “wreak havoc” in specifically targeted areas, she said.

Those that provide online services such as e-commerce and Internet banking are more at risk compared to those with just a Web page, because any disruption in the online service will inevitably lead to a loss in revenue or fines from authorities, he said.

Partner telcos, ISPs, have internal DDoS plan Telcos and internet service providers (ISPs) will have to limit and mitigate threats as they happen, and continuously work to patch vulnerabilities once they are exposed, Menting suggested.

Companies can also have agreements and with the hosting provider or the ISPs providing the network service, Lim added.

“These external parties often have the ability to filter or block DDoS attacks within their own network environment before the attack reaches the victim’s networks,” he said.

Internally, companies must devise a DDoS response plan with key processes and procedures for IT personnel to follow in case of a potential attack, he said. Adequate preparation will enable companies to anticipate DDOS attacks or identifying risk, which will go a long way in preventing significant data or revenue loss for a company, he said.

Source: http://www.zdnet.com/4g-lte-could-spur-ddos-mobile-data-theft-7000005106/

%d bloggers like this: