Skip to content

The evolution of cyber threats: looking back over the past 10 years

Over the past decade, the world has witnessed a dramatic increase in cyber threats. The digital age has brought about new opportunities for innovation and growth but has also created new avenues for cybercriminals to exploit. The rise of new technologies, such as artificial intelligence, has enabled attackers to become more sophisticated in their methods.

In this blog, we will look back at the evolution of cyber threats over the past decade and explore how businesses can adapt to these changes. We will also discuss how NordLayer protects your data and resources ahead of the curve.

Upsurge of cyber threats

The past decade has seen a rise in various types of cyber threats, from ransomware attacks to social engineering tactics. One of the most notable threats is ransomware, where attackers encrypt a victim’s files and demand a ransom payment to restore access.

In 2020, ransomware attacks rose by 150% compared to the previous year, according to The Harvard Business Review. Another common threat is phishing, where attackers use social engineering tactics to trick victims into revealing sensitive information. Phishing is an effective and dangerous cybercrime because it relies on people’s inherent trust in the internet. The idea that criminals would be able to fool you into giving up private information is hard for most people to believe, which makes it easy for even well-meaning people to fall victim to a phishing attack.

Impact on businesses

The impact of cyber threats on businesses cannot be overstated. Cyber attacks can result in significant financial losses, reputational damage, and legal consequences. According to a study by IBM, the average data breach cost in 2020 was $3.86 million.

According to Forbes, small and medium-sized businesses are especially vulnerable. The impact of cyber attacks on businesses extends beyond financial losses, with reputational damage and loss of trust among customers also being significant concerns.

2009-2012: rise of advanced persistent threats (APTs)

The period between 2009 and 2012 saw a rise in advanced persistent threats (APTs). APTs are long-term attacks that focus on stealing data from a specific target and are highly sophisticated. The attackers would spend months or even years gathering information about their target before launching an attack. The goal was to steal sensitive information without being detected.

One of the biggest examples of this type of threat during this timeframe occurred in 2010, where Google and other companies were targeted in a series of APT attacks known as Operation Aurora. Attackers gained access to sensitive data and intellectual property by exploiting company software systems vulnerabilities.

Some ways to protect against APTs include:

  1. Secure VPN: A secure virtual private network (VPN) that encrypts all data transmitted between the user and the internet. This ensures that sensitive information is kept confidential and protected from cyber attackers.

  2. Next-generation firewall: A next-generation firewall can detect and block malicious traffic, including APTs. It also allows for granular control over network traffic, enabling administrators to restrict access to sensitive resources.

  3. Intrusion Prevention System (IPS): IPS uses advanced techniques to detect and prevent APTs from infiltrating the network. This includes detecting and blocking attempts to exploit network and software vulnerabilities.

  4. Threat intelligence: Ideally, a threat intelligence platform continuously monitors global threat activity and automatically updates security policies and rules to protect against new and emerging threats.

  5. User behavior analytics (UBA): A UBA solution can identify and flag abnormal user behavior that may indicate a security threat, such as an APT. This helps administrators quickly detect and respond to potential attacks.

2013-2016: ransomware and business email compromise (BEC)

Between 2013 and 2016, ransomware and Business Email Compromise (BEC) attacks rose. Ransomware is a type of malware that encrypts a victim’s files and demands payment in exchange for the decryption key. On the other hand, BEC attacks involve impersonating a senior executive and tricking employees into transferring money to a fraudulent account.

These attacks proved to be highly profitable for cybercriminals, with ransomware payments reaching billions of dollars annually. BEC attacks have also been on the rise, with the FBI reporting losses of over $1.7 billion in 2019 alone.

The WannaCry ransomware attack affected hundreds of thousands of computers in over 150 countries. The attackers demanded ransom payments in exchange for unlocking the affected systems. Another good example of these threats during this timeframe was the CEO Fraud in 2015, where tech company Ubiquiti Networks fell victim to a BEC attack that cost the company $46.7 million. The attackers posed as Ubiquiti executives and convinced employees to transfer funds to overseas accounts.

Some ways to protect against ransomware and BEC attacks include:

  1. Email filtering: This service can help protect against BEC attacks by blocking suspicious emails that may contain phishing or malware links. This helps prevent employees from falling for social engineering tactics and inadvertently giving hackers access to sensitive information.

  2. Anti-malware: A solution to detect and block ransomware before encrypting files on a company’s network. This helps prevent data loss and minimize the impact of a ransomware attack.

  3. Backup and recovery: Automated backup and recovery services can help restore data and systems during a ransomware attack. This helps minimize the damage caused by an attack and reduces the likelihood of paying a ransom to recover data.

  4. User awareness training: Employee training and awareness programs help educate staff on recognizing and reporting potential security threats such as BEC attacks. This helps employees understand how to protect themselves and the company from cyber threats.

