Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings

Service providers prime targets for hackers

By atesmeh | April 21, 2014

Share

The world’s networks are under constant, relentless attack, including – perhaps especially – the networks of service providers. Service providers are not only targets themselves, but since they provide the network infrastructure for so many other companies, they are doubly at peril.  

There were 1,367 confirmed breaches of security reported by all types of companies around the world last year, according to Verizon’s 2014 Data Breach Investigations Report (DBIR), and a total of 63,437 security incidents, far more than in 2012.

If there’s any good news in the increase, it’s that it comes from a vastly expanded data set. While the number of security breaches has assuredly risen, the 2014 numbers only appear to be greatly inflated because there are literally dozens more organizations that began sharing their data with Verizon researchers last year.

Last year, retailers were notable targets (Target, Nordstrom, Harbor Freight, some regional supermarket chains), Edward Snowden released proof that the NSA was spying on nearly everyone, including Americans, and China solidified its reputation for cyberwarfare, largely for competitive economic gain, according to U.S. sources.

All of that notwithstanding, Verizon said, attacks motivated by financial gain are trending down, while espionage is trending up.

Araceli Gomes, Verizon’s manager of cybersecurity solutions engineering, said Verizon and its partners providing data for its DBIR are certain that they can attribute specific incidents to espionage. “We can do advanced case linkage,” she said. “Incidents that don’t seem linked, when we follow them back, it turns out that they are.

“This isn’t FUD,” – fear, uncertainly, and doubt – she continued. “There are global, international reasons at play.”

MSOs, satellite distributors, TV broadcasters, film studios and other concerns fall in the “Information” industry category, which has experienced more attacks than any other industry sector (“Public” refers to government agencies), even more than finance.

Verizon shows that 92 percent of all incidents fall into only 9 categories:

  • Point of sale (POS) Intrusions
  • Web App Attacks
  • Insider misuse
  • Physical theft/loss
  • Miscellaneous errors
  • Crimeware
  • Card skimmers
  • Denial of Service (DoS) attacks
  • Cyber espionage

Gomes said Information companies tend to be subjected to insider misuse, crimeware, and DoS.

Insider misuse is often unintentional and “not nefarious,” she said. Examples might include a disgruntled employee selling data, or simple accidents. “That’s very relevant to telecom,” she said. “With the free flow of information, security can occasionally go by the wayside.”

Crimeware could be almost anything done for criminal financial gain. Examples might include the use of spyware, botnets or phishing schemes.

Verizon has been watching DoS activity, but hadn’t included it in the DBIR, because it had been arguable whether it was a classic security issue. That argument seems to be settled in the affirmative now. DoS has been on the rise, especially against banks and retailers. “DoS is usually attributable to fun or ideology,” Gomes said. “Fun” meaning people doing something just to do it, “ideology” meaning exactly what it says – think of the group Anonymous retaliating against companies the group’s members feel have misbehaved, or a group called Izz ad-Din al-Qassam Cyber Fighters (QCF), which attacked U.S. banks as retaliation for a video that kept popping up on YouTube which the group felt was disparaging to Muslims.

The upshot, though, is that DoS attacks are getting bigger in terms of the two key measures for this sort of thing: bandwidth and packet rate.

The DBIR looks at all the types of attacks, and offers suggestions for countermeasures. The report can be downloaded for free.

If there’s a silver lining in the security-incident cloud, it’s that telecom companies are able to take what they learn securing their own networks and systems and turn around and monetize that, by providing security services to their customers. “The things that Verizon does to protect itself, we put some of those things at the service of our customers,” Gomes said.

While the financial industry has a formal organization that members have created to deal with common security issues, the telecom / Information industry has no such thing. On the other hand, Gomes said, telecom companies cannot solve network problems on their own – they are, after all part of a network. Telecom companies tend to work with each other informally to chase down and resolve security issues.

That’s good news perhaps, but the bad news is that overall, perpetrators are becoming more savvy, and are able to do whatever they do usually in a matter of days, while their victims tend not to detect a problem for weeks, months, or longer – and the gap between perpetration and detection is getting wider.


Filed Under: Industry regulations

 

Related Articles Read More >

ids-industrial-camera-manufacturer.sustainability-3
IDS focuses on sustainability in shipping
Part 5: Motion control + MQTT, OPC-UA, and other protocols for cloud services
Facebook CEO Zuckerberg Calls for More Outside Regulation
Musk’s Boring Company Calls it Quits on LA Tunnel, Instead Focuses on Hyperloop

DESIGN GUIDE LIBRARY

“motion

Enews Sign Up

Motion Control Classroom

Design World Digital Edition

cover

Browse the most current issue of Design World and back issues in an easy to use high quality format. Clip, share and download with the leading design engineering magazine today.

EDABoard the Forum for Electronics

Top global problem solving EE forum covering Microcontrollers, DSP, Networking, Analog and Digital Design, RF, Power Electronics, PCB Routing and much more

EDABoard: Forum for electronics

Sponsored Content

  • Global supply needs drive increased manufacturing footprint development
  • How to Increase Rotational Capacity for a Retaining Ring
  • Cordis high resolution electronic proportional pressure controls
  • WAGO’s custom designed interface wiring system making industrial applications easier
  • 10 Reasons to Specify Valve Manifolds
  • Case study: How a 3D-printed tool saved thousands of hours and dollars

Design World Podcasts

April 11, 2022
Going small with 3D printing
See More >
Engineering Exchange

The Engineering Exchange is a global educational networking community for engineers.

Connect, share, and learn today »

Design World
  • Advertising
  • About us
  • Contact
  • Manage your Design World Subscription
  • Subscribe
  • Design World Digital Network
  • Engineering White Papers
  • LEAP AWARDS

Copyright © 2022 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings