Weaknesses in smart supply chains and real-time operating systems are two of the major threats from cybersecurity lapses identified by inspection and certification specialist TÜV Rheinland in its annual report on Cybersecurity Trends for 2020.

The report, a collaboration between TÜV Rheinland‘s global cybersecurity experts, found “alarming” developments in cybersecurity, with smart consumer devices spreading faster than they can be secured

The company said that the increasing number of smart devices in private households increased the opportunities for cyber criminals. It warned that the logistics industry and vehicles were increasingly being targeted by hackers and suggested that uncontrolled access to personal data would undermine confidence in the digital society.

Petr Láhner, executive vice president for the business stream Industry Service & Cybersecurity said. “One of the reasons for this is that digital systems are finding their way into more and more areas of our daily lives. Digitalisation offers many advantages – but it is important that these systems and thus the people are safe from attacks.”

Smart speakers, fitness trackers, smart watches, thermostats, energy meters, smart home security cameras, smart locks and lights are the best-known examples of the seemingly the “Internet of Things”. Smart devices are no longer just toys or technological innovations. “These types of device are quickly becoming an integral part of everyday life. It is easy to see a future in which the economy and society will become dependent on them, making them a very attractive target for cyber criminals,” the company said.

It highlighted vehicles and transport infrastructure as one area of fast-increasing connectivity. It warned that broad cyberattacks targeting transport could affect not only the safety of individual road users but could also lead to widespread disruption of traffic and urban safety.

Meanwhile smart supply chains using automation, robotics and big data management increasingly represent virtual warehousing, where the warehouse is no longer just a physical building, but any place where a product or its components can be located at any time. “There is a growing realization that this business model considerably increases the financial risks, even with only relatively minor disruptions. Smart supply chains are dynamic and efficient but are also prone to disruptions in processes,” the company said, noting that cyberattacks could manipulate information so that components would not be where they are supposed to be.

In shipping, there is ample evidence that states are experimenting with direct attacks on ship navigation systems and attacks to extort ransom have been reported.

Finally, the group warned that with over 75 billion networked devices expected by 2025, each using its own software package organizations may not notice that vulnerabilities exist. In view of this, the procedure of always installing the latest security updates will no longer be effective.

Download the whitepaper here

Meanwhile, a new threat report from cybersecurity company Dragos details the characteristics of a form of ransomware known as Ekans. This ransomware – also known as Snake – first emerged in December 2019 and has been designed for use against Windows systems used in industrial environments. Researchers found Ekans contains a list of commands and processes associated with a number of industrial control system (ICS) functionalities aimed at stopping these functions in a ransomware attack.

While this functionality is described as limited, researchers’ analysis of Ekans notes that it still represents “a deeply concerning evolution in ICS-targeting malware” because it indicates that cyber criminals are  targeting industrial operation systems purely for financial gain.

 

Further reading

Legislation will set new security framework for smart devices

Ofgem seeks input for ‘first iteration’ of data best practice guidance

New ‘DSO entity’ will underpin Europe-wide standards, but UK will be a rule taker

Cyber security network launches EV charger standard

Cybersecurity and environment issues are ‘major global risks’ for coming year

 

Stay up to date with New Power’s online news. Sign up for our FREE weekly newsletter here

Search and sort data on UK power assets via New Power’s online Database. Free access for New Power Report subscribers