Data privacy emerges as a crucial cornerstone in preserving consumer trust in today's digitally driven environment when connected devices and seamless online experiences have become the standard. As data-driven technologies proliferate quickly, strict security controls are required to protect sensitive data, preserving customer privacy and maintaining their steadfast trust.
Several critical Remote Code Execution (RCE) vulnerabilities have recently emerged, posing a significant threat to industrial solar panels and potentially endangering grid systems. These vulnerabilities, if exploited, could have severe consequences for energy organizations and their critical infrastructure. Security experts are raising alarms and urging immediate attention to address these vulnerabilities before they can be exploited by malicious actors.
A range of automakers from Toyota to Acura is affected by vulnerabilities within their vehicles that can let hackers steal personally identifiable information (PII), lock owners out of their vehicles, and even control functions like starting and stopping the vehicle's engine.
A team of seven security experts said vulnerabilities in the automakers' internal applications and systems gave them a proof-of-concept hack to send commands using only the vehicle identification number (VIN), which can be seen through the windshield outside the vehicle.
The team has found serious security loopholes from automakers like BMW, Ford, Volvo, Ferrari, and various others throughout Europe, the US, and Asia. It has also found problems with suppliers and telematic companies like Spireon, which makes Gps-based vehicle tracking solutions.
BMW said that IT and data security are the top priorities for the company, and it continuously monitors its system landscapes for potential security threats or vulnerabilities.
"The relevant addressed vulnerability issues were closed within 24 hours and we have no indication of any data leaks. No vehicle-related IT systems were affected or compromised. No BMW Group customers or employee accounts were compromised," a spokesperson at BMW said.
This is the most recent security threat that surfaced, in March last year, telemetry from industrial systems security firm Dragons found Emotet command-and-control servers in contact with various automotive manufacturer systems.
In December, experts found vulnerabilities in three mobile apps that let drivers remotely unlock or start their vehicles. These bugs allowed unauthorized malicious actors to perform the same commands from afar.
Security vulnerabilities have been a challenge in the automotive industry for a long time, and automakers are not very proactive in identifying the potential severity of the threat developments.
Experts believe that while automakers are slowly changing into software developers, they find it difficult to address all points of the development cycle- which includes security.
One very simple notion is if you're not good at software, you're probably not going to be very good at making that software safe. That is guaranteed." "Automakers look at this in a more reactive way than a proactive way, basically saying we'll address the small number of customers affected and solve the issue and then everything goes back to normal," he says. "That's the way of thinking for many carmakers," said Gartner automotive industry analyst Pedro Pacheco.
When automakers make more sophisticated ecosystems that connect customers with app stores and connect them with their smartphones and other connected devices, the stakes also get high.
"This is the reason why cybersecurity is going to become more and more of a pressing issue," said Pedro. "The more the vehicle takes over driving, then of course the more chances there are that this can be used against the customer and against the automaker. It hasn't happened yet, but it could very well happen in the future."
In the current complicated cybersecurity scenario, threat detection is just a needle in the haystack.
We have seen malicious actors exploiting everything they can get their hands on, from AI tools, to open-source code to multi-factor authentication (MFA), the security measures should also adapt from time to time across a company's entire digital landscape.
AI threat detection, simply put is an AI that understands your needs- is essential that can businesses in defending themselves. According to Toby Lewis, threat analysis head at Darktrace, the tech uses algorithmic structures that make a baseline of a company's "normal."
After that, it identifies threats, whether it's new or known, and in the end, makes "intelligent micro-decisions" about possible malicious activities. He believes that cyber-attacks have become common, rapid, and advanced.
In today's scenario, cybersecurity teams can't be everywhere all the time when organizations are faced with cyber threats.
It is understandable that complexity and operational risks go hand in hand as it is not easy to control and secure the "sprawling digital landscapes" of the new organizations.
Attackers are hunting down data in the SaaS and cloud applications, the search also goes to the distributed infrastructure of endpoints- from IoT sensors to remotely-used computers to mobile phones. The addition of new digital assets and integration of partners and suppliers have also exposed organizations to greater risks.
