SECURE IoT CONFERENCE
Secure IoT annual conference helps professionals and organisations understand the potential risks and vulnerabilities posed by using IoT systems and connected devices. At the conference you will meet leading security experts and learn about IoT security best practice.
AN EVER INCREASING THREAT
We are seeing an ever-increasing number and sophistication of cyber-attacks on systems and products that are using connected IoT devices. These attacks are being instigated by different types of actors including: criminals; states and state sponsored; issue-orientated hactivists (malicious insiders pose the greatest threat) and ‘script kiddies’.
IoT HACKS & RISKS
The risk and damage in terms of reputation, costs, health & safety to an organisation or individual due to poor security practice can be considerable, as is illustrated in the timeline below.
In May, the General Data Protection Regulation(EU) 2016/679 (GDPR)became enforceable. GDPR covers "security by design" in hardware and software. Data controllers are obliged to consider "data protection by design and by default".
Organisations using insecure hardware could face action under GDPR should the firmware of IoT devices prove insecure and contribute to a spillage of personal data. In other words, not checking hardware is secure before procuring it, not configuring it securely (for example, not changing bad default passwords) and not expeditiously patching vulnerabilities in firmware (and other software) used to process personal data.
If you would like to learn more about IoT Security best practice then come along to Secure IoT 2018, Internet of Things Cybersecurity conference.
- Avast's threat labs team has discovered a new malware strain (codenamed Torii) that is building “the most sophisticated botnet ever seen” and it is targeting IoT devices. In addition to sharing information regarding infected devices, the malware's communication with the Command and Control Server allows its authors to execute any code or deliver any payload to an infected device
- Ship hack 'risks chaos in English Channel - A commonly used ship-tracking technology can be hacked to spoof the size and location of boats in order to trigger other vessels' collision alarms, a researcher has discovered
- Radware Threat Research Center identified a hijacking campaign aimed at Brazilian Bank customers through their IoT devices, attempting to gain their bank credentials.
- SEC Consult researchers issued a warning about critical vulnerabilities where 9 million Xiongmai cameras, DVRs are wide open to attack
- Fitness tracker data reveal locations of military bases & personnel. Strava released a data visualisation map that showed all the activity tracked by users of its app, which allows people to record their exercise and share it with others. Users were able to identify locations including a suspected CIA base in Somalia, a Patriot missile defense system site in Yemen and US special operations bases in the Sahel region of Africa.
- Scientists at the Ruhr-Universitaet in Bochum, Germany, have discovered a way to hide inaudible commands in audio files–commands that, while imperceptible to our ears, can take control over voice assistants like Alexa, Siri, or Cortana.
- WannaCry ransomware infected over 200,000 devices infected in more than 150 Nations, this Impacted FedEx, Spanish telecoms and gas companies, French Renault car production factories, Russian interior ministry, and the U.K. National Health Service. This was the first, large scale cyber-attack that affected healthcare industry directly, by infecting tens of thousands of the NHS's hospitals' devices, including MIDs such as MRI.
- US Food & Drug Administration issued a letter calling for the voluntary recall of some 465,000 Abbott (formerly St. Jude Medical) pacemakers to reduce the risk of patient harm due to potential exploitation of cybersecurity vulnerabilities.
- Research Trend Micro revealed 83,000 industrial robots are ‘exposed’ to the public-facing internet, of which thousands are not protected with authentication
- A Freedom of Information request reveals a third of national critical infrastructure organisations have not met basic cybersecurity standards issued by the UK government.
- Hackers infiltrated a water utility’s control system and changed the levels of chemicals being used to treat tap water.
- A massive Internet Distributed Denial of Service attack which caused outages for many Web sites (including Twitter, Amazon, Spotify and Netflix) was launched with the help of hacked “Internet of Things” (IoT) devices, such as CCTV digital video recorders.
- A cyber-attack on Ukrainian electricity distribution companies caused a major power outage, with disruption to over 50 substations.
- Fiat Chrysler had to recall 1.4 million cars in US after security researchers showed that one of its cars could be hacked
- A hack attack caused massive damage at a German Steel plant