BB Cylance Threat Report
BlackBerry Limited released its annual 2020 Threat Report, which examines the latest adversarial techniques and tactics analyzed by BlackBerry Cylance threat researchers, and provides guidance organizations can leverage to mitigate risk. Key findings include the continued evolution of nation-state backed threat actor groups, the increased availability of sophisticated attack toolsets, as well as analysis on which targets are becoming more appealing to attackers and why. The report also details more select threats focused on targets like embedded technologies in connected vehicles, manufacturing and mobile devices, and those taking advantage of misconfigurations in cloud computing deployments.
“New techniques to obscure malicious payloads and distribute attacks across multiple organizations paid off for threat actors in 2019,” said Eric Cornelius, Chief Technology Officer at BlackBerry Cylance. “With the increasing ease of access to attack toolkits combined with the explosion of endpoints connected to organizations’ networks, the global threat landscape for emerging threats will only continue to escalate in 2020.”
Automotive and Retail Industries Should Brace for More Threats
The search to find and exploit vulnerabilities in the expanding attack surface has caused a shift in the industries most often targeted by malicious actors, particularly towards the automotive sector. For example, BlackBerry Cylance researchers discovered new backdoors being deployed by APT group OceanLotus (APT 32) in a 2019 campaign targeting multinational automotive manufacturers. As more vehicles become connected – and the attention given to potential outcomes of cyberattacks on vehicles increases – attacks against this sector are anticipated to grow. As such, the industry must continue investing in cybersecurity processes and secure connected software to ensure public trust in the transportation technologies of the future.
Additionally, Cylance researchers found that retail and wholesale remained the most targeted sectors, where almost a quarter (23%) of all retailers suffered a compromise of sensitive financial information. Three of the most prevalent threats of 2019 – Emotet, Ramnit and Upatre – all focused on retail organizations. Coinmining operations also had a focus on retailers, with 47% of attacks impacting that sector.
The report also spotlighted other unique threats facing a range of industry verticals including:
- Technology/Software: Where attacks typically have a focus on stealing intellectual property, over a quarter (26%) were victims of ransomware specifically.
- Service Providers: This industry’s customer base was leveraged by threat actors to increase malicious distributions using remote management tools like Go2Assist and NinjaRMM.
- Healthcare: Healthcare organizations were more likely to pay ransoms than other industries due to the critical nature of the targeted data.
- Government: Attacks against government entities can have cascading effects that not only impact critical national infrastructure, but impact individuals as well given the significant quantities of personally identifiable information they store.
“Threat intelligence on APT groups can help organizations understand who is attacking their enterprise, and the actor’s mode of operations and motives, in order to be more proactive in protecting vulnerable systems against advanced threats,” said Brian Robison, Chief Evangelist at BlackBerry Cylance. “In 2020, AI and machine learning will continue to prove critical for threat prevention and remediation strategies because of the advantage they offer through continuous learning and proactive threat modelling of attacks that continue to become more complex.”
Additional Key Findings in the 2020 Annual Threat Report
- Coinmining attacks become more commonplace as cryptocurrency prevails: Criminals recognized an opportunity to passively generate revenue by infecting cryptocurrency machines.
- MSSPs are becoming high-value targets for threat actors: New ransomware called Sodinokibi caused mass disruption by infiltrating hosted environments.
- Data loss is increasing because of cloud misconfiguration: Misconfigured cloud resources led to a total of over seven billion records being publicly exposed in 2019. This number is only expected to increase with cloud investments estimated to reach $49.1 billion in 2020.
- Continued evolution of ransomware tactics: An increased availability of Ransomware-as-a-Service (RaaS) offerings, and instances where ransomware developers have collaborated with banking trojan developers to exfiltrate data prior to encryption, are being used to further extort victims.
- Increased use of host-encrypted malware: Static analysis of host-encrypted malware is almost impossible in a lab, decreasing defenders’ understanding of the malicious code and the ability for security solutions to block it.
Fujitsu & Upstream Partner
Fujitsu Limited and Upstream Security Ltd., cutting-edge security solution provider for connected vehicles, today announced a partnership for vehicle cybersecurity. The companies will collaborate in the development of security operations solutions for connected vehicles.
