Monthly Archives: Juni 2017

Mirko Ross berät die ENISA

Stuttgarter IT-Experte in Top-Gremium der Europäischen Union berufen.

Große Ehre für Geschäftsführer Mirko Ross vom Stuttgarter Software-Dienstleister digital worx: der 44-jährige wurde durch die EU zum beratenden Experten für Sicherheit im Internet der Dinge berufen. Er gehört künftig einem internationalen Gremium der European Union Agency for Network and Information Security (ENISA) an; der zentralen EU-Agentur für Cyber-Sicherheit.

Computerviren in der Hand von Terroristen oder international agierenden Banden: ein Schreckensszenario, das in den vergangenen Jahren mehr und mehr als reale Bedrohung wahrgenommen wird. Die mögliche Manipulation von Märkten, Wahlen oder militärischen Einrichtungen beschäftigt weltweit die Experten. Bereits im Jahr 2004 wurde zur Abwehr derartiger Bedrohungen die Agentur der Europäischen Union für Netzwerk- und Informationssicherheit (ENISA) gegründet.

ENISA ist ein Kompetenzzentrum für die Cyber-Sicherheit in Europa. Sie befindet sich in Griechenland mit Sitz in Heraklion (Kreta) und einem operativen Büro in Athen. Die ENISA wurde ins Leben gerufen, um die Netzwerk- und Informationssicherheit (network and information security / NIS) zu stabilisieren und damit zu einem ordnungsgemäßen Funktionieren des Binnenmarktes beizutragen. Die Agentur arbeitet eng mit den Mitgliedstaaten der EU und dem privaten Sektor zusammen, um Beratung und Lösungsvorschläge zu erbringen. Dazu gehören europaweite Cyber-Security-Übungen, die Entwicklung nationaler Cyber- Security-Strategien, die Zusammenarbeit und der Aufbau von Kapazitäten ebenso wie Studien über die sichere Cloud- Adoption, die sich mit Fragen des Datenschutzes befassen. Das Schützen der Privatsphäre bei neuen Technologien und die Identifizierung der Cyber-Bedrohungslandschaft sind weitere zentrale Aufgaben der Agentur.

€žIch freue mich sehr auf die Zusammenarbeit mit den international führenden Experten für Cyber-Sicherheit€œ, so Mirko Ross heute in Stuttgart.

Mirko Ross

Mirko Ross

Mirko Ross ist Gründungsgesellschafter und CEO der digital worx GmbH, einer mobilen Software Developing Company mit Sitz in Stuttgart-Vaihingen. 1998 gründete er sein erstes Unternehmen im Technologiebereich. Seit 2012 unterrichtet er Web Engineering und mobile Softwareentwicklung an der Hochschule Heilbronn.

Der 44-Jährige ist an öffentlichen und privaten Forschungsaktivitäten für offene Standards im Internet der Dinge beteiligt. Er ist Mitglied des Internet Of Things Council, einem weltweiten IoT Think Tank.

Im Rahmen des Internet- Programms der Europäischen Kommission unterstützt er Start- ups in den Bereichen eHealth und Industrial IoT.

Ransomware is not the biggest threat in the Internet of Things

data debates Berlin

No doubt, ransomware is a serious problem. And operators of critical infrastructures are doing well, to keep their system infrastructure up to date to prevent them from being high jacked of ransomware. Because the damage could be high, as we have seen when UK hospitals have been hit by Locky and Wannacry ramsomware.

I had the pleasure to listen to Francesco de Meo, CEO of Germany€™s biggest private healthcare and clinic enterprise at the data debates event in Berlin. He pointed out that ransomware is one of the biggest security threat for hospitals and that IT security is highly aware to protect against it.

(c) Robbert van der Steeg / Flickr

(c) Robbert van der Steeg / Flickr

For sure he is wrong. Ransomware is a big threat, but also easy to defend. All you need is a proper implemented update process for you IT Systems.

The biggest threat for Hospitals are cyber weapons

In the past Hospitals have been always targets on warfare €“ irrespective of the Geneva Protocol or Hague Conventions. Even today we see hospitals hit in Syria by conventional weapons, with more over than 1000 airstrikes on 117 hospitals in 2016.

But if hospitals are a target on conventional warfare, what does it mean for cyber war?

It€™s a serious consequence that they are priority targets for cyber weapons. As far we know from cyber weapons €“ their attacking vectors are much sophisticated. Using zero date exploits to intrude unnoticed by security guards, operating as sleeping agents waiting for remote commands and cover their tracks of attacker€™s origin.

So how an ordinary hospital IT security infrastructure can prevent from being a target of cyber weapons?

They can€™t.

Cyber commands worldwide are paying millions of dollars to acquire zero day exploits from black hat hacker markets. Cyber weapon carrier will not disclosure this exploits as are the €œwarheads€ of cyber-attacks, providing a military advantage.

As long governmental programs will foster the undisclosure of zero day exploits, we are running into an unsecure internet infrastructure. That€™s why the biggest threats for hospital is not ransomware. It€™s military and intelligence attackers. No critical infrastructure can prevent from being hit unless we define a worldwide proscription of cyber weapons.

The Lessons of WannaCry for IoT

Moreover than 230.000 computers in 150 countries had been infected by the ransomware WannaCry. This figures sounds like a success. But compared to former ransomware cyberattacks WannaCry failed. In 2016 the ransomware locky was taking the world in storm. In its peak locky infected about 90.000 computers per day.

IoT securit risks

IoT security risks by automatically attacks

Locky infected its victims by fake E-Mail Attachment. This attack uses €œhuman fail€ as vector. While WannaCry was using a €œwormable€ security exploit, which allowed to infect systems automatically. From a technical level the WannaCry attack is high dangerous, as it allows compromising systems automatically, while locky is always depending on user interaction. But the automatically attack vectors also allows to defend easily by patching the security holes in the affected systems.

It€™s the patch, stupid!

WannaCry attack is based on a SMB exploit published by Shadow Broker Hacking Group. One month later Microsoft was publishing security patches for all Windows Versions with long term support. And most systems worldwide had been successful patched, when WannaCry stepped into world. So the WannaCry worm did not found enough unpatched systems to get feed fat. WannaCry€™s automatically attacks starved.

But what if we get wormable IoT exploits?

For IoT devices the WannaCry attack vector is a nightmare. Automatically attacks are a reasonable way to highjack IoT devices as we will have billions of connected micro controllers which are running in the background. If you want to attack them, you can€™t rely on user interactions to infect them as most of them will never require interfaces for direct users interaction. Keep in mind all the sensor nodes and gateways to collect environmental or industrial data for running smart cities, smart home and industry 4.0 applications. So attackers are relied on €œwormable€ exploits to infect those IoT systems by mass.

Feeding the worms in IoT

And they will find feed for such exploits in IoT world. Patching IoT systems is a nightmare compared to a Windows Systems ecosystem. In IoT there is no well-organized patching infrastructure in behind, which will provide security patches in a reasonable time and has the ability to deliver them worldwide to system administrators.

The IoT world is splitted in many vendors. Providing often low cost components, where maintenance is not part of the system concept or business model. By that the number of unpatchable IoT components is increasing every day dramatically. It€™s in your smart city, smart home and industry.

All what attackers need is a common automatically security exploit to run a successful infection campaign. As most IoT systems are based upon embedded software there will be a plenty of options to attack. For example, the SMB exploit of WannaCry also affects LINUX Samba SMB services and makes some of them vulnerable for remote execution.

So, when did you patched your IoT system?