menu-close
search-icon
banner

Category Archives: Cyber Security

Cybersecurity trends to watch out for in 2020

The adoption of IoT is growing globally. Today, active sensors are monitoring and reporting on everything from weather conditions, traffic, power consumption, water pressure, among others. Smart technology is everywhere, enabling cities, people, and governments to do more.

It won’t be an exaggeration to say that the IoT boom is already here. But as more and more sensors and devices are connected to the internet, cybercriminals gain more opportunities to leverage unattended vulnerabilities. IoT botnets can compromise and leverage thousands of such devices to wreak havoc on deployments.

2019 saw a range of attacks on IoT infrastructure. Wicked, OMG Mirai, Triton, Shamoon, ADB.Miner, DoubleDoor, Hide ‘N Seek, and Mirai-Variant IoT Botnets were widely seen in cyberattacks around the world.

2020 will see hackers go after data with increased zeal. This includes highjacking devices as part of Advanced Persistent Threat attacks and using them to gain access to sensitive data and IP, which could be held for ransom. The sectors that will attract maximum attacks in South America include oil and gas, infrastructure, utilities, defense, and retail. Attacks bearing a geopolitical motive are also expected to increase this year.

Regional hackers have figured out that businesses are more willing to pay ransoms to prevent such data from being published online or on the dark web. This they are working to target devices and networks to pilfer data and record conversations of value. Another tactic gaining currency is data poisoning wherein inaccurate information is fed into decision making systems to disrupt large systems.

Publishing zero-day vulnerabilities without taking the vendor into confidence or giving them reaction time to patch devices creates a unique advantage for hackers as they can take advantage of such vulnerabilities to create widespread damage. This trend will persist in 2020, albeit with vendors turning more cooperative, responsive, and with more information being made available, lesser instances will come to the fore.

With more businesses using bots to log data in CRM\ERP or other business management software, the data accessed by such bots are becoming more critical with each passing year. By spoofing identity, hackers can gain access to critical systems and then use such bots to exfiltrate data, and since most of these bots are today working with very little monitoring, an attack could theoretically last months or even years, if they go undetected.

Three key target sectors in 2020

  • Manufacturing
  • Retail
  • Financial services

Three trends that will continue in 2020

  • Increasing reconnaissance on critical infrastructure projects
  • Phased attacks on new IoT projects
  • Price of malware sold on forums will rise further this year (because of the demand-supply imbalance)

As geopolitical faults expand, cyberwarfare has turned deadlier. Today actors sponsored by nation-states are investing in AI-based offenses to harass their adversaries. Geopolitical attacks are now targeting critical industrial systems, utilities, smart devices, renewable energy farms, offshore oil rigs, and more. With agencies finding it difficult to suppress information on such attacks from leaking out into the mass media, hackers are getting more aggressive as the impact of their work becomes more visible, monetarily rewarding, and discussed.

The global network of botnets will also grow and expand in terms of devices and countries in 2020. This is one trend that refuses to move into negative territory because of various reasons.

Sectors such as banking and financial services, healthcare, oil and gas, and retail will continue to attract attention from hackers in 2020. The attacks will get more sophisticated, and the attack signature will turn even paler as hackers use newer tactics and strategies to breach networks.

On the response front, as this article is being written, we are seeing cybersecurity being addressed through “codes of practice” and “guidelines.” The government of California has openly come out with its resolve to make businesses do more towards securing their infrastructure, and others will follow in 2020. What is still missing is a coordinated effort to address the problem at hand. Cybersecurity will remain a half-hearted battle until all stakeholders join hands and launch a concerted effort to curb the menace.

Globally, cybercrimes cost over $600 bn in damages in 2019. No nation is rich enough to afford such a colossal loss individually or collectively. Instead, if this money were to be deployed for improving healthcare, generating employment, and improving civic infrastructure, the magnitude of the damage becomes more apparent. Hopefully, 2020 will be the year where we see more coordination between stakeholders. Such a collaboration is inevitable if we are to see lasting progress in the war on cybercrimes.