  5. Access control: This feature allows administrators to restrict access to sensitive data and systems, helping prevent unauthorized access and reducing the risk of a successful ransomware attack.

2017-2020: Internet of Things (IoT) and artificial intelligence (AI) threats

The period between 2017 and 2020 saw the rise of Internet of Things (IoT) and Artificial Intelligence (AI) threats. This time frame saw the first cases of this type of attacks.

IoT devices are becoming increasingly popular for on-site and remote businesses, making them a prime target for cybercriminals. These devices often lack proper security measures, making them vulnerable to attacks.

Artificial intelligence plays an increasingly significant role in the evolution of cyber threats. On the one hand, AI is being used by businesses to improve security measures, such as detecting anomalous behavior and identifying potential threats. On the other hand, cybercriminals are also using AI to create more sophisticated attacks.

For example, cyber-criminals can use AI to generate realistic phishing emails that are more likely to trick victims into revealing sensitive information. AI is also being used to create deep fake videos and audio, which can be used for social engineering attacks.

The Mirai Botnet was a massive cyberattack in 2017 that compromised hundreds of thousands of IoT devices, turning them into a network of bots used to launch DDoS attacks on various websites. The botnet primarily targeted vulnerable IoT devices such as security cameras, routers, and DVRs that had weak or default login credentials.

According to a report from Wired, “Mirai was responsible for the largest DDoS attack in history, which peaked at 1.1 terabits per second and brought down the DNS provider Dyn, taking down popular websites including Twitter, Netflix, and Reddit in the process.”

Another example was the 2018 DeepLocker; a type of AI-powered malware that is designed to evade traditional cybersecurity measures by using AI algorithms to hide and remain undetected until it reaches its target.

The malware is designed only to activate when it detects a specific target, such as a particular person’s face or voice. The malware was created as a proof-of-concept by IBM’s X-Force Red team to demonstrate the potential risks of AI-powered attacks.

Some ways to protect against AI attacks include:

  1. Network segmentation: This feature can segment the company’s network, separating IoT devices from other devices and systems on the network. This can help prevent an attacker from using an IoT device as a backdoor to access the company’s sensitive data and systems.

  2. Device management: This service ensures IoT devices are configured with the proper security settings and updated with the latest firmware and security patches. This helps prevent IoT devices from becoming a vulnerability and potential targets for attackers.

  3. Behavioral analysis: Behavioral analysis detects abnormal activity in the network, which can help detect and prevent AI-based attacks. This includes monitoring the behavior of IoT devices and detecting anomalies that may indicate a potential attack.

  4. Machine learning: Machine learning utilizes algorithms to analyze network traffic and identify potential threats. This includes the ability to detect anomalies in the behavior of IoT devices, which can help identify potential AI-based attacks.

  5. Threat intelligence: Ideally, a threat intelligence platform continuously monitors global threat activity and automatically updates security policies and rules to protect against new and emerging threats, including those targeting IoT and AI systems.

2021-2022: supply chain attacks and Ransomware-as-a-Service

In 2021 and 2022, there has been a significant increase in supply chain attacks and Ransomware-as-a-Service (RaaS) attacks. Supply chain attacks involve targeting a third-party vendor to gain access to their customers’ networks. These attacks have been highly successful, with cybercriminals targeting software providers, IT companies, and cloud service providers.

RaaS attacks involve renting out ransomware to other cybercriminals for a percentage of the profits. This business model has made it easier for cybercriminals to launch attacks, resulting in a surge of ransomware attacks worldwide. According to a report by SonicWall, there were over 304.7 million ransomware attacks in the first half of 2021, a 151% increase from the same period in 2020.

One of the biggest related incidents took place In 2020. The SolarWinds supply chain attack affected multiple U.S. government agencies and corporations. The attackers compromised SolarWinds’ software updates and used them to distribute malware to their customers.

Another case worth studying is the Colonial Pipeline, a ransomware attack in 2021 that shut down a major fuel pipeline in the United States. The attackers demanded a ransom payment in exchange for restoring access to the company’s systems.

Some ways to protect against Supply Chain Attacks and Ransomware-as-a-Service attacks include:

  1. Vulnerability scanning: This service can detect vulnerabilities in software and systems that may be exploited in a supply chain attack. This includes identifying outdated software, unpatched systems, and other potential vulnerabilities.

  2. Access control: This feature allows administrators to restrict access to sensitive data and systems, helping prevent unauthorized access and reducing the risk of a supply chain attack.

  3. User awareness training: Employee training and awareness programs help educate staff on recognizing and reporting potential security threats, including supply chain attacks and ransomware-as-a-service. This helps employees understand how to protect themselves and the company from cyber threats.

