You think you have cyber security problems now, with ‘nothing’ more to worry about then a fleet of laptops, desktops, smart phones, some servers and a light dusting of cloud services. Well to quote Bachman-Turner Overdrive, “You Ain’t Seen Nothing Yet”.
Heading your way at an accelerated rate of knots is the Internet Of Things (IoT). Already there are IoT devices available on the high street that attempt to rework your house into a pale imitation of the Jetsons home. IoT is predicted to become a serious business and Gartner predict that 6.4billion connected ‘things’ will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. In 2016, they predict that 5.5 million new things will get connected every day. However, it does feel like the collective technology industry has not learned from the past and gaping security holes are left in these ‘things’ and are being exploited by cyber thieves.
The website ‘Krebs On Security’ discussed this topic after it came to light that an internet camera from the company Foscam came with peer to peer networking built in. The site explains these cameras were punching through firewalls, as peer to peer networking is designed to do, and was communicating with iotcplatform.com, a domain registered to Chinese communications firm ThroughTek Co. Ltd. By all accounts this is bad news as, and I quote, “It opens up all Foscam users not only to attacks on their cameras themselves (which may be very sensitive), but an exploit of the camera also enables further intrusions into the home network,”. This kind of security shortfall is going to fuel the fear that so many companies already have over adopting an IoT strategy. It almost seems counter intuitive to me that hardware companies do not start resolving security shortfalls and then use that as part of their sales strategy. We don’t all just want functionality, we want security, safety and protection. Nobody would by a car without the security of airbags, seat belts and crumple zones, but we will buy technology devices with no such security and the ability to effect our lives in incredibly damaging ways.
The insider threat is still making headlines as it develops into all manner of differing styles of attack. An accidental threat through employee negligence is one, then you have the disgruntled employee who wishes to help themselves to the organisations electronic crown jewels, before inflicting some element of damage upon it. Both were usually regarded as the main threats but an insightful article (free download) on the Stratfor website illustrated a few more. They referred to a recent story whereby Apple employees in Ireland were being offered up to €20,000 (Euros) for valid login credentials by malicious individuals. They say that everybody has a price, lets hope that this doesn’t become increasingly true in cyber crime circles.
One doomsday scenario that must have Hollywood scriptwriters scribbling like crazy is the concept that an inflight airliner can be cyber jacked. With more and more planes offering inflight WiFi and the possibility that entertainment, communication, navigation and control systems do interoperate could it actually happen? According to the BBC cyber security has been a hot topic at the recent Singapore Airshow. Although cyber jacking is still being dismissed by many experts the conspiracy theories surrounding the missing Malaysian Airliner, MH370, that disappeared almost 2 years ago continue to propagate. These theories would like us all to believe that this was a case of cyber jacking! I do hope that the airline manufacturers and operators can put the publics fear to rest as it seems that if left unchecked cyber security can be rightly or wrongly blamed for almost anything!
The FBI have been in many minds this week with regard to their stand off with Apple over wanting access to the iPhone of a deceased terrorist. This story continues to play out with no conclusion, however the FBI have been looking into another cyber related case. They are investigating why a Hollywood hospital payed a ransom after a malware attack. The LA Times stated that the “Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoin to a hacker who seized control of the hospital’s computer systems and would give back access only when the money was paid”. The hospital paid the ransom as it was the quickest and most efficient way to restore their systems and administrative functions. The overriding concern was for that of patient care which would have been potentially compromised. What a terrible decision to have to make – literally held to ransom! That must be the worst situation any business leader can find themselves in. The LA Times stated that; “Ransom attacks are still relatively rare. But cyberattacks on hospitals have become more common in recent years as hackers pursue personal information they can use for fraud schemes”. I wonder how the hacker got in? Let’s hope it wasn’t through a misconfigured IoT security camera, or by paying a low level hospital staff member for their login credentials!
For links to all these stories and more, or to contribute with some comments join us by searching for the National Cyber Skills Centre on our social channels of FaceBook, LinkedIn and Twitter, or just click the relevant links from our website.