Siemens AG Powerpoint Presentation

Total Page:16

File Type:pdf, Size:1020Kb

Siemens AG Powerpoint Presentation Secure Operations Ensuring Cybersecurity to enable Industrial IoT Unrestricted © Siemens Mobility GmbH siemens.com/dcu Leading global companies joined forces to encourage security in a networked world. Protecting the data of individuals 1 and companies Preventing damage from people, 2 companies and infrastructures Establishing a reliable foundation on which confidence 3 in a networked, digital world can take root and grow Evolving Landscape 1950s – 1960s 1980s 1999 2010s 2015 Military, governments and Computers make their The globe is Cloud computing Industry 4.0, Internet of Things other organizations implement way into schools, homes, connected enters the & Big Data. computer systems business and industry by the internet mainstream Information Processing Automation Digital Connectivity and Intelligence 1970s 1990s 1991 2000s 2020s Home computer Digital enhancement The World Wide Mobile flexibility Smart and autonomous is introduced of electrification and Web becomes systems, Artificial Intelligence automation publicly accessible Industroyer/Chrashoverride Heartbleed WannaCry Melissa Worm Stuxnet Morris Worm ILOVEYOU AT&T Hack Blue Boxing AOHell NotPetya Cryptovirology Cloudbleed Level Seven Crew hack sl1nk SCADA hacks Infinion/TPM Denial-of-service attacks Meltdown/Spectre Cybersecurity solutions focused on (OT) Security IT Security OT Security Confidentiality Availability 3-5 years Asset lifecycle 20-40 years Forced migration (e.g. PCs, smart phone) Software lifecycle Usage as long as spare parts available High (> 10 “agents” on office PCs) Options to add security SW Low (old systems w/o “free” performance) Low (~2 generations, Windows 7 and 10) Heterogeneity High (from Windows 95 up to 10) Standards based (agents & forced patching) Main protection concept Case and risk based Risk vs Budget Ever growing Ever growing risklandscape Your Risk Your Yesterday Today Tomorrow ? Wait or use your creativity Wait Your Budget Your Yesterday Today Tomorrow After a major incident …costly impacts on operations $1-2M / day $38-88M 225,000 $300M Economic impact of Average annual spend Customers without Cost of NotPetya ransom buying energy to replace on unplanned downtime2 power due to Black ICS attack to single energy production Energy attack, 20153 industrial company in capabilities1 20174 Sources: 1)Richmond Times, 2)GEOilandGas, 3)E-ISAC, 4)CNBC Structure by IEC 62443 IEC 62443 - Roles and Scope IEC 62443 - Roles and Scope Cybersecurity Concepts for Mobility Defense in Depth - IEC 62443 …”for future deployments, with products with built-in cybersecurity features” Perimeter protection & IDS …”installed base (legacy) and automation products without built-in cybersecurity” Cybersecurity goal IEC 62443 Security Levels SL 1 SL 2 SL 3 SL 4 Protection against Protection against Protection against Protection against deliberate attacks with simple intentional attacks with intentional attacks with unintentional or accidental means advanced means advanced resources attacks Attacker type Attacker type Attacker type Script Kiddie Criminal organization Nations / Agencies Cybersecurity Pillars IDS JRS / SPX DCU CONFIDENTIAL DCU Data Capture Unit (Data Diode) © Siemens Mobility GmbH 2020 Enabling connectivity while keeping networks physically isolated? …Data Diode technology Critical network Open network Tx Tx Electromagnetic induction Rx Rx PHY Tx Rx Tx Tx Rx Rx PHY ▪ Guarantees protection and network isolation via hardware design that lacks the vulnerability of firewalls Siemens 4 DCU ▪ Reliable - MTBF +16yrs ▪ Galvanic isolation & physical separation ensures only one-way communication Connectivity Concept 3. Cloud Vendor Deploy Security Patches Cloud App VPN – Worldwide Device Management Rollout Applications Router + FW and Updates 2. IT Network – Worldwide Cloud Connector OWG App Storage Industrial Edge Runtime Diagnostics and Connectors Local data storage - OWG receiver Rail Operator DCU 1. OT Network (SIG) 0% risk of customer operation disruption OWG – DCU Real-time data collection OCC – OWG sender TVD IXL Designed to be modular 3. Cloud Vendor Cloud App Asset Management VPN 2. IT Network Router + FW OWG - Receiver Rail Operator DCU 1. OT Network (SIG) OWG - Sender SCADA / Interlocking USP´s Safety assessment 0% risk Vendor neutral SL3 - IEC 