  4. Anti-malware: This solution can detect and block ransomware before encrypting files on a company’s network. This helps prevent data loss and minimize the impact of a ransomware attack, including those delivered as a service.

  5. Backup and recovery: Automated backup and recovery services can help restore data and systems during a ransomware attack. This helps minimize the damage caused by an attack and reduces the likelihood of paying a ransom to recover data.

2022-present: deepfake and synthetic identity fraud

In 2022, deep fake and synthetic identity fraud attacks became increasingly prevalent. Deepfake technology involves creating realistic videos or audio recordings that can be used to spread misinformation or conduct social engineering attacks. On the other hand, synthetic identity fraud involves creating fake identities using real and fake information.

These attacks have proven to be highly effective, with cybercriminals using deep fake technology to impersonate high-level executives or political leaders to spread false information. Synthetic identity fraud has also been on the rise, with losses estimated to reach $1 billion in 2022, according to the 2022 Internet Crime Report of the Federal Bureau of Investigation.

In the article TOP 5 cyber attacks of 2022, the best examples of this type of threat can be further analyzed.

How can NordLayer help?

Cybercriminals constantly evolve their tactics, making it essential for businesses to stay up-to-date with the latest threats. Cybercriminals use fileless attacks, which do not leave a footprint on the system, and supply chain attacks, where attackers target third-party vendors to gain access to a network. By understanding these tactics, businesses can take steps to protect themselves.

The past decade has seen a rapid evolution in cyber threats, with attackers becoming more sophisticated and their tactics becoming more advanced. Businesses must adapt to these changes by implementing robust cybersecurity measures to protect their data and resources. NordLayer remains committed to providing top-notch security solutions that evolve with the changing cyber threat landscape.

Our Zero Trust Network Access solution provides secure access to resources and data, while our ML-powered (machine learning) threat detection system prevents end users from accessing potentially harmful websites that may affect business operations.

As the cybercrime landscape develops, NordLayer continues to evolve its products to protect access to data and resources. Our security solutions include access control features, network segmentation, and secure VPN.

We continuously monitor the latest threats and adapt our products to provide the most robust protection possible.

Contact NordLayer and learn how we can help you secure your business.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Concepts of Federated Identity Management

Federated Identity Management

Federated identity management enables authorized users to access multiple platforms using a single set of credentials. To learn more about it, read our text.

In the past, each website or application required a set of credentials. This meant every time you wanted to access a service, you had to create a username and password, which were stored on that platform.

Thus, when accessing the website again, it was necessary to re-enter the credentials because the users did not remain connected, even if the websites were managed by the same organization.

Also, when companies wanted to transfer user credentials from one domain to another, they had to use a new authentication system.

As the internet became more complex, developers realized this authentication system was not scalable and federated identity management would be the best solution in this regard.

In this article, we discuss federated identity management and its different concepts. To facilitate your reading, we divided the text into the following topics:

1. What Is a Federated Identity System?

2. What Is the Difference Between SSO and Federated Identity?

3. What Is SAML Federated Identity?

4. What Are the Two Components of a Federated Identity System?

5. Advantages of Federated Identity

6. senhasegura and AuthID Integration

7. About senhasegura

8. Conclusion

 

Enjoy the read!

 

1. What Is a Federated Identity System?

A federated identity is a system that enables authorized users to access different services using a single set of credentials securely and efficiently.

In practice, when a company implements this solution, its users can access Active Directory, partner websites, and web applications, among other services without logging in separately.

 

2. What Is the Difference Between SSO and Federated Identity?

Single sign-on (SSO) is a solution that allows users to access multiple platforms through a single set of credentials. In practice, when the user logs into an SSO service, they have access to connected websites and applications, without having to log in again.

That is, SSO is a feature of federated identity management and makes it possible to provide secure logins to users, while federated identity management itself provides access to resources from various organizations.

 

3. What Is SAML?

SAML (Security Assertion Markup Language) is a protocol used to enable identity providers (IdP) to pass authorization credentials to service providers (SP). With this, one can use a single set of credentials to access different services.

For standardized communications between the identity provider and service providers, SAML transactions use Extensible Markup Language (XML). SAML connects the authentication of a user’s identity to the authorization for using a service.

 

4. What Are the Two Components of a Federated Identity System?

The federated identity covers two concepts: Identity Provider (IdP) and Service Provider (SP).

The first consists of an entity that creates and manages user identities and authenticates them for other applications where IdP is required.

The second refers to an entity that provides web services. In practice, SPs do not authenticate users on their own, but need the IdP to authenticate them.