As more vehicles are connected to the network, they are increasingly prone to the growing risk of cyber-attacks. International and domestic committees such as UNECE/WP.29(1) have already started discussing regulation and standardization of cyber security for connected vehicles. Car manufacturers and fleet operators need to address and protect against vehicle data loss and unlawful vehicle application control, while developing solutions for security operations.
Upstream C4 is a cloud-based automotive cybersecurity solution that leverages AutoThreat (™) Intelligence, the industry’s first automotive threat feed. Driven by data, the solution protects connected vehicles and smart mobility services against cybersecurity threats. By integrating such solution with Fujitsu’s ICT-SOC (ICT- Security Operation Center) solution and big data processing technology, the two companies will develop a comprehensive connected vehicle security solution that can detect the threats not only in vehicle side but also in center side. The solution will be gradually rolled out during 2020 for car manufacturers and other mobility companies in Japan, North America and Europe.
“Fujitsu will strengthen partnership with Upstream to realize safety and security for the mobility business,” said Junichi Azuma, Corporate Executive Officer and EVP, Head of Private Enterprise Busines.
InfiniDome’s OtoSphere GPS Protections
infiniDome Ltd., the Wireless Security Company, announced today the launching of OtoSphere™, the world’s first GPS Cyber protection solution tailored for commercial and consumer vehicles.
“Cash In Transit, High-end Cargo Transportation and Autonomous Vehicle Applications all depend on GPS for localization, timing and monitoring”, said Omer Sharar, infiniDome CEO. “Without protection, all of these applications are completely disabled today by a $30 GPS jammer bought online.”
“OtoSphere™ mitigates a real threat of GPS attacks by cargo thieves against commercial vehicles,” said Gai Mar-Chaim, Senior Partner at the management consulting firm POC. “According to DHL 2018 Annual Risk Report, Cargo Theft is considered the number 2 risk factor to cargo transportation causing billions of dollars of damages worldwide.”
“When protected with infiniDome’s OtoSphere™, vehicles are able to DETECT an attack, ALERT the system and SOC and PROTECT the system allowing it to continue normal operations,” said Moshe Kaplan, infiniDome CTO. “OtoSphere™ is built to be either added on to any GPS system as a retrofit module installed inline between the GPS receiver and two antennas or as an OEM, retrofitted inside of any telematics system”.
“infiniDome’s OtoSphere™ comes with a proprietary GPS Cyber Protection Cloud,” said Ben Sandford, infiniDome VP Sales. “It collects all attack data from the protected vehicles in the field and allows for real-time attack alerts including where the attack took place, its duration and allows this critical data to be integrated and aggregated into the fleet’s Security Operation Center.”
Garrett Motion Contracted by Automaker
Garrett Motion recently secured a contract to implement its cyber solution on a mass-market production vehicle to be launched in the coming months with a major global automaker. Garrett on-board and off-board software solutions help to safeguard vehicles from cyber-attacks while simultaneously identifying other relevant vehicle defects, and understanding their root causes.
Below is a Q&A with Garrett Senior Vice President & Chief Technology Officer Craig Balis about the company’s cybersecurity approach and its importance to the future of safe and reliable connected vehicles.
Why does vehicle cybersecurity matter and are vehicles protected today?
It has been demonstrated that today’s cars can be hacked. Hackers take advantage of unprotected entry points – like a key fob, Bluetooth connection or the diagnostic port that exists on every modern vehicle – to gain access to the vehicle’s on-board computer and inject malicious software that can mimic normal commands. This means a stranger near your car, or even on the other side of the world, can potentially unlock doors, roll the windows down, or even manipulate the brakes and other essential safety systems. But the risks extend past the physical realm – location data, personal information and more can be compromised if hacked.
High-profile “white hat” hacks, which are typically done by cybersecurity specialists to expose vulnerabilities, in recent years have prompted OEMs to address their vehicle’s cyber weaknesses. Although some automotive players have patched some vulnerable components, today’s vehicles were not designed with security in mind, and may not be technically capable of adopting the on-board cyber solutions needed to fully protect cars, as recommended by several standards around the globe.