62443 4- 2 operation disruption Standard protocols CONFIDENTIAL IDS Intrusion Detection System © Siemens Mobility GmbH 2020 Topology with DCU IT/Enterprise network IDS Server Syslog IDS Sensor IDS Sensor Security logs Security Security logs Security Port Port mirror mirror Security logs Security logs OT / Signaling (safety) network Industrial Switches Industrial Switches Endpoints Endpoints JRS Juridical Recording System & Encryption © Siemens Mobility GmbH 2020 What & Why What Why JRS collects, stores and validates all critical Data from juridical recorders is needed for all SIG system data. legal or formal investigations of accidents or “near-miss” situations. JRS provides “Proof” that the stored data is unaltered and complete (integrity intact). CENELEC 50701 will require data integrity tools for new railway systems. JRS prevents the alteration and/or deletion of data acc. to IEC 62443 security concept: • Components • Communication Main features 1. Modular juridical recorder - Based on X.509 Certificates (PKI) 2. RAID 6 - High performance and reliable of data storage 3. Secure OS – S2L2 with Certificates, Secure Boot and Whitelisting. 4. IEC 62443 4-2 SL3 - Compliant 5. Interference Free – Compatible with DCU Funtionality 1 | Data collection 2 | Data Storage 3 | Evaluation & Validation 4 | Data Extraction IXL Components DCU / Diagnostic PCs RAID 6 JRS software Customer or Siemens WORKING FOR A POLLUTION-FREE TOMORROW …ONE JOURNEY AT A TIME SIEMENS Mobility Disclaimer © Siemens AG 2020 Subject to changes and errors. The information given in this document only contains general descriptions and/or performance features which may not always specifically reflect those described, or which may undergo modification in the course of further development of the products. The requested performance features are binding only when they are expressly agreed upon in the concluded contract. All product designations may be trademarks or other rights of Siemens AG, its affiliated companies or other companies whose use by third parties for their own purposes could violate the rights of the respective owner. Page 26 Unrestricted | © Siemens Mobility 2020 | Andres G. Guilarte | SMO RI PR | 2020-12-02 Contact Published by Siemens Mobility GmbH Andres G. Guilarte Global Product Manager SMO RI PR SD Germany E-mail [email protected] Page 27 Unrestricted | © Siemens Mobility 2020 | Andres G. Guilarte | SMO RI PR | 2020-12-02.
Recommended publications
  • Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017
    Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017 A SANS Whitepaper Written by John Pescatore March 2017 Sponsored by Qualys ©2017 SANS™ Institute Introduction In security, change always equates to risk. Because change is constant, being aware of the key changes that will increase risk is a critical part of being proactive in cyber security. A simple equation for risk is the following: RISK THREAT VULNERABILITY ACTION Threats are Vulnerabilities Action consists of two malicious tactics are weaknesses components: and techniques that enable • Attacks that malicious actors (external that would cause those threats to or internal) take to launch threats damage to a succeed. business. • Prevention or mitigation efforts by security teams to reduce the attack aperture or increase speed of detection In reality, security teams control only half of the “Action” parameter. We can’t determine when threats will be developed or launched, and vulnerabilities are driven by weaknesses in people and technology. People change slowly, but technology changes rapidly, and business adoption of new technologies invariably brings new vulnerabilities that enable new threats. Understanding and anticipating business demand for emerging technologies is a key element in successful security programs. With each new wave of technology, threats tend to come in three forms: denial-of- service (DoS) attacks, cyber crime and attacks by nation-states. DoS Attacks When weaknesses in new technologies are exposed (generally by experimenters, academics and hacktivists), DoS attacks are the easiest to launch. They crash systems or cause data storms that bring networks to a halt. Cyber Crime Cyber criminals and the ecosystem that supports them refine attacks to focus on approaches that can lead to revenue, most commonly by stealing information that can be resold or support account fraud.