5. Advantages of Federated Identity

Federated identity management brings several advantages to users. Among them, we can highlight:

  • Improved security: In traditional authentication systems, users need to log in to each platform they access, using a set of credentials.
    In contrast, the federated option allows the user to securely authenticate across multiple websites and applications. With the reduction in the number of logins, the risks of invasion also decrease;
  • Secure resource sharing: With federated identity management, one can share resources and data without risking security. Moreover, by storing user data with an IdP, companies simplify their data management process;
  • Improved user experience: With federated identity management, users need to authenticate themselves once to have access to various services, which provides convenience in their work routine;
  • Single-point provisioning: Federated identity management also enables single-point provisioning, which facilitates user access, even if the user is outside the company area; and
  • Cost reduction: Organizations don’t need to create their own SSO solutions or manage multiple user identities, which reduces their costs.

 

6. senhasegura and AuthID Integration

senhasegura has developed integration with several identity providers. One of these providers is AuthID, a federated identity management solution that allows you to use the same login to access various services, in addition to the following benefits:

  • Integration with existing IAM in the solution in minutes ? through OpenID or API options;
  • Interruption of cyber threats;
  • Recovery and biometric MFA;
  • Elimination of password costs and risks with portable identity; and
  • Federated identity ? SaaS, cloud, and legacy applications.

 

7. About senhasegura

We, from senhasegura, are part of MT4 Tecnologia, a group of companies specializing in digital security founded in 2001 and operating in more than 50 countries.

Our main objective is to provide our public with digital sovereignty and cybersecurity, granting control over privileged actions and data and avoiding breaches and leaks of information.

For this, we follow the lifecycle of privileged access management through machine automation, before, during, and after accesses. We also:

  • Avoid interruption of companies’ activities, which may impair their performance;
  • Offer advanced PAM solutions;
  • Automatically audit privileged changes in order to identify privilege abuses;
  • Automatically audit the use of privileges;
  • Reduce cyber threats;
  • Bring organizations into compliance with audit criteria and standards such as HIPAA, PCI DSS, ISO 27001, and Sarbanes-Oxley.

 

8. Conclusion

In this article, we shared concepts related to federated identity management. If you liked our content, share it with someone who might be interested in the topic.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

23.3.8 ‘Voyager’ released

Changes compared to 23.3.7

New Features

Enhancements

  • Enhancement: Reduce peak memory usage when loading very large single files from a Storage Vault
  • Enhancement: Reduce memory usage for S3-compatible Storage destinations

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Comet
We are a team of dedicated professionals committed to developing reliable and secure backup solutions for MSP’s, Businesses and IT professionals. With over 10 years of experience in the industry, we understand the importance of having a reliable backup solution in place to protect your valuable data. That’s why we’ve developed a comprehensive suite of backup solutions that are easy to use, scalable and highly secure.

Here to guide Comet Backup through its product evolution, meet our Product Manager, Ida Lindgren

Where are you originally from?

I’m from Stockholm, Sweden and I just celebrated 5 years in New Zealand! Times flies when you are having fun! Love, family and new adventures brought me to this lovely country.

What is the one thing about Sweden that you’d like non-Swedes to know about?

We have a useful word that I don’t think many other countries have – “lagom”. It means not too much, not too little, but just the right amount and it’s a very handy word to have in your vocabulary (I think).

Also, that there are no polar bears in Sweden. It’s funny how many times I get asked that question!

How long have you been working at Comet Backup?

This is my seventh week at Comet, but it feels longer than that (in a good way)!

Before Comet, after completing a master’s degree in IT engineering and a bachelor’s in business studies, I worked as a BI Consultant in Stockholm for 8 years. When I moved here, I started working as a Senior Product Owner and I did that for almost 5 years before joining Comet.

What attracted you to Comet?

The industry was completely new to me, and I wanted to try working in a younger business that was growing fast. Having the chance to be the first dedicated product person in the company was an exciting opportunity too!

How would you describe your role as Product Manager at Comet?

In short, my role is to work closely with all Comet teams to ensure we deliver a high-quality product with a great user experience, that meets the business goals and our customers’ needs!

But to expand a bit on that, I need to keep up with industry trends, understand the market needs, know the competitor landscape, and understand what our customer needs and their pain points.

Combining this information with the business strategy, product metrics, data analytics, and all the input from Comet’s teams, I can create a product roadmap that outlines how the product will be developed and what the teams will be focused on for the next while.

Basically, as a Product Manager, you are responsible for guiding the direction of the product and its development, making sure we’re working on the right things to ensure the continued success of our product and keep growing our market share.

What was your first day at Comet like?

It was great! Everyone was so friendly and welcoming, and I’ve always enjoyed working with smart, talented, and down-to-earth people, so that has been one of the highlights here at Comet so far.

What aspects of your role challenge and excite you?

It’s wonderful how much trust, support, and freedom Comet gives me – they trust me to do the job as I see fit. I just hope I can live up to their expectations and do my part to help continue making Comet the success story it already is!

Product Managers have to juggle a lot of activities and deadlines. What best practices would you recommend for organising one’s workload?