Why cybersecurity can be a source of innovation for IoT projects

An interesting survey finding came my way almost a year ago that revealed that as much as 80 percent of projects falling in the Internet of Things domain didn’t utilize their data in its entirity. This means that most of the projects are configured to churn data that is futuristic in nature and may not be of much relevance to the stakeholders in the short run. This leads us to an interesting question. Can this huge volume of data being generated be put to some use after all?

There are various reasons why there is an overflow of data in such projects. The most agreeable one is that business owners are often pre-occupied with the need to get their hands on information that can justify their investments in such projects and in the process ignore data streams that cannot be monetized or deployed to improve efficiency, productivity or preventive maintenance practices. Such a myopic view can indeed lead to value stagnation in the long run for such projects.

A Spanish company had deployed a set of temperature sensors across its offices to monitor the ambient temperature. The data showed the existence of islands of significant temperature variation across floors. The company didn’t invest any time or resources in determining how such differences affect the productivity of employees or outcomes of meetings. Yes it would need a stretch of effort to figure this out but then its not impossible.

In another instance, a well-known retailer in South-East Asia is currently accessing information on supply chain efficiency across various points in the chain using IoT. However, this entity is still ignoring information on ambient weather conditions that are also collected alongside the data gathered by various sensor and device configurations. Again the weather information in this instance could be correlated with supply chain efficiency to determine the best weather conditions for movement of goods and supplies as also to avoid conditions that might adversely impact movement.

There are many such examples of businesses ignoring data already available to further their business interests.

Linking cybersecurity

IoT is one of the few enabling technologies that still have a long way to go when it comes to cybersecurity. Often times, proof of concept projectsrun without security coming into the picture in any form or manner. The capital and resources invested in the project are thus rendered vulnerable to a possible cyberattack. A sizeable one could lead to the project being shelved complety – a possibility that is not just a remote possibility but is happening more often than it should.

Given the significance that security entails,

Cybersecurity could be considered as an avenue for innovation. There is no reason why businesses shouldn’t be thinking and acting this way. Let me elaborate. For one, cybersecurity is all about doing more with all the data available. It is also about getting deeper into data to determine how and why data is behaving the way it is (is it under the influence of malware or has it been subject to some form of compromise?).

Attention to data for purposes of cybersecurity can yield remarkable results. It can make decision makers aware of the quantum and content of data that they are drawing from sensors and devices and therefore put it to better use. Financial services entities and retailers can take the lead in this arena. By making businesses delve deeper into data patterns, organizations are rendered more data-sensitive thereby opening avenues to better use and deploy data. And this could enable competitive differentiation and innovation across the enterprise.

Data awareness could also reduce the rate of failure of proof of concept projects. It could lead to customer delight as well when used in the right way to give actionable data and insights. A large aircraft manufacturer recently found out the hard way how ignoring basic data could be a perilous endeavor. The lesson, therefore, is clear and apparent.

Cybersecurity, when viewed as an enabler of innovation, could also lead to greater investments in time, attention and resources in securing enterprises. This holds good for all businesses irrespective of their size, maturity or market addressed.

To read the latest State of IoT Security reports

Download now!

Cyberattacks grew 26% on India’s IoT deployments

India has been attracting complex cyberattacks for a while now. Hackers are using a mix of complex malware, social engineering and hit and run tactics to target various facilities and IoT deployments here. In the last quarter alone, cyberattacks on the country registered a 26 percent increase and some unique samples of malware were isolated by our threat research team.

Mumbai, Delhi and Bangalore were the most attacked cities and hackers are looking at monetizing attacks while creating large scale disruption. They are also working to overload defense mechanisms in order to prevent early detection and mitigation of these attacks.

The IoT Security Report for India for the third quarter (July-September) of the calendar year 2019, highlights the continuing attention that hackers are paying to IoT and OT installations in India. The report notes attacks, attack techniques, sectors drawing attacks and the various types of malware used to attack smart cities, defense projects, manufacturing entities, retailers and other entities using IoT or OT in the country. Download this report to find out how the threat environment in the country is evolving.