    [Show full text]
  • Using the Audit App
    Using the Audit App Symantec CloudSOC Tech Note Tech Note — Using the Audit App Copyright statement Copyright (c) Broadcom. All Rights Reserved. Broadcom, the pulse logo, Connecting everything, and Symantec are among the trademarks of Broadcom. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. For more information, please visit www.broadcom.com. Broadcom reserves the right to make changes without further notice to any products or data herein to improve reliability, function, or design. Information furnished by Broadcom is believed to be accurate and reliable. However, Broadcom does not assume any liability arising out of the application or use of this information, nor the application or use of any product or circuit described herein, neither does it convey any license under its patent rights nor the rights of others. Copyright © 2021 Symantec Corp. 2 Tech Note — Using the Audit App Table of Contents Introduction Opening Audit Choosing data sources Viewing and filtering audit results Viewing summary results Viewing services, users, and destinations Filtering Audit Results Search Cloud Applications by Service, Category, Tag, Risk, User, Country, and Platform Saving and loading filters Using filter multi-select Configuring your services view Tagging cloud services Creating custom tags Viewing services tagged Ignore Adding comments for services Exporting Audit results Exporting ProxySG CPL block policy files from Audit Evaluating cloud services Viewing service information Customizing service rankings BRR Scoring for Individual Applications Customizing global service ratings Creating a custom BRR profile Comparing cloud services Exporting service and usage details Use of Attribute Filters in Find and Compare Services Copyright © 2021 Symantec Corp.
    [Show full text]
  • Identifying Software and Protocol Vulnerabilities in WPA2 Implementations Through Fuzzing
    POLITECNICO DI TORINO Master Degree in Computer Engineering Master Thesis Identifying Software and Protocol Vulnerabilities in WPA2 Implementations through Fuzzing Supervisors Prof. Antonio Lioy Dr. Jan Tobias M¨uehlberg Dr. Mathy Vanhoef Candidate Graziano Marallo Academic Year 2018-2019 Dedicated to my parents Summary Nowadays many activities of our daily lives are essentially based on the Internet. Information and services are available at every moment and they are just a click away. Wireless connections, in fact, have made these kinds of activities faster and easier. Nevertheless, security remains a problem to be addressed. If it is compro- mised, you can face severe consequences. When connecting to a protected Wi-Fi network a handshake is executed that provides both mutual authentication and ses- sion key negotiation. A recent discovery proves that this handshake is vulnerable to key reinstallation attacks. In response, vendors patched their implementations to prevent key reinstallations (KRACKs). However, these patches are non-trivial, and hard to get correct. Therefore it is essential that someone audits these patches to assure that key reinstallation attacks are indeed prevented. More precisely, the state machine behind the handshake can be fairly complex. On top of that, some implementations contain extra code to deal with Access Points that do not properly follow the 802.11 standard. This further complicates an implementation of the handshake. All combined, this makes it difficult to reason about the correctness of a patch. This means some patches may be flawed in practice. There are several possible techniques that can be used to accomplish this kind of analysis such as: formal verification, fuzzing, code audits, etc.
