Tag Archive for: IoT

EU to Force IoT, Wireless Device Makers to Improve Security

/in


The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices.

In an amendment to the EU’s 2014 Radio Equipment Directive (RED), the European Commission noted that as wireless devices, from mobile phones to fitness trackers to smart watches, become increasingly embedded into everyday consumer and business life, they also become a greater security risk.

The goal of the amendment – called a “delegated act” – is to ensure that all wireless devices are safe before they are sold in the EU. Manufacturers will be required to adhere to the new cybersecurity safeguards when designing and producing these products. In addition, the amendment also will ensure greater privacy of personal data, prevent financial fraud, and improve resilience in European communications networks, according to EU officials.

“Cyberthreats evolve fast,” Thierry Breton, commissioner for the Internal Market, said in a statement. “They are increasingly complex and adaptable. With the requirements we are introducing today, we will greatly improve the security of a broad range of products, and strengthen our resilience against cyberthreats, in line with our digital ambitions in Europe.”

The U.S. has made some strides on IoT security at the federal level; it remains to be seen if the EU initiative will spur the U.S. to greater action or result in a general improvement in device security.

Common EU Security Standards

It’s also part of a larger EU effort to create a comprehensive set of common cybersecurity standards for products and services that come into the European market, Breton said.

That said, it will take a while for the market to see the results of the amendment, which was announced in late October. It will need the approval of the European Council and European Parliament and then undergo a two-month period of review and scrutiny. Once in place, manufacturers will have 30 months to begin meeting the new legal requirements, giving them until mid-2024 to bring the devices into compliance.

The amendment addresses the ongoing concern about security at a time when the use of wireless devices and the IoT…

Source…

Cyber Security Introduction (Cyber Security Part 1)

/in



Internet of Things (IoT) Security Trends in 2021

/in


While work from home has generated a whole new level of security threats, the Internet of Things (IoT) promises to up the ante even further.

Think about the havoc caused by hundreds of millions of people suddenly working from home. This severely weakened and, in some cases, overwhelmed corporate security defenses. IoT could magnify such challenges. 

IoT may not be top of mind right now due to the scourge of ransomware. But it will no doubt rise again as the number of connected things grows exponentially.  

5 Trends in IoT Security

1. Another major expansion of the organizational perimeter

The IoT magnifies the threat level by several orders of magnitude. We are talking here about tens of billions of connected devices.

IDC estimates that 41.6 billion connected IoT devices or things will be generating 79.4 ZB of data by 2025. Every one of them opens a door to the enterprise.  

Vendors have already come out with some IoT security-related tools. But the market remains largely in its infancy. Once the threat becomes more real, vendor offerings will multiply and grow in sophistication. For organizations, this all adds up to them having to secure an ever-widening net. 

2. IoT will generate a LOT more data

With the growth of connected IoT devices will come another major rise in data.

There is a debate ongoing as to where that data will reside. Some say almost all will stay at the edge. Others want a lot more of it sent to major data centers. Regardless, data must be secured. Even if it is only information concerning the location of a car for a few moments, anyone being lax on access to that data will catch serious privacy heat. 

Whether data is at the edge, in the data center, or in the cloud, all of it will have to be fully secured. 

“We see a rise in edge computing devices that will reduce computer power in the IoT devices, but these will need to be managed and secured,” said Ashley Leonard, president and CEO of Syxsense.

He made the point that the impact of IoT will be further magnified once 5G really gains traction. 

“5G and IoT will revolutionize the way we work and communicate but most importantly, the way we access information,” Leonard said. “Current IT…

Source…

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris” – Krebs on Security

/in


On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from “Meris,” the same new botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer.

Cloudflare recently wrote about its attack, which clocked in at 17.2 million bogus requests-per-second. To put that in perspective, Cloudflare serves over 25 million HTTP requests per second on average.

In its Aug. 19 writeup, Cloudflare neglected to assign a name to the botnet behind the attack. But on Thursday DDoS protection firm Qrator Labs identified the culprit — “Meris” — a new monster that first emerged at the end of June 2021.

Qrator says Meris has launched even bigger attacks since: A titanic and ongoing DDoS that hit Russian Internet search giant Yandex last week is estimated to have been launched by roughly 250,000 malware-infected devices globally, sending 21.8 million bogus requests-per-second.

While last night’s Meris attack on this site was far smaller than the recent Cloudflare DDoS, it was far larger than the Mirai DDoS attack in 2016 that held KrebsOnSecurity offline for nearly four days. The traffic deluge from Thursday’s attack on this site was was more than four times what Mirai threw at this site five years ago. This latest attack involved more than two million requests-per-second. By comparison, the 2016 Mirai DDoS generated approximately 450,000 requests-per-second.

According to Qrator, which is working with Yandex on combating the attack, Meris appears to be made up of Internet routers produced by MikroTik. Qrator says the United States is home to the most number of MikroTik routers that are potentially vulnerable to compromise by Meris — with more than 42 percent of the world’s MikroTik systems connected to the Internet (followed by China — 18.9 percent– and a long tail of one- and two-percent countries).

The darker areas indicate larger concentrations of potentially vulnerable MikroTik routers. Qrator says there are about 328,000 MikroTik devices currently responding to requests from…

Source…