IoT and Smart Cities have become terms we are all too familiar with, but looking at the rate at which they grows, we cannot ignore the growth of the attack areas, writes PAUL WILLIAMS, Country Manager SADC, Fortinet.
Smart cities are being planned the world over. Technology development always goes through two phases for any new discipline: First – tools are developed, and infrastructure is built and enabled. And second – the technology is scaled up. In the case of smart cities, we are in the first phase, where many of the kinks and challenges are still being ironed out.
Here are some examples of services a smart city might provide:
· Coordinated energy control of air conditioners at homes during hot summer days to manage and preserve city power resources
· Directed local discounts in retail and restaurants to avoid city congestion
· An automatic fee for driving a vehicle during highly congested periods
· A smart directed parking app that automatically discounts congestion charges for parking in specific parking lots
· Real-time sensor data to warn citizens affected by allergens and irritants
· Real-time sensor data of standing water for mosquito breeding, etc.
· Vehicle-to-vehicle communication, autonomous driving technology, and infrastructure with embedded sensors to warn of things like imminent traffic jams, construction, best routes for navigation during emergencies, etc. based on real-time traffic patterns.
To enable such services, smart cities will need to deploy plenty of IoT devices and services for metering, sensing, and controlling.
The Attack Surface of Smart Cities
The increase in the size of a smart city’s IoT device footprint corresponds to an increase in the size of its attack surface.
As was seen recently in a series of IoT-based denial of service attacks, IoT devices can be compromised and hijacked into a Shadownet (an IoT-based botnet that can’t be seen or tracked using normal browsers or tools) and controlled by a command and control (C&C) center run by hackers. Alternatively, these devices and services may be attacked in order to deny services to legitimate users.
Here are some examples of what hackers and attackers can do:
· Take control of parking, traffic lights, signage, street lighting, and automated bus stops, etc. For example, changing highway signs to read “terrorist threat in area” or “danger, toxic spill ahead” could seriously disrupt traffic and cause panic among drivers.
· Direct all cars and buses to a specific area to create congestion and gridlock.
· Disable local transportation, thereby disrupting businesses and services, such as banking, because employees can’t get to work.
· Open causeways to spill sewage and untreated waste water into parks, rivers, and communities.
· Cut off access to drinking water.
· Send fake SMS directing to people to a specific location, such as a targeted business or government agency
· Remotely switching off air conditioners or furnaces during extreme temperature days
· Randomly turning on fire and burglar alarms throughout the city
Increasing the Security in Smart Cities from the Inside
While it’s not possible to secure every possible security breach in a totally connected environment, it doesn’t mean we need to go back to the Stone Age. Instead, it’s possible to take some key initial steps to strengthen the smart city’s security posture and architecture:
· Use strong encryption
· Design systems that have strong protection against tampering.
· Provide strong access control, authentication, and authorization
· Maintain detailed logging of activities
· Segment services for individual sub-systems, and then aggregate and pool data that you want to make publicly accessible
· Create centralized management, analysis, and control systems through segmented and secured administration channels to troubleshoot problems
· Set baseline standards that trigger alarms or require manual override when thresholds are crossed or anomalous behavior is detected, such as rerouting traffic or disabling water treatment.
Segmentation is the Key
With a complex smart city network, segmentation is the key. For example, the Smart Transportation network needs to be logically segmented from other smart networks, such as user services, websites, or energy networks, etc. This aids in isolating an attacks, and allows for the advanced detection of data and threats as attacks and malware move from one network zone to the other. This also divides the smart city network into security zones, which aids in compliance, monitoring internal traffic and devices, and preventing unauthorized access to restricted data and resources.
Such segmentation will ensure that the majority of the IoT components deployed across the smart city only communicate with those devices and systems they should, and only talk in the protocols they have been assigned. This will also ensure that the interior network doesn’t get hacked and can’t participate in a DDoS attack.
In a similar way, other smart networks in the city can be segmented and isolated from each other, thereby avoiding the spread of malware and reducing the impact of any hacks and attacks. Further, smart cities must make include the ability of IoT equipment to support and control such traffic an essential purchasing requirement.
Increasing the Security in Smart Cities from the Outside: DDoS Attacks
While network segmentation will ensure that the internal network is protected and its integrity and availability are preserved, we need to increase the availability of the smart city’s Internet facing properties. DDoS attacks can be easily used to overwhelm this infrastructure. Depending on the size of the pipe, and expected worst-case scenarios, city IT teams must develop and implement and effective DDoS attack mitigation strategy. This may be comprised of either an over provisioned appliance solution, or a hybrid solution consisting of appliances combined with a cloud based scrubbing center.
An over provisioned appliance solution enables you to manage DDoS attacks that are larger than your normal bandwidth usage. For example, if your normal user traffic is 1 Gbps, develop a plan for a 20 Gbps DDoS attack that includes deploying an appliance to mitigate such attacks, and provision for such potential bandwidth requirements from your service provider. If the actual attack is expected to be larger than your service provider bandwidth, however, you may need a hybrid solution that includes a cloud-based scrubber that works closely with your DDoS appliance solution.
From Smart to Smarter
As time passes, smart cities will become even smarter as they learn from researchers, from each other, and from incidents that are bound to happen.
Wannacry still alive
One and a half years after its epidemic, WannaCry ransomware tops the list of the most widespread cryptor families and the ransomware has attacked 74,621 unique users worldwide.
These attacks accounted for 28.72% of all users targeted by cryptors in Q3 2018. The percentage has risen over the last year, demonstrating more than two thirds growth against Q3 2017, when its share in cryptor attacks was 16.78%. This is just one of the main findings from Kaspersky Lab’s Q3 IT threat evolution report.
A series of cyberattacks with WannaCry cryptor occurred in May 2017 and is still considered to be one of the biggest ransomware epidemics in history. Even though Windows released a patch for its operating system to close the vulnerability exploited by EternalBlue 2 months prior to the start of the attacks, WannaCry still affected hundreds of thousands devices around the globe. As cryptors do, WannaCry turned files on victims’ computers into encrypted data and demanded ransom for decryption keys (created by threat actors to decipher the files and transform them back into the original data) making it impossible to operate the infected device.
The consequences of the WannaCry epidemic were devastating: as the victims were mainly organisations with networked systems – the work of businesses, factories and hospitals was paralysed. Even though this case demonstrated the dangers cryptors pose, and most of PCs around the world have been updated to resist the EternalBlue exploit, the statistics show that criminals still try to exploit those computers that weren’t patched and there are still plenty of them around the globe.
Overall, Kaspersky Lab security solution protected 259,867 unique users from cryptors attacks, showing a substantial rise of 39% since Q2 2018, when the figure was 158,921. The growth was rapid yet steady, with a monthly observed increase in the number of users.
“The rising share of WannaCry attacks is another reminder that epidemics don’t end as fast as they start – there are always long-running consequences. In the case of cryptors, attacks can be so severe that it is necessary to take preventive measures and patch the device, rather than deal with encrypted files later,” said Fedor Sinitsyn, security researcher at Kaspersky Lab.
To reduce the risk of infection by WannaCry and other cryptors, users are advised to:
- Always update your operating system to eliminate recent vulnerabilities and use a robust security solution with updated databases. It is also important to use the security solution that has specialised technologies to protect your data from ransomware, as Kaspersky Lab’s solutions do. Even if the newest yet unknown malware does manage to sneak through, Kaspersky Lab’s System Watcher technology is able to block and roll back all malicious changes made on a device, including the encryption of files.
- If you have bad luck and all your files are encrypted with cryptomalware, it is not recommended to pay cybercriminals, as it encourages them to continue their dirty business and infect more people’s devices. It is better to find a decryptor on the Internet – some of them are available for free here: https://noransom.kaspersky.com/
· It is also important to always have fresh backup copies of your files to be able to replace them in case they are lost (e.g. due to malware or a broken device), and store them not only on the physical object but also in cloud storage for greater reliability (don’t forget to protect your cloud storage with strong hack-proof password!)
· If you’re a business, enhance your preferred third-party security solution with the newest version of the free Kaspersky Anti-Ransomware Tool.
· To protect the corporate environment, educate your employees and IT teams, keep sensitive data separate, restrict access, and always back up everything.
· Use a dedicated security solution, such as Kaspersky Endpoint Security for Business that is powered by behaviour detection and able to roll back malicious actions. It should also include Vulnerability and Patch management features that automatically eliminates vulnerabilities and installs updates. This reduces the risk of vulnerabilities in popular software being used by cybercriminals.
· Last, but not least, remember that ransomware is a criminal offence. You shouldn’t pay. If you become a victim, report it to your local law enforcement agency.
Nokia 6.1 gets slice of Pie
HMD Global has announced that the Nokia 6.1 will start receiving Android 9 Pie – the second smartphone in the portfolio to receive the latest version of Android less than a month after the update arrived on the Nokia 7 plus.
Packed with Google’s newest software and building on the features of Android 8.0 Oreo, Android 9 Pie’s focus on artificial intelligence and machine learning gives owners a more customised and tailored experience.
Powered by the Qualcomm Snapdragon 630 Mobile Platform, the Nokia 6.1 is over 60% faster than its predecessor. Also, now offering enhanced Dual-Sight, ZEISS optics, USB-C fast-charging, Nokia spatial audio and pure, secure and up-to-date Android Oreo.
The Nokia 6.1 has been selected by Google to join the Android One family and therefore users get exclusive access to Apps Actions – a feature only available to Android One and Google Pixel devices. App Actions helps users get things done faster by predicting their next move and displaying the right action on right away.
Now with Android 9 Pie, the Nokia 6.1’s already impressive battery life is further complimented with the introduction of Adaptive Battery, an update that uses deep learning to understand usage patterns and prioritise battery power on the most important apps.
Other key features of Android 9
· Slices – Identifies relevant information on favourite apps to make them more easily accessible when needed
· Adaptive Brightness – Automatically adapts phone brightness by learning from interactions with different settings
· New system navigation – Features a single home button that provides intelligent predictions and suggestions (user enabled)