    [Show full text]
  • Siemens Charter of Trust
    Driving security in an unsecure world MITRE Conference Harrison Wadsworth| Dec. 19, 2018 | McLean, VA USA charter-of-trust.com | #Charter of Trust Siemens in the U.S. – Our company at a glance 60+ manufacturing sites and 50,000 employees Over $5 bn in exports annually ~$40 bn invested in the U.S. in last 15 years $50 m job training programs annually $1 bn annual R&D investment Map shows Siemens’ major employment hubs 800,000 jobs linked to Siemens’ global business operations in FY15 Page 2 MITRE Conference| Harrison Wadsworth Digitalization creates opportunities and risks Page 3 MITRE Conference| Harrison Wadsworth Digitalization creates … Opportunities Connected Facilities/Plant/Site Billions of devices are being connected Billion of Devices by the Internet of Things, and are the 50.1B (2020) backbone of our infrastructure and economy Connected Systems 34.8B (2018) Connected Products 22.9B (2016) 42.1B (2019) 14.2B (2014) 8.7B (2012) IoT Inception (2009) 28.4B (2017) 0.5B (2003) 18.2B (2015) 11.2B (2013) 1988 1992 1996 2000 2004 2008 2012 2016 2020 Industroyer/Chrashoverride Heartbleed Stuxnet WannaCry … and risks AT&T Hack Morris Worm Melissa Worm ILOVEYOU Blue Boxing Exposure to malicious cyber attacks is also AOHell Cryptovirology Cloudbleed growing dramatically, putting our lives and Denial-of-service attacks sl1nk SCADA hacks Meltdown/Spectre the stability of our society at risk Level Seven Crew hack NotPetya Infineon/TPM Page 4 MITRE Conference| Harrison Wadsworth Cybersecurity is getting to be a critical factor for the success
    [Show full text]
  • ITEA Cyber Security Day Exchange on Best Practices and Challenges
    Welcome to session I Exchange on best practices and challenges ITEA cyber Security Day Exchange on best practices and challenges Dr. Eric Armengaud AVL List GmbH (Headquarters) Confidential A V L C O M P A N Y P R E S E N T A T I O N Facts and Figures Founded Employees Worldwide Of Turnover Invested in Inhouse R&D Global Footprint Years of Experience Engineers and Scientists Granted Patents in Force Represented in 26 countries 45 Affiliates divided over 93 locations 45 Global Tech and Engineering Export Quota Centers (including Resident Offices) A V L C O M P A N Y P R E S E N T A T I O N ENGINEERING SERVICES INSTRUMENTATION AND TEST ADVANCED SIMULATION SYSTEMS TECHNOLOGIES ▪ Design and development services for all elements ▪ Advanced and accurate simulation and testing ▪ We are a proven partner in delivering efficiency of ICE, HEV, BEV and FCEV powertrain systems solutions for every aspect of the powertrain gains with the help of virtualization development process ▪ System integration into vehicle, stationary or ▪ Simulation solutions for all phases of the marine applications ▪ Seamless integration of the latest simulation, powertrain and vehicle development process automation and testing technologies ▪ Supporting future technologies in areas such as ▪ High-definition insights into the behavior and ADAS and Autonomous Driving ▪ Pushing key tasks to the start of development interactions of components, systems and entire vehicles ▪ Technical and engineering centers around the globe A V L C O M P A N Y P R E S E N T A T I O N ELECTRIFICATION ADAS AND AUTONOMOUS DRIVING ZERO-IMPACT EMISSION VEHICLE ENGINEERING DATA INTELLIGENCE From road transportation to smart mobility ERTRAC, Strategic Research Agenda, Input to 9th EU Framework Programme, March 2018, www.ertrac.org Confidential / 5 Dr.