To read the latest State of IoT Security report for India

Download now!

Cybersecurity trends for 2019 in the Latin America region

From Buenos Aires to Rio de Janeiro, cities all over South America are today using Internet of Things(IoT) to improve the lives of its citizens. Sensors in Brazil now warn of gas leaks before they become dangerous. Smart technology is everywhere, enabling city organizations to proactively alert people about traffic conditions, inclement weather, and other hazards.

It wont be an exaggeration to say that the region is getting ready for an IoT boom. According to a report by the Evans Corporation this year, South American developers are particularly keen on developing IoT technology; 60 percent of developers are planning IoT projects and 22 percent are already executing on them. But as more and more sensors and devices are connected to the internet, cyber criminals gain more opportunities to leverage unattended vulnerabilities. IoT botnets have the ability to compromise and leverage thousands of these devices to wreak havoc.

2018 saw a range of attacks on IoT infrastructure. Wicked, OMG Mirai, ADB.Miner, DoubleDoor, Hide ‘N Seek and Mirai-Variant IoT Botnets were widely seen in cyberattacks around the world. VPNFilter malware was behind the largest attack of the year with over half a million devices infected across over 50 countries in a single episode.

2019 will see hackers go after data with increased zeal. This include highjacking devices as part of Advanced Persistant Threat attacks and using them to gain access to sensitive data and IP which could be held for ransom. The sectors that will attract maximum attacks in South America include oil and gas, infrastructure, utilities, defense and retail. Attacks bearing a geo-political motive are also expected to increase this year.

Regional hackers have figured out that businesses are more willing to pay ransoms to prevent such data from being published online or on the dark web. This they are working to target devices and networks to pilfer data and record conversations of value.  Another tactic gaining currency is data poisoning wherein inaccurate information is fed into decision making systems to disrupt large systems.

Publishing zero-day vulnerabilities without taking the vendor into confidence or giving them reaction time to patch devices creates a unique advantage for hackers as they can take advantage of such vulnerabilities to create widespread damage.  This trend will persist in 2019 albeit with vendors turning more cooperative, lesser instances will come to the fore.

With more businesses using bots to log data in CRM\ERP or other business management software, the data accessed by such bots is becoming more critical with each passing year. By spoofing identity, hackers can gain access to critical systems and then use such bots to exfiltrate data and since most of these bots are today working with very less monitoring, an attack could theoretically last months or even years, if they go undetected.

As geo-political faults expand, cyberwarfare has turned deadlier. Today actors sponsored by nation states are investing in AI-based offenses to harass their adversaries. Geo-political attacks are now targeting critical industrial systems, utilities, smart devices, renewable energy farms, offshore oil rigs and more. With agencies finding it difficult to suppress information on such attacks from leaking out into the mass media, hackers are getting more aggressive as the impact of their work becomes more visible, monetarily rewarding and discussed.

Sectors such as banking and financial services, healthcare, oil and gas and retail will continue to attract attention from hackers in 2019. The attacks will get more sophisticated and the attack signature will turn even paler as hackers use newer tactics and strategies to breach networks.

On the response front, as this article is being written, we are clearly seeing cybersecurity being addressed through “codes of practice” and “guidelines”. The government of California has openly come out with its resolve to make businesses do more towards securing their infrastructure and others will follow in 2019. What is still missing is a coordinated effort to address the problem at hand. Cybersecurity will remain a half-hearted battle till all stakeholders join hands and launch a coordinated effort to curb the menace.

Globally, cybercrimes cost $600 in damages in 2017. No nation is rich enough to afford such a huge loss individually or collectively. Instead if this money were to be deployed for improving healthcare, generating employment and in improving civic infrastructure, the magnitude of the loss becomes more apparent.  Hopefully 2019 will be the year where we see more coordination between stakeholders. Such a collaboration is inevitable if we are to see lasting progress in the war on cybercrimes.

Get Started with Subex

Schedule a Demo
close slider





Please Enter the Value : 1 + 9 =
I consent to receive communications from Subex Limited. Confirm Opt-In