I think a simple to-do list does the trick, but you need to make sure to re-prioritize the items on the list regularly, based on their urgency and how important they are. When I get stuck, I refer back to the product vision or strategy to figure out what should be done first (or just take a break to clear my head).

You love being out and about. Would you recommend any running or biking trails in the Canterbury area?

I think it’s really nice running or biking up the Rapaki track and then going down Victoria Park and Bowenvale Valley – it’s such a peaceful area and the views up there are great too!

What’s the most memorable or most interesting thing that’s happened to you on a trip?

In 2019 I spent three months biking around South America – the whole trip was pretty memorable, but riding through coca plantations and getting stopped by a group of suspicious-looking characters to have a beer is probably up there.

Wait, what??

Yeah it was pretty scary – we were biking around South America and this truck comes with these five guys, and you can tell they’re working at the coca plantation. They were all drinking beer and seemed to be drunk, and they stopped where we were. They were speaking Spanish and we could only understand a couple of words. Then they offered us a drink and we couldn’t say no!

There is an ongoing debate at the Comet office on whether or not pineapple should be a pizza topping. Would you care to share your thoughts on this?

Ha! No, I don’t think pineapple should be a pizza topping – but if I can stick with my pepperoni pizzas, I don´t mind if others have pineapple on their pizzas.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Comet
We are a team of dedicated professionals committed to developing reliable and secure backup solutions for MSP’s, Businesses and IT professionals. With over 10 years of experience in the industry, we understand the importance of having a reliable backup solution in place to protect your valuable data. That’s why we’ve developed a comprehensive suite of backup solutions that are easy to use, scalable and highly secure.

Distributed systems: Because a single computer can’t deal with your procrastination

Is your Windows getting out of hand? Doesn’t it know how to behave in front of guests? Is it like those children usually other people have who break down to cry as if they were boiling them?

Thankfully, Pandora FMS has the solution for you.

Windows server monitoring with Pandora FMS

Yes, the so-called system, network and application monitoring platform has features focused particularly on Windows monitoring, and the best of all, you can do it remotely or locally!

In addition, thanks to software agent installation, you can have total control of your Windows servers.

Pandora FMS offers you full monitoring of Windows servers so you may have the information you need to solve problems in real time. You no longer will have to guess what the hell is going on, with Pandora FMS you can quickly identify problems and fix them effectively.

If this sounds too good to be true… wait until you see our video, the one below, where we will show you in detail all those advantages! Join us on this tour and find out how Pandora FMS can help you take control of your Windows systems easily and effectively!

I know, I know, you loved the format! Well, if so, do not miss our next video on our channel. To date we have more than 1700 subscribers. Slick to be a channel specializing in software monitoring, right?

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Automotive IoT: Use Cases & Security

The global automotive IoT market size was valued at USD 82.7 billion in 2021 but is projected to surpass around USD 621.8 billion by 2030. In other words, IoT is massively disrupting the automotive sector, and this trend will persist as automakers look for innovative ways to set themselves apart in a fiercely competitive market. Connected cars, telematics, fleet management, and autonomous vehicles are just a few examples of how IoT is revolutionizing how we drive and maintain vehicles.

However, while these advancements offer many benefits, they also pose significant security challenges. With this in mind, let’s explore the use cases of Automotive IoT and the challenges of Automotive IoT security. By understanding the potential of IoT and its associated risks, we can better prepare ourselves for a more connected and secure future.

IoT in the Automotive Industry: Leading Use Cases

Car manufacturers and buyers alike can now harness IoT for a wide range of industrial and commercial applications. Let’s look at some prominent IoT applications in the automotive industry.

Fleet Management

IoT has transformed the way fleet managers track and manage their vehicles. Real-time GPS tracking and data analytics allow for better decision-making, reduced costs, and fleet operation optimization. Fleet managers can track vehicles in real-time, monitor driver behavior, optimize routes, and predict maintenance needs, all of which help reduce costs and increase efficiency.

Connected Cars

Automotive IoT has ushered in a new era of smart, connected cars. With Cellular Vehicle-to-Everything (CV2X) technology, vehicles can establish four types of connections: Vehicle-to-Vehicle (V2V), Vehicle-to-Infrastructure (V2I), Vehicle-to-Pedestrian (V2P), and Vehicle-to-Network (V2N). By communicating with other vehicles, pedestrians, and the environment, these internet-connected cars can share critical data to prevent accidents and facilitate emergency vehicle movement. In addition, these connected cars also inform drivers of weather conditions and accidents on the road.

Automotive Maintenance Systems

IoT-powered automotive maintenance systems allow for predictive maintenance, reducing downtime and costs. For example, sensors in the car can detect when a part is about to fail, alerting the driver or the service center in advance. This allows for proactive repairs and maintenance, reducing the risk of breakdowns and improving the overall lifespan of the vehicle.