    [Show full text]
  • Principles and Practices of Cybersecurity
    Principles and Practices of Cybersecurity Christine Pommerening, Ph.D. novaturient LLC 2 Overview • Problem – How bad is it? • History – How did we get into this mess? • Solution 1 – What can we do about it? • Solution 2 – What does the government do about it? novaturient LLC 3 novaturient LLC 4 Overview • Problem – How bad is it? • History – How did we get into this mess? • Solution 1 – What can we do about it? • Solution 2 – What does the government do about it? novaturient LLC 5 2013-2016 • Target breach (“Citadel”) • OMB breach (China) • Anthem breach (China) • Clinton campaign hack and dump (WikiLeaks) • IoT device exploit and botnet (“Mirai”) • Dyn ISP distributed denial-of-service attack (“Mirai”) novaturient LLC 6 2017 • NSA tools release (Shadow Brokers) • Windows XP exploit ransomware (“WannaCry”) • Ukraine infrastructure attack/ransomware(“Petya”) • Cloudflare customer data leak (“Cloudbleed”) • Macron campaign hack and dump (Fancy Bear) • Equifax KBA exploit and breach (TBD) novaturient LLC 7 Overview • Problem – How bad is it? • History – How did we get into this mess? • Solution 1 – What can we do about it? • Solution 2 – What does the government do about it? novaturient LLC 8 1960s…………………..2020s Decade Network Technology Device Development 1960s ARPANET Mainframes 1980s TCP/IP Client-Servers 1990s WWW Personal Computers 2000s Social Media Apps Wireless Devices 2010s Cloud Shared On-Demand Space 2020s IoT Autonomous Devices novaturient LLC 9 1993…………………..2018 novaturient LLC 10 This Is Us novaturient LLC 11 Overview • Problem – How bad is it? • History – How did we get into this mess? • Solution 1 – What can we do about it? • Solution 2 – What does the government do about it? novaturient LLC 12 I A M • Identity and Access Management novaturient LLC 13 I A M • What do you use? • What have others used? novaturient LLC 14 novaturient LLC 15 I A M novaturient LLC 16 I A M 1.
    [Show full text]
  • Pwc Weekly Cyber Security
    Threats and Threats and Malware Top story vulnerabilities vulnerabilities PwC Weekly Security Report This is a weekly digest of security news and events from around the world. Excerpts from news items are presented and web links are provided for further information. Malware Windows botnet spreads Mirai malware Threats and vulnerabilities Internet users urged to change passwords after Cloudbleed Threats and vulnerabilities Google’s Project Zero reveals vulnerability in Internet Explorer and Microsoft Edge Top story Crypto specialists break SHA-1 security standard Threats and Threats and Top story Malware vulnerabilities vulnerabilities Windows botnet spreads Mirai malware Security researchers from Kaspersky Lab are currently investigating the first Windows-based spreader for the Mirai malware, something that can have huge implications for companies that invested heavily in IoT. The spreader was apparently built by someone with "more advanced skills" than those that had created the original Mirai malware. This, Kaspersky Lab says, has "worrying implications for the future use and targets of Mirai-based attacks." It is richer and more robust than the original Mirai codebase, even though many of its components are "several years old." Its spreading capabilities are limited, as it can only deliver from an infected Windows host to a vulnerable Linux-powered IoT device. Even that -- if it can brute-force a remote telnet. It was also said that the author is likely Chinese- speaking, more experienced, but probably new to Mirai. "The appearance of a Mirai crossover between the Linux platform and the Windows platform is a real concern, as is the arrival on the scene of more experienced developers.
    [Show full text]
  • Is Cloudbleed Inevitable After Heartbleed? by Taiye Lambo and Jordan Flynn September 2014
    Is Cloudbleed Inevitable After Heartbleed? By Taiye Lambo and Jordan Flynn September 2014 In the technology world, vulnerabilities and bugs are commonplace. Whether an avid hobbyist or a professional working for an organization in a technical capacity, those familiar with the technology and information security space understand that there is no avoiding the inevitable discovery of vulnerabilities and bugs that must ultimately be addressed. While some of these fixes require nothing more than a simple patch job, others necessitate significant changes in policy and process within the workplace and the cautious or discontinued use of applications on mobile devices and Internet based services. With the rise in cybersecurity attacks and the continued growth of individuals storing their sensitive information online, vulnerabilities in cyberspace represent one of the most significant concerns not just for hobbyists and professionals, but also for society as a whole. The discovery of the Heartbleed bug in April 2014 made the issue of vulnerabilities and bugs in cyberspace more evident. Fundamentally, the vulnerability allows for anyone on the Internet to read and view the personal and sensitive information of others through system memory, information meant to be protected by the SSL/TLS encryption that is used to secure the vast majority of the Internet. Compounding this issue is that Heartbleed also provides the proverbial “key to the kingdom” by making the confidential keys used to properly identify service providers, and encrypt the names and passwords of users as well as actual content itself available to the criminal, allowing them to easily spy on communications and impersonate both users and services therefore stealing sensitive data directly from them.
