Cyber Attacks Targeting Infrastructure
The FBI, Department of Homeland Security and the United Kingdom’s National Cyber Security Centre teamed up to announce that Russian state-sponsored cyber actors are targeting network infrastructure devices, according to the United States Computer Emergency Readiness Team.
The cyber actors, supported by the Russian government, enabled espionage and intellectual property theft that supports the Russian Federation’s national security and economic goals.
Russian cyber actors leverage a number of legacy or weak protocols and service ports associated with network administration activities. Cyber actors use these weaknesses to:
- identify vulnerable devices
- extract device configurations
- map internal network architectures
- harvest login credentials
- masquerade as privileged users
- copy or redirect victim traffic through Russian cyber-actor-controlled infrastructure
- device firmware
- operating systems
Cyber actors do not need to leverage zero-day vulnerabilities or install malware to exploit these devices. Instead, cyber actors take advantage of the following vulnerabilities:
- devices with legacy unencrypted protocols or unauthenticated services
- devices insufficiently hardened before installation
- devices no longer supported with security patches by manufacturers or vendors (end-of-life devices)
These factors allow for both intermittent and persistent access to both intellectual property and U.S. critical infrastructure that supports the health and safety of the U.S. population.
Cyber actors masquerade as legitimate users to log into a device or establish a connection via a previously uploaded OS image with a backdoor. Once successfully logged into the device, cyber actors execute privileged commands. These cyber actors create a man-in-the-middle scenario that allows them to:
- extract additional configuration information
- export the OS image file to an externally located cyber actor-controlled FTP server
- modify device configurations
- create Generic Routing Encapsulation (GRE) tunnels
- mirror or redirect network traffic through other network infrastructure they control
Digital Transformation Day 2018
The world is in transformation mode. The winners of its Industrial Revolution will master data and insights made possible through the power of digital industrial transformation. Join us in Orlando, Arlington, Chicago, Denver and Toronto with GrayMatter and GE leaders to learn how utilities are transforming and companies like Joy Global and GE Transportation are drastically reducing maintenance and operations time using the industrial internet. We’ll take you behind-the-scenes of Brilliant Manufacturing and teach you powerful lessons like how to build an OT cyber strategy.
Tesla vs. Waymo: The Self-Driving Car Race
There’s a race going on from Silicon Valley to Detroit — who can make the best self-driving car? To understand this, companies need to study not just cars, but also how people behave when they’re behind the wheel. This results in a lot of data, and the two companies with the most data right now are Tesla and Waymo.
Both Tesla and Waymo are attempting to collect and process enough data to create a car that can drive itself, and they’re approaching those problems in very different ways according to the Verge. Tesla already has hundreds of thousands of cars on the road collecting real-world data about how those vehicles perform, and how they might perform, thanks to its current semi-autonomous system. Waymo, which began as Google’s self-driving car project, uses powerful computer simulations and feeds what it learns into a smaller real-world fleet.
Tesla reported last summer that they’re collecting over 5 billion miles of data per day. Waymo announced earlier this year that it has simulated 5 billion miles of autonomous driving on public roads, but is constrained by the fact that it is only gathering real-world data via a fleet of about 500 to 600 self-driving Pacifica minivans, whereas Tesla has over 300,000 cars on the road around the world, navigating in more diverse settings.
Intel believes autonomous vehicles could generate $800 billion per year in revenue in 2030, and $7 trillion by 2050. Last summer, a Morgan Stanley analyst said that data might be more valuable to Tesla than something like the Model 3. “There’s only one market big enough to propel the stock’s value to the levels of Elon Musk’s aspirations: that of miles, data and content,” he wrote.
The companies are not only collecting data at different scales, but also different types of data. Waymo’s minivans use three different types of LIDAR sensors, five radar sensors and eight cameras. Tesla’s vehicles have eight cameras, 12 ultrasonic sensors and one forward-facing radar. The difference between using LIDAR and radar is that radar uses radio waves, whereas LIDAR sends out millions of laser light signals and measures how long it takes for them to bounce back.
While LIDAR is more precise, it’s also more expensive and bulky — involving more mechanical parts.
If Tesla can adapt their cars to be at the same level without the technology, it’ll put them at a huge advantage in the self-driving car race.