Autonomous Vehicles

There are no autonomous vehicles without IoT. For vehicles to operate safely without human intervention (or with limited human input), they need to be in constant communication with their environments. Self-driving cars can reduce accidents, improve traffic flow, and reduce emissions. They do this by relying on a network of sensors and data analytics to operate safely and efficiently. In other words, they rely on automotive IoT.

Smart Parking

IoT-powered smart parking systems allow for real-time monitoring and management of parking spaces. As a result, drivers can be directed to available spaces, reducing the time spent searching for parking and reducing congestion. Smart parking systems also allow for automated payment, reducing the need for physical payment and the risk of fraud.

In-vehicle Infotainment and Telematics

IoT-powered in-vehicle infotainment and telematics systems offer various features and benefits, including entertainment, communication, and safety. Drivers can access real-time traffic updates, weather information, and entertainment options such as streaming music and video. In addition, telematics systems allow for remote diagnostics, vehicle tracking, and emergency response services in case of an accident. For example, in-vehicle telematics systems can communicate driver information to auto insurers or police following an accident.

Automotive IoT Security

It’s no secret that IoT devices suffer from significant security vulnerabilities, and automotive IoT is no exception here. Unfortunately, many of these devices are not designed with security in mind, leaving them open to exploitation by malicious actors.

But why exactly are automotive IoT devices so insecure? IoT devices are often small and have limited storage, meaning they lack the necessary computing power to run complex security protocols. This constraint often results in trade-offs between functionality, cost, and security, leading to devices prioritizing functionality over robust security.

And more specifically, IoT devices suffer from a range of other issues that make them vulnerable to cyberattacks, including:

  • Weak passwords & settings: IoT devices are often shipped with weak or default passwords that are easily guessable or can be found online. This makes it easy for attackers to gain access to the device and compromise the network.
  • Outdated firmware: Many IoT devices rely on third-party software libraries that can become outdated, leaving the device vulnerable to known security flaws. In some cases, it’s not possible to update this firmware.
  • Poor native device security: Some manufacturers prioritize features and functionality over security, leaving IoT devices with weak security features. Some devices may use insecure protocols or have default settings that leave them vulnerable to attack. For example, when a device communicates in plain text, all transmitted information can easily be intercepted via a Man-in-the-Middle attack.
  • Lack of standardization and regulation: IoT devices come in various shapes and sizes, with varying levels of security features, and there is no universal standard for automotive IoT security. Additionally, regulations and laws around IoT security are still evolving, making it challenging to hold manufacturers accountable for insecure devices.
  • Physical access: Unlike traditional computing devices, IoT devices are often physically accessible to attackers, making them easier to compromise.
  • Interconnectedness: IoT devices are often interconnected and communicate with each other, creating a large attack surface and making it challenging to secure the entire network.

Crucially, while other IoT devices like connected speakers or washing machines may have fewer security features, their privacy and safety risks are relatively low compared to automotive IoT devices. In contrast, if cybercriminals hack a car, they can access sensitive location and destination data and potentially manipulate essential functions like braking or steering, posing a significantly higher risk to drivers and passengers.

Combating Automotive IoT Attacks

Despite the security challenges IoT devices face, cost-effective solutions are available to help prevent attacks.

Firstly, requiring a Trusted Computing Base (TCB) can bolster network and application security. A TCB is a set of hardware and software components that work together to enforce security policies. And we can use it to protect sensitive data and ensure that only authorized applications are running.

Secondly, ensuring that all network communications are confidential and have integrity is crucial for securing IoT devices. Manufacturers can use encryption to protect data in transit and prevent attackers from intercepting sensitive information.

Thirdly, restricting application behavior can also help mitigate security risks. This can be achieved by limiting the access that applications have to sensitive data, such as geolocation information or device identifiers.

Finally, enforcing tamper resistance can make it more difficult for attackers to compromise IoT devices. For example, using hardware-based security features, such as secure boot and trusted platform modules (TPMs), can help prevent unauthorized access and tampering.

Overall, implementing these measures can help improve the security of IoT devices and reduce the risk of harmful cyber attacks.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

The Challenges of Multi-Cloud Security

Are you using multiple cloud services in your organization? If so, you’re not alone. Around 90% of large enterprises have a multi-cloud strategy. And 60% of small businesses and 76% of mid-sized organizations do too. In short, most companies are now leveraging the benefits of multi-cloud environments to optimize their operations. However, with more cloud services come more complex security challenges.

What is Multi-Cloud?

At its core, multi-cloud involves using cloud services from more than one cloud vendor. It can be as simple as using software-as-a-service (SaaS) solutions like Salesforce, Office 365, or Dropbox from different cloud vendors. However, in the enterprise, multi-cloud typically refers to the strategic use of multiple cloud providers for running critical applications and workloads. Here, cloud services tend to fall into more specific and technical use cases like platform-as-a-service (PaaS), infrastructure-as-a-service (IaaS), function-as-a-service (FaaS), and container-as-a-service (CaaS).