    [Show full text]
  • Buy the Complete Book: Buy the Complete Book: HANDS-ON INCIDENT RESPONSE and DIGITAL FORENSICS
    Buy the complete book: www.bcs.org/books/digitalforensics Buy the complete book: www.bcs.org/books/digitalforensics HANDS-ON INCIDENT RESPONSE AND DIGITAL FORENSICS Buy the complete book: www.bcs.org/books/digitalforensics BCS THE CHARTERED INSTITUTE FOR IT BCS, The Chartered Institute for IT, champions the global IT profession and the interests of individuals engaged in that profession for the benefit of all. We promote wider social and economic progress through the advancement of information technology science and practice. We bring together industry, academics, practitioners and government to share knowledge, promote new thinking, inform the design of new curricula, shape public policy and inform the public. Our vision is to be a world-class organisation for IT. Our 70,000-strong membership includes practitioners, businesses, academics and students in the UK and internation- ally. We deliver a range of professional development tools for practitioners and employ- ees. A leading IT qualification body, we offer a range of widely recognised qualifications. Further Information BCS, The Chartered Institute for IT, First Floor, Block D, North Star House, North Star Avenue, Swindon, SN2 1FA, United Kingdom. T +44 (0) 1793 417 424 F +44 (0) 1793 417 444 www.bcs.org/contact http://shop.bcs.org/ Buy the complete book: www.bcs.org/books/digitalforensics HANDS-ON INCIDENT RESPONSE AND DIGITAL FORENSICS Mike Sheward Buy the complete book: www.bcs.org/books/digitalforensics © BCS Learning & Development Ltd 2018 The right of Mike Sheward to be identified as author of this Work has been asserted by him in accordance with sections 77 and 78 of the Copyright, Designs and Patents Act 1988.
    [Show full text]
  • Vitzthum Senior Consultant Digitalization RC-AT DI PA [email protected] +43 (664) 88 55 21 02
    Industrial Security Frei verwendbar TITULO 1 TEXTO BASE Challenges for the Industry Productivity, Cost Pressure and Regulations • Externally caused incidents Protect through increasing connectivity Protect Productivity against • Internal misbehavior • The evolving Threat Landscape • For qualified personnel Reduce cost Costs • For essential Security Technologies Comply • Reporting Requirements Comply to regulations • Minimum Standards to • Security Know-how V4.3 Page 3 The ever-changing threat landscape Professional Hackers Vulnerabilities § § Cybersecurity laws and Internet of § § Things Regulations V4.3 Page 4 Evolution of the cyber threat landscape Digital Information Processing Digital Connectivity Digital Automation and Intelligence 1950s – 1960s 1970s 1980s 1990s 1991 1999 2000s 2010s 2015 2020s Military, governments and other Computers make their way Internet of Things, Smart The World Wide Web becomes organizations implement into schools, homes, business Mobile flexibility and autonomous systems, publicly accessible computer systems and industry Artificial Intelligence, Big Data Digital enhancement of The globe is connected Cloud computing enters the Home computer is introduced Industry 4.0 electrification and automation by the internet mainstream Industroyer/Chrashoverride Cyberwar WannaCry Stuxnet Phishing Targeting Critical Morris Worm Infrastructure AT&T Hack Blue Boxing NotPetya The threat landscape keeps growing and changing and AOHell Cryptovirology Cloudbleed attackers are targeting industrial and critical Level Seven Crew hack sl1nk SCADA hacks Infineon/TPM infrastructures Denial of service attacks MJMeltdown/ Spectre V4.3 Page 5 Challenges and drivers Most critical threats to Industrial Control systems Outdated operating systems² Windows NT 4.0 30. June 2004 Industrial Control System Security Windows XP 08. April 2014 Top 10 Threats and Countermeasures1 Windows 7 14. January 2020 Windows 10 14.