Not only have cyber threats become more frequent, but there is also a concern of how easily malicious cyber tools can be availed nowadays. These tools have contributed to the number of low-sophistication attacks, troubling chief information security officers (CISOs) and security teams.
Cybercrime has become an "as-a-service" commodity, providing threat actors packaged tools and programs that are easy to install in a business.
Another concern is the recently released ChatGP by OpenAI. It is an AI-powered content creation software that can be used for writing codes for malware and other malicious activities.
Threat actors today keep on improving their ROI (return on investments), which means their techniques are constantly evolving, and security defenders are having problems predicting the threats.
AI threat detection comes in handy in this area. AI heavy lifting is important to defend organizations against cyber threats. AI is always active, its continuous learning capability helps the technology to scale and cover the vast volume of digital assets, data, and devices under an organization, regardless of their location.
AI models focus on existing signature-based approaches, but signatures of known attacks become easily outdated as threat actors constantly change their techniques. To rely on past data is not helpful when an organization is faced with a newer and different threat.
“Organizations are far too complex for any team of security and IT professionals to have eyes on all data flows and assets. Ultimately, the sophistication and speed of AI “outstrips human capacity," said Lewis.
Darktrace uses a self-learning AI that is continuously learning an organization, from moment to moment, detecting subtle patterns that reveal deviations from the norm. This "makes it possible to identify attacks in real-time, before attackers can do harm," said Lewis.
Darktrace has dealt with Hafnium attacks that compromised Microsoft Exchange. In March 2022, Darktrace identified and stopped various attempts to compromise the Zobo ManageEngine vulnerability, two weeks prior to the discussion of the attack publicly. It later attributed the attack to APT41- a Chinese threat actor.
Darktrace researchers have tested offensive AI prototypes against its technology. Lewis calls it "a war of algorithms" or fighting AI with AI.
Threat actors will certainly exploit AI for malicious purposes, therefore, it is crucial that security firms use AI to combat AI-based attacks.
A new type of severe rated vulnerabilities has been revealed in the Realtek RTL8170C Wi-Fi module. A hacker could exploit these vulnerabilities to gain access to a device and attack wireless communications. According to experts Vdoo, an Israeli tech IoT firm, if an exploit is successful, it would result in control of complete WiFi module possible root access in the Linux or Android OS, of the embedded devices using this module.
Hacker News reports "Realtek RTL8710C Wi-Fi SoC underpins Ameba, an Arduino-compatible programmable platform equipped with peripheral interfaces for building a variety of IoT applications by devices spanning across agriculture, automotive, energy, healthcare, industrial, security, and smart home sectors." These vulnerabilities impact all IoT and embedded devices that use the module for connecting to Wi-Fi networks and the hacker would have to be on the same Wi-Fi network. It is because the firmware knows the network's pre-shared key (PSK) or uses the RTL8710C module.
PSK, as the name suggests, is a cryptographic code that is used to verify wireless devices on LANs. "In the same vein, the RTL8170C Wi-Fi module's WPA2 four-way handshake mechanism is vulnerable to two stack-based buffer overflow vulnerabilities (CVE-2020-27301 and CVE-2020-27302, CVSS scores: 8.0) that abuse the attacker's knowledge of the PSK to obtain remote code execution on WPA2 clients that use this Wi-Fi module," reports The Hacker News. An earlier investigation in February revealed similar vulnerabilities in the Realtek RTL8195A Wi-Fi module, the primary one being a buffer overflow vulnerability (CVE-2020-9395).
It allows a hacker who is in the range of an RTL8195 module to completely hijack the module, without needing a Wi-Fi password. In a possible real-world attack situation, experts performed a PoC (proof of concept) exploit where the hacker disguises as an authorized access point and sends an infected encrypted GTK (group temporal key) to the supplicant (client) with the help of WPA2 protocol connection. GTK is used for securing broadcast and multicast traffic. "During the analysis, we have discovered and responsibly disclosed six major vulnerabilities in Realtek’s RTL8195A Wi-Fi module that these devices were based on," said Vdoo.