Implementing an effective cybersecurity solution is not a one-off action – it requires constant updates and monitoring. In the same way a PC requires regular upgrades to its anti-virus software, vehicles require the same level of attention. Understanding the auto industry’s development cycles, sensitivity to cost and complex ecosystem, it will take several years before full detection, protection, reporting and update mechanisms could be in place on all vehicles.
What does it take for vehicle and its ecosystem to be cyber-secure?
In the past, automotive cybersecurity typically focused on protecting a company’s vital internal files, like intellectual property, employee information, and customer data. Vehicles and ecosystems were not designed with security in mind, but this is changing. As connectivity brings many new use cases and applications that serve the entire ecosystem (predictive maintenance, use-based insurance, additional on-board streaming, etc.), automakers are now looking at cybersecurity holistically. This spans from the facilities where the vehicles are designed, the plants in which they are assembled, dealership tools and inventory systems, the communication channels to the vehicles, and finally, to the vehicle itself.
Several standards exist around the world today and they all converge on the same point – for effective cyber protection, vehicles need to adopt a multi-layer security system made of core ECU (Electronic Control Unit) functions protection, detection of new anomalies within the ECU or the vehicle networks, reporting and update mechanisms.
Cyber-securing a vehicle is an immense task, and the industry is getting more organized to address it on an individual basis and also collectively through groups like Auto-ISAC, which take aim at sharing information related to cybersecurity. Although the spirit of competition is high in the automotive world, cyber security can be an area where the key players opt to collaborate on generalized areas like best-practice industry standards as well as specific areas like emerging threat detection.
Is anything being done at the regulatory level?
In many places in the world we see standards and regulations coming into play. First, it focused on customer data protection, and now it is shifting toward vehicle security and safety. The California Consumer Privacy Act (CCPA), Europe’s General Data Protection Regulation (GDPR), China’s Cyber Act, the United Nations, International Organization of Standardization (ISO), Society of Automotive Engineers (SAE), all focus on cybersecurity regulations and standards definition for development and application to better protect drivers, passengers and vehicle manufacturers. Some regulations and industry standards are already in place, while more will be enforced starting in 2022 in Europe.
What is Garrett’s role and expertise in vehicle cybersecurity?
As an automotive technology supplier for more than 65 years, Garrett has relationships with nearly every global automaker. This global reach and experience provides our team with a deep understanding of how the industry works, from passenger automobiles to commercial on- and off-highway vehicles. Garrett’s legacy as an innovator and problem-solver contributes to its current role for taking on the underserved industry need for monitoring vehicle health, including cybersecurity. Garrett’s history has given the company access and means to translate cyber solutions applied in numerous industries, from homes and buildings to aerospace and, now, automotive, where we offer Intrusion Detection System (IDS) and Security Operation Center tools.
We are unique in this regard; not many Tier 1 suppliers, if any, bring our cross-industry experience and are able to accurately translate vehicle data into something actionable. Garrett has developed a unique methodology to understand the nature of an issue and its root cause, allowing it to be quickly addressed by the automaker or fleet owner.
Other industries have addressed the cybersecurity problem for a long time – can the automotive industry use those solutions?
Yes, of course. The key question is “how?” A car is not a personal computer nor a server. It is very complex even in just considering the number of models within a single carmaker’s brand. Additionally, the application of different driving styles and operating conditions, as well as vehicles changing hands across multiple owners and drivers all create variation. So, monitoring in real-time is not an easy accomplishment as the computing capabilities are still growing. It’s also important to point out the automotive industry is extremely sensitive to cost; any additional content or features on a vehicle must be effective and efficient.
Garrett’s software history trickles down from across industries, such as aerospace, defense, and oil and gas refining. Garrett’s foundation is built upon this ability to translate existing intrusion detection, protection, reporting, monitoring, and updating mechanism for the automotive world. These IT solutions covering back-end servers, manufacturing plants, and sensitive ground-to-air communication channels are absolutely applicable – and critical – to the automotive industry.
Read all Automotive Cybersecurity.
You are welcome to subscribe to receive email notification of publication of Connected Car News Cybersecurity, you can also get weekly news summaries or daily emails.