But why is multi-cloud so popular? Well, it gives organizations the flexibility to choose the best cloud provider for a particular workload, application, or service. This can help reduce vendor lock-in, avoid service outages, and enable better cost management.

More specifically, a multi-cloud strategy allows organizations to leverage the strengths of different cloud providers, such as the compute power of AWS, the machine learning capabilities of Google Cloud Platform, and the hybrid cloud capabilities of Microsoft Azure. Multicloud solutions are typically built on open-source, cloud-native technologies, such as Kubernetes, that all public cloud providers support.

Top Challenges of Multi-Cloud Security

As more organizations adopt multi-cloud environments to achieve greater flexibility and scalability, they are also facing an increasing number of multi-cloud security challenges. These challenges stem from the complex nature of managing security across multiple cloud providers and the unique security risks that arise from using multiple cloud services. Let’s look at the top challenges more closely.

Visibility and Control

One of the biggest challenges of multi-cloud security is maintaining visibility and control across different cloud environments. With multiple clouds, it can be challenging to gain a comprehensive view of all the assets, configurations, and activities taking place in each environment.

Data Protection

Another critical challenge is protecting data across multiple cloud environments. It’s essential to ensure that data is adequately encrypted, both in transit and at rest, to prevent unauthorized access. Additionally, organizations must ensure that they have proper backup and recovery processes in place in case of a data breach or loss. For example, a company might use Google Cloud Storage for backup and AWS S3 for primary storage but have different encryption and access control policies in each cloud, making it difficult to ensure consistent protection.

Identity and Access Management

Multi-cloud environments can also create challenges with identity and access management (IAM). Organizations must ensure that users have the proper access privileges to the resources they need in each cloud environment while also ensuring that access is revoked correctly when needed. For example, a user may have access to certain AWS resources but not Azure, leading to potential security gaps.

Compliance

Compliance with regulatory requirements is another challenge when working with multiple cloud providers. Organizations must ensure that they meet each regulatory body’s requirements across all cloud environments. For example, an organization may be subject to HIPAA compliance requirements, but AWS may have different compliance policies than Azure, leading to potential compliance gaps.

Threat Detection and Response

Finally, detecting and responding to threats across multiple cloud environments can be challenging. Therefore, it’s essential to have a unified threat detection and response strategy that can detect threats in real time and respond appropriately. For example, suppose a security event occurs in one cloud environment. Here, it can be challenging to determine if the same event is happening in another cloud environment without proper monitoring and correlation of events.

Solving Multi-Cloud’s Biggest Challenges

Adopting multi-cloud security best practices is not only essential but imperative to overcome the biggest challenges of multi-cloud security. Here are some key strategies that organizations can implement to improve their multi-cloud security posture:

  • Implement a centralized security platform: To gain visibility and control across multiple cloud environments, organizations should use a centralized security platform that provides a unified view of their security posture.
  • Use a common identity and access management framework: To ensure consistent access control across multiple clouds, organizations should use a common IAM framework. For example, using a single sign-on (SSO) solution can help ensure that users have the proper access privileges across all cloud environments.
  • Encrypt data across all cloud environments: To protect data across multiple clouds, it’s essential to encrypt data both in transit and at rest. Organizations should use consistent encryption policies across all cloud environments with tools like Azure Key Vault.
  • Conduct regular security assessments: To ensure that security policies and procedures are effective, organizations should conduct regular security assessments across all cloud environments. This can help identify potential security gaps and provide insights for improving security practices.
  • Apply automation to support your multi-cloud strategy: Automation is a crucial component of multi-cloud security best practices. By automating tasks like configuration management, vulnerability scanning, and incident response, organizations can improve their efficiency and reduce the risk of human error in managing their multi-cloud environments.
  • Build transparency into cloud costs: Cloud cost management is essential for organizations to avoid overspending on their multi-cloud environments. Implementing the right tools to monitor cloud spending across all cloud environments is critical for maintaining visibility and control. Using cloud management platforms that offer centralized management and reporting over cloud costs can help organizations build transparency into their cloud spending.

By adopting these multi-cloud security best practices, organizations can overcome the challenges of multi-cloud security and ensure the safety and security of their cloud environments.

