The Internet of Things (IoT) is exponentially increasing the number and type of attack vectors, creating many new cybersecurity challenges for organizations and those responsible for defending the infrastructure. These new threats to data and physical security are a top concern for organizations as they seek ways to gain greater operational efficiencies and power new business models by expanding connections between people, process, data and things. Cisco understands that protecting all of the interactions of the IoT is crucial in enabling people and organizations to benefit from these advances.
The IoT requires new models for innovation, new architectures and new approaches to cybersecurity. With this in mind, earlier this year, we announced the Internet of Things Security Grand Challenge. As part of this industry-wide initiative, we invited the global community to propose practical security solutions to address the new security challenges the IoT and IoE presents. This initiative is one of several global efforts at Cisco to accelerate industry innovation and the adoption of breakthrough technologies that will contribute to the growth and evolution of the IoT.
Our outreach to the global community generated more than 100 entries from leading universities, businesses, industry start-ups and entrepreneurs worldwide with proposals for solutions in the following focus areas – Malware Defense, Security Credential Management and Privacy Protection.
After an extensive review process conducted by a team of experts, Cisco chose four innovative IoT security solutions as the winners of the Internet of Things Security Grand Challenge. These winners represent some of the most innovative approaches to enable people and organizations to benefit from IoT. Each winner selected was awarded $75,000 USD and is being showcased this week at the Internet of Things World Forum. The winning entries are:
- Cornell Tech and Rice University: Physical Proof-of-Presence Protocols (P4) for Transient Connections in the IoT
- Excalibur: Context-Aware Blockchain Naming / Discovery /Authentication
- Carnegie Mellon University: Dynamically Controlling IoT Privacy Risks and Trade-offs with Fog Mediation
- Aircloak and the Max Planck Institute for Software Systems: Anonymized Analytics through Cloaking
To learn more about the winners, visit https://ninesights.ninesigma.com/web/cisco-gc.
As more organizations adopt new business models related to the Internet of Everything (IoE) and IoT, their security solutions and processes must also adapt with this change. Now more than ever, organizations must be enabled to implement dynamic controls to manage the pace of change in their environments and address security incidents—before, during and after an attack.
Congratulations to the winners and for those of you who are at the IoT World Conference, be sure to check out the winning entries! www.ciscosecuritygrandchallenge.com
This post was written by Martin Lee
Old protocol versions are a fact of life. When a new improved protocol is released, products still need to support the old version for backwards compatibility. If previous versions contain weaknesses in security, yet their continued support is mandated, then security can become a major issue when a potential weakness is discovered to be a genuine vulnerability and an exploit is released.
The Transport Layer Security (TLS) protocol defines how systems can exchange data securely. The current version 1.2 dates from August 2008, however the protocol’s origins lie in the Secure Sockets Layer (SSL) standard first published in February 1995. As weaknesses in the cryptography and flaws in the protocol design were discovered, new versions of the protocol were released.
In order to maintain interoperability the most recent TLS standard requires that systems support previous versions down to SSL 3.0. The discovery of a cryptographic weakness in SSL 3.0 and the publication of an attack that can exploit this provide attackers with a means to attack TLS implementations by intercepting communications using the old SSL 3.0 protocol.
The vulnerability, assigned the Common Vulnerability and Exposure ID CVE-2014-3566, and referred to as POODLE, allows an attacker to modify the padding bytes that are inserted into SSL packets to ensure that they are of the correct length and replay modified packets to a system in order to identify the bytes within a message, one by one. This allows an attacker to discover the values of cookies used to authenticate https secured web sessions. Nevertheless, the vulnerability potentially affects any application that secures traffic using TLS, not only https traffic. Read More »
Tags: cryptography, CVE-2014-3566, POODLE, SSL, Talos, TLS
Every organization needs to face the fact that breaches can and do happen. Hackers have the resources, the expertise, and the persistence to infiltrate any organization, and there is no such thing as a 100 percent effective, silver-bullet detection technology. As security professionals, we tend to focus on what we can do to defend directly against hackers that will infiltrate a system. But, what about our own users? Increasingly we need to look at how user behavior contributes to attacks and how to deal with that.
The 2013 Verizon Data Breach Investigation Report found that 71 percent of malware attacks target user devices. And, the 2014 report finds that the use of user devices as an attack vector has been growing over time, probably because they offer an easy foot in the door. According to the 2014 Cisco Midyear Security Report, global spam is at its highest level since 2010 and that’s just one technique targeted at end users. “Watering hole” attacks, phishing, and drive-by attacks launched from mainstream websites are all popular ways to target devices. And, then there’s the shadow IT phenomenon where users will ignore approved corporate standards to use the hottest technologies or whatever device or application will help them get their job done faster, better, and easier.
Educating users is important. They need to be wise to attackers’ techniques and the dangers that unsanctioned websites and applications can present. Also, putting policies in place to restrict user behavior can go a long way toward preventing malicious attacks that often rely on relatively simple methods. But it is not enough.
Read More »
Tags: AMP, data breach, security
This post was authored by Yves Younan
Microsoft Tuesday is here once again and this month they are releasing a total of eight bulletins. Three of which are rated as critical, while the remaining five are rated as important. There’s a total of 24 CVEs this month, 20 of which were privately disclosed to Microsoft and four which are either publicly known or under active attack, making them 0-day vulnerabilities. Of those four, two are being actively attacked, while two have been publicly disclosed but do not seem to be under attack for supported software. Of the 24 CVEs, 15 are categorized as allowing remote code execution, four as elevation of privilege and three as security feature bypasses.
Read More »
Tags: 0-day, coverage, ms tuesday, rules, security, Talos
This post is co-authored by Joel Esler, Martin Lee and Craig Williams
Everyone has certain characteristics that can be recognised. This may be a way of walking, an accent, a turn of phrase or a style of dressing. If you know what to look for you can easily spot a friend or acquaintance in a crowd by knowing what characteristics to look for. Exactly the same is true for threat actors.
Each threat actor group may have certain characteristics that they display during their attack campaigns. These may be the types of malware that they use, a pattern in the naming conventions of their command and control servers, their choice of victims etc. Collecting attack data allows an observer to spot the characteristics that define each group and identify specific threat actors from the crowd of malicious activity on the internet.
Talos security and intelligence research group collects attack data from our various telemetry systems to analyse, identify and monitor threat actors through their different tactics, techniques, and procedures. Rather than give names to the different identified groups, we assign numbers to the threat actors. We frequently blog about significant attack campaigns that we discover, behind the scenes we integrate our intelligence data directly into our products. As part of our research we keep track of certain threat actor groups and their activities. In conjunction with a number of other security companies, we are taking action to highlight and disrupt the activities of the threat actors identified by us as Group 72. Read More »
Tags: APT, malware, Operation SMN, security, SMN, Talos, threats