    [Show full text]
  • Managing and Maintaining Implemented Security Measures Is
    for Managing and Maintaining Implemented Security Measures is Critical when Building a Cyber Defense Program Harry Brian and Florian Forster Manufacturing in America │ March 20-21, 2019 Unrestricted © Siemens 2019 Unrestricted Challenges for our Customers Productivity, Cost Pressure and Regulations • Externally caused incidents Protect through increasing connectivity Protect Productivity against • Internal misbehavior • The evolving Threat Landscape • For qualified personnel Reduce cost Costs • For essential Security Technologies Comply • Reporting Requirements Comply to regulations • Minimum Standards to • Security Know-how Unrestricted © Siemens 2019 All rights reserved. Community. Collaboration. Innovation. Page 2 V4.0 The ever-changing threat landscape Professional Hackers Vulnerabilities § § Cybersecurity laws and Internet of § § Things Regulations Unrestricted © Siemens 2019 All rights reserved. Community. Collaboration. Innovation. Page 3 V4.0 Evolution of the cyber threat landscape Digital Information Processing Digital Connectivity Digital Automation and Intelligence 1950s – 1960s 1970s 1980s 1990s 1991 1999 2000s 2010s 2015 2020s Military, governments and other Computers make their way Internet of Things, Smart The World Wide Web becomes organizations implement into schools, homes, business Mobile flexibility and autonomous systems, publicly accessible computer systems and industry Artificial Intelligence, Big Data Digital enhancement of The globe is connected Cloud computing enters the Home computer is introduced Industry 4.0 electrification and automation by the internet mainstream Industroyer/Chrashoverride Cyberwar WannaCry Stuxnet Phishing Targeting Critical Morris Worm Infrastructure AT&T Hack Blue Boxing NotPetya The threat landscape keeps growing and AOHell Cryptovirology Cloudbleed changing and attackers are targeting industrial Level Seven Crew hack sl1nk SCADA hacks Infineon/TPM and critical infrastructures Denial of service attacks Meltdown/Spectre Unrestricted © Siemens 2019 All rights reserved.
    [Show full text]
  • The Most Dangerous Cyber Nightmares in Recent Years Halloween Is the Time of Year for Dressing Up, Watching Scary Movies, and Telling Hair-Raising Tales
    The most dangerous cyber nightmares in recent years Halloween is the time of year for dressing up, watching scary movies, and telling hair-raising tales. Events in recent years have kept companies on high alert. Every day we are seeing an increase in cyberattacks carried out by organized hacker organizations. In a matter of seconds, these threats can destabilize large corporations, stealing large quantities of money and personal data, as well shake the very foundations of entire world powers. Have a look at some of the most terrifying attacks of recent years. 2010 2011 2012 Operation Aurora RSA SecurID Stratfor A series of cyberattacks carried out RSA suffered a security breach as a Publication and dissemination of worldwide, targeting 34 companies, result of a cyberattack that sought internal emails exchanged between including Google. The attack was details about its SecureID system. personnel of the private intelligence perpetrated by a group of Chinese espionage agency Stratfor, as well as hackers. PlayStation Network emails exchanged with clients of the firm. 77 million accounts were Australian Government compromised and blocked PS3 and DDoS attacks, carried out by the PlayStation Portable users from Linkedin online community Anonymous, accessing the service for 23 hours. The passwords of nearly 6.5 million against the Australian Government. user accounts were stolen by Russian cybercriminals. Operