Attacks on smart supply chains and medical tech lead cyber security threats

TÜV Rheinland has released its seventh annual report on Cybersecurity Trends for 2020. In it, the Cologne, Germany-based provider of international testing, inspection and certification services, identifies attacks on smart supply chains, threats to medical equipment and weaknesses in real-time operating systems.

The report is a collaboration between many of TÜV Rheinland‘s Cybersecurity experts globally, and discusses seven key Cybersecurity trends which will be important to be aware of in 2020.

Seven Cybersecurity Trends for 2020 by world-leading professionals

The developments in the area of Cybersecurity are alarming. As the number of smart devices in private households increase, so do the opportunities for cyber criminals to attack. Uncontrolled access to personal data undermines confidence in the digital society. The logistics industry and private vehicles are increasingly being targeted by hackers. TÜV Rheinland’s Cybersecurity experts view these trends as critical to understand in 2020.

“From our point of view, it is particularly serious that cybercrime is increasingly affecting our personal security and the stability of society as a whole,” explains Petr Láhner, business executive vice president for the business stream Industry Service & Cybersecurity at TÜV Rheinland. “One of the reasons for this is that digital systems are finding their way into more and more areas of our daily lives. Digitalisation offers many advantages – but it is important that these systems and thus the people are safe from attacks.”

Uncontrolled access to personal data carries the risk of destabilising the digital society

In 2017, Frenchwoman Judith Duportail asked a dating app company to send her any personal information they had about her. In response, she received an 800-page document containing her Facebook likes and dislikes, the age of the men she had expressed interest in, and every single online conversation she had had with all 870 matching contacts since 2013.

The fact that Judith Duportail received so much personal data after several years of using a single app underscores the fact that data protection is now very challenging. In addition, this example shows how little transparency there is about securing and processing data that can be used to gain an accurate picture of an individual’s interests and behaviour.

Infographic Digital Society. Graphic: TÜV Rheinland

Smart consumer devices are spreading faster than they can be secured

Smart speakers, fitness trackers, smart watches, thermostats, energy meters, smart home security cameras, smart locks and lights are the best-known examples of the seemingly unstoppable democratisation of the “Internet of many Things”. Smart devices are no longer just toys or technological innovations. The number and performance of individual “smart” devices is increasing every year, as these types of device are quickly becoming an integral part of everyday life. It is easy to see a future in which the economy and society will become dependent on them, making them a very attractive target for cyber criminals. Until now, the challenge for Cybersecurity has been to protect one billion servers and PCs. With the proliferation of smart devices, the attack surface could quickly increase hundreds or thousands of times.

Infographic Smart Devices. Graphic: TÜV Rheinland

The trend towards owning a medical device increases the risk of an Internet health crisis

Over the past ten years, personal medical devices such as insulin pumps, heart and glucose monitors, defibrillators and pacemakers have been connected to the Internet as part of the “Internet of Medical Things” (IoMT). At the same time, researchers have identified a growing number of software vulnerabilities and demonstrated the feasibility of attacks on these products. This can lead to targeted attacks on both individuals and entire product classes. In some cases, the health information generated by the devices can also be intercepted. So far, the healthcare industry has struggled to respond to the problem – especially when the official life of the equipment has expired. As with so many IoT devices of this generation, networking was more important than the need for Cybersecurity. The complex task of maintaining and repairing equipment is badly organised, inadequate or completely absent.

Infographic Medical Devices. Graphic: TÜV Rheinland

Vehicles and transport infrastructure are new targets for cyberattacks

Through the development of software and hardware platforms, vehicles and transport infrastructure are increasingly connected. These applications offer drivers more flexibility and functionality, potentially more road safety, and seem inevitable given the development of self-propelled vehicles. The disadvantage is the increasing number of vulnerabilities that attackers could exploit – some with direct security implications. Broad cyberattacks targeting transport could affect not only the safety of individual road users, but could also lead to widespread disruption of traffic and urban safety.

Hackers target smart supply chains and make them “dumb”

With the goal of greater efficiency and lower costs, smart supply chains leverage Internet of Things (IoT) automation, robotics and big data management – those within a company and with their suppliers. Smart supply chains increasingly represent virtual warehousing, where the warehouse is no longer just a physical building, but any place where a product or its components can be located at any time. Nevertheless, there is a growing realisation that this business model considerably increases the financial risks, even with only relatively minor disruptions. Smart supply chains are dynamic and efficient, but are also prone to disruptions in processes. Cyberattacks can manipulate information about deposits. Thus, components would not be where they are supposed to be.

Threats to shipping are no longer just a theoretical threat but a reality

In 2017, goods with an estimated weight of around 10.7 billion tons were transported by sea. Despite current geopolitical and trade tensions, trade is generally expected to continue to grow. There is ample evidence that states are experimenting with direct attacks on ship navigation systems. At the same time, attacks on the computer networks of ships used to extort ransom have been reported. Port logistics offers a second, overlapping area of vulnerability. Many aspects to shipping that can be vulnerability to attack such as ship navigation, port logistics and ship computer network. Attacks can originate from states and activist groups. This makes monitoring and understanding a key factor in modern maritime Cybersecurity.

Infographic Maritime Sector. Graphic: TÜV Rheinland

Vulnerabilities in real-time operating systems could herald the end of the patch age

It is estimated that by 2025 there will be over 75 billion networked devices on the Internet of Things, each using its own software package. This, in turn, contains many outsourced and potentially endangered components. In 2019, Armis Labs discovered eleven serious vulnerabilities (called “Urgent/11”) in the real-time operating system (RTOS) Wind River VxWorks. Six of these flaws exposed an estimated 200 million IoT devices to the risk of remote code execution (RCE) attacks. This level of weakness is a major challenge as it is often deeply hidden in a large number of products. Organisations may not even notice that these vulnerabilities exist. In view of this, the procedure of always installing the latest security updates will no longer be effective.

More information and assessments from TÜV Rheinland on the challenges of 2020 can be found in the whitepaper Cybersecurity Trends 2020 here.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Surrey leads new £8 million FORT centre for advancing secure networks

Posted on: March 18, 2024

The Engineering and Physical Sciences Research Council (EPSRC) announced that Surrey’s 5G/6G Innovation Centre will lead a new £8 million Centre for Doctoral Training in Future Open Secure Networks (FORT). 

Read more

Protecting assets with LTE, NTN & 5G LPWA

Posted on: March 15, 2024

In this compelling piece, part of the Key Industry Insights Series, Analyst Robin Duke-Woolley of Beecham Research and Kevin Guan of Fibocom, explain how LTE Cat 4/1/1bis/M, NTN and 5G LPWA are working to change the game for protecting goods and supply chains with total, global coverage asset tracking for reduced losses and improved operations

Read more
FEATURED IoT STORIES

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more