Final Thoughts

As more organizations continue to adopt multi-cloud strategies, the importance of multi-cloud security cannot be overstated. To mitigate the potential risks associated with multi-cloud security challenges, organizations must prioritize adopting multi-cloud security best practices. Organizations must take a proactive approach to security and ensure that they have a comprehensive security strategy in place that covers all their cloud environments. By doing so, organizations can reap the benefits of multi-cloud while minimizing potential security threats.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Finding Cisco Small Business Switches

Cisco recently disclosed several highly critical vulnerabilities that affect some of their Ethernet switches designed for small businesses. With a CVSSv3 score of 9.8, these vulnerabilities (assigned CVE-2023-20024, CVE-2023-20156, and CVE-2023-20157) are due to various faults in the handling of input to the web-based management interface of these switches. Successfully exploiting one of these vulnerabilities would allow an attacker to create a denial-of-service condition or execute arbitrary code with root privileges.

Along with this disclosure, Cisco announced updated software to address these issues. However, several of the affected models are past their End-of-Life (EOL) dates and no software updates have been released for them. Users are advised to update the software on affected systems as soon as possible and if updates for their devices are available. 

Finding affected devices using runZero

You can locate Cisco switches in your organization by visiting the Asset Inventory and using the following pre-built query:

hw:"Cisco" and type:"switch"

You can also limit your search to only the affected product families, using the following pre-built query:

hw:"Cisco" and type:"switch" and (snmp.modelNames:"CBS" or snmp.modelNames:"SF2" or snmp.modelNames:"SG2" or snmp.modelNames:"SF3" or snmp.modelNames:"SG3" or snmp.modelNames:"SF5" or snmp.modelNames:"SG5")

As always, any prebuilt queries we create are available from our Queries Library. Check out the library for other useful inventory queries.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

Simplify Account Management with SafeDNS User Administration

SafeDNS offers a comprehensive User Administration feature exclusively for our Enterprise plan users. This feature enhances your control and oversight of your SafeDNS account. In this post, we will explore how User Administration works, why it is important, and the significance of logging.

How does it work?

SafeDNS User Administration allows you to create sub-accounts, namely Administrators and Auditors, to manage your primary account efficiently and securely. Administrators have their own unique login and password and possess all the permissions of the main account, except for the ability to create additional Administrators. Auditors also have their own login and password but are limited to accessing the Stats page only. They can view logs and statistics but cannot modify any settings on the dashboard. 

Note: Please be aware that Administrators and Auditors are intended for use with the Dashboard interface only and are not compatible with the SafeDNS Agent application.

Why is it important?

Enhanced Security: User Administration enhances security by granting specific access privileges to sub-accounts. With well-defined roles and permissions, you can reduce the risk of unauthorized access and potential data breaches. Implementing the principle of least privilege ensures that users only have access to the resources necessary for their tasks, strengthening overall security.

Efficient Account Management: Delegating account management tasks to Administrators allows for more efficient user onboarding, offboarding, and ongoing management. Administrators can quickly provision new accounts, adjust permissions, and remove access when necessary. This streamlines administrative processes and password management, leading to improved productivity and reduced administrative overhead.

Accountability and Compliance: User Administration contributes to accountability within your organization. By tracking all account actions, the comprehensive logging system provides a clear record of user activities, changes made, and the responsible sub-account. This level of accountability is crucial for regulatory compliance, internal auditing, and forensic investigations.

What are the logs for?

SafeDNS also provides a comprehensive logging system that captures and stores important user actions within the dashboard. The logs include details such as login/logout events, configuration changes made by the main administrator, sub-administrators, and auditors. These logs track activities such as enabling/disabling features, adding/removing entries in Allow/Deny lists, and more.

Additionally, we have created a helpful video tutorial that provides detailed instructions on how to set up the User Administration feature. This video will guide you through the process, ensuring a seamless implementation of sub-accounts for efficient account management. You can find it here.

SafeDNS User Administration and logging features offer a robust solution for effective account management and enhanced security. By delegating responsibilities through sub-accounts and leveraging detailed logging capabilities, organizations can streamline operations, maintain accountability, and ensure compliance. Explore the power of User Administration and logging with SafeDNS to fortify your network’s security and efficiency.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

SafeDNS latest award-winning achievements

We are delighted to share the news of our remarkable achievements in 2023 with Capterra. We are proud to have received multiple awards, including recognition in two categories this year: Emerging Favorite in Endpoint Protection and Cloud Security.

SafeDNS has been highlighted as a highly-rated product in the  Cloud Security Software category of Software Advice’s FrontRunner Report 2023.

We have also earned a spot in the Capterra Shortlist for endpoint protection.

Here’s our placement in the Grid report:

We are grateful to our clients for making this achievement possible! We have received exceptional reviews on Software Advice:

“Very easy to install and integrate. The service allowed for more flexible options – such as a longer whitelist of websites – as well as less complicated than Cisco Umbrella.” [Edward]

“Safedns does a great job of making DNS based administration quick and easy. Safedns also does a great job of allowing administrators to define a list of allowed sites and deny everything else. Some of the big players in this space surprisingly don’t have this functionality.” [Troy]

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.