Hacking our cars!!!

Vehicle hacking and data theft increases

Even before we get into the subject of self-driving cars, vehicles today are basically moving data factories. Modern cars are fitted with an array of GPS devices, sensors, and in-car communication and entertainment platforms that make them an increasingly profitable target for hackers and data thieves.

Criminals have learned to piggyback into private networks through connected home appliances and smart devices, thanks to the lack of security standards among the thousands of device manufacturers and service providers. Likewise, the automobile is likely to increasingly become the backdoor of choice in the coming years thanks to the growing amount of data they collect and store about our day-to-day lives. Attackers will have the choice of targeting either the vehicles themselves, perhaps using them to access email accounts and then personal information, or the cloud services where our data is routinely sent for storage and analysis. Large scale harvesting and resale of this data on the black market is highly lucrative for cybercriminals.

Another very real danger is that malicious actors could learn to compromise the digital controls and safety features of modern vehicles. The idea of hijacking autonomous cars and taking over their controls may seem far-fetched right now, but it’s a threat that’s being taken seriously by the automotive industry as well as lawmakers. During 2020, we’re likely to see more debate over this aspect of the safety of self-driving vehicles, as the regulatory framework that will allow them to operate on our roads continues to take shape.

Info provided by Bernard Marr

More on cyber attacks

“Criminals are getting more creative and hyper-focused on how they go about obtaining access to the things they need to conduct their crimes,” said Steve Ragan, the report’s principal author and Akamai security researcher. “Criminals targeting the financial services industry pay close attention to the defenses used by these organizations

, and adjust their attack patterns accordingly.”

Is there an answer to the onslaught of cyber attacks faced by financial services firms?

Shannon Simpson, cyber security and compliance director at Six Degrees, suggests an outsourced approach as one way to address security challenges. Read here

Additionally, August 2019 saw the largest credential attack against a financial service provider in Akamai’s history, which consisted of over 55 million login attempts, although this was not completely directed at APIs.

The same culprits of that incident caused another later that same month, this time targeting APIs directly and produced over 19 million attacks.

The most frequent type of attack on financial services, according to the report, was Local File Inclusion (LFI), which targets scripts running on servers to force the leak of sensitive information; this accounted for 47% of observed traffic.

SQL injection (SQLi) also made up a prominent proportion of attacks on financial services (36%).

The sector also faced a noteworthy amount of Distributed Denial of Service (DDoS) attacks; it ranked third in attack volume compared to other industries, coming in behind gaming and high-tech, but a leading proportion of 40% of unique DDoS targets were in financial services.

DDoS attacks: why size isn’t everything

Today’s DDoS attacks have evolved to become far more deceptive, complex and frequent than the simple, volumetric technique which gave the attack its name. Read here

“Security teams need to constantly consider policies, procedures, workflows, and business needs – all while fighting off attackers that are often well organised and well-funded,” Ragan continued. “Our data shows that financial services organisations are constantly improving by adopting fluid security postures, forcing criminals to change their tactics.”

Are you a ring user read this

Ring, 2FA, and a Win for Consumers

BY ASHLEY BOYD | FEB. 18, 2020 | ADVOCACY

Today, Amazon announced that two-factor authentication (2FA) is now mandatory for all Ring users. In recent months, several stories have emerged about Ring users being hacked, harassed, and spied on. This extra layer of security will help prevent further episodes.

This is positive news for consumers — and proves that even the mightiest tech companies will respond to consumer pressure. We often feel helpless about the state of online privacy and security. But when a movement of consumers, nonprofits, and journalists reaches critical mass, we can push consumer tech in a better direction.

The change comes on the heels of loud advocacy by Ring users and organizations like Mozilla and Electronic Frontier Foundation (EFF). In December, Mozilla launched a petition urging Amazon to mandate 2FA for all Ring devices, and over 8,000 consumers signed on. Meanwhile, EFF revealed that Ring shares personal data with an array of third parties. (In today’s announcement, Ring also said it is pausing certain third-party tracking and allowing users to opt out of targeted ads.)

There’s a lot of work ahead of us — both in the industry at large, and with Ring specifically. For example, extensive reporting has highlighted concerns about Ring’s ongoing partnerships with police departments across the U.S., and the way in which its Neighbors app can stoke fear, paranoia, and over-policing. But today, we’re applauding Amazon and Ring for listening to consumers and prioritizing its customers’ security.

Cyber security

New security issues and hacking techniques are emerging all the time making it impossible for businesses to completely future proof themselves from hackers. But organizations can take simple steps that can go a long way to improving security. These include putting in place strong patching and password policy, and enforcement of multi-factor authentication on every public-facing system.

Organizations should implement regular security testing of all potential attack vectors, especially if it’s something that’s changed. They need to ensure they put in place a security strategy and stick to it.

Perform awareness assessments, organize security audits, examine those controls, review that access list.

There is no room for complacency, cyber threats are changing daily, so it is more important than ever that businesses keep informed of the latest developments. A cyber attack should be seen as inevitable so security should always be at the forefront of company strategy, not an afterthought.

More on security:

97% of IT leaders majorly concerned by insider data breaches

An Egress study has found that 97% of IT leaders are concerned that data will be exposed by their own employees, leading to insider breaches 

Concerns around intentional compromise has risen within the past year.

This finding from Egress‘s Insider Data Breach Survey 2020, conducted by Opinion Matters, spelled a lack of reassurance for decision makers regarding insider breaches over the past 12 months.

Also, 78% of IT leaders surveyed said that employees have put data at risk accidentally within the last year, while 75% say that intentional compromise of data security has occurred.

While the former statistic has remained stable since 2019, the latter saw a 14% jump.

In the UK, 63% declared intentional data security compromise, while 68% said this was accidental. This contrasted with leaders in the Benelux region, 89% of whom said that data was put at risk intentionally, and 91% accidentally.

Egress CEO, Tony Pepper, said: “While they acknowledge the sustained risk of insider data breaches, bizarrely, IT leaders have not adopted new strategies or technologies to mitigate the risk.

Real-time data and cyber security: key to mitigating the risk

Kayla Matthews explores how access to real-time data can strengthen an organisation’s cyber security efforts in the face of increasing attacks. Read here

“Effectively, they are adopting a risk posture in which at least one-third of employees putting data at risk is deemed acceptable.

“The severe penalties for data breaches mean IT leaders must action better risk management strategies, using advanced tools to prevent insider data breaches.

“They also need better visibility of risk vectors; relying on employees to report incidents is not an acceptable data protection strategy.”

The most common cause of company data risk, according to leaders, is the sharing of data to personal devices.

In regards to challenges, two proportions of 24% said a lack of employee security training, and a lack of effective security systems respectively, were to blame.

23%, meanwhile, blamed a lack of awareness, and 21% said that insider breaches were mainly caused by employee's rushing tasks.

In terms of what kinds of cyber attacks were causing breaches over the past year, 41% cited phishing attacks over email, while 31% said that employees had sent information to the wrong person.

More to come soon:

Info provided by:

Aaron Hurst

Retail under pressure

A great article about how the big boys are trying to keep up with our demands to get the products fast!

https://www.scmr.com/article/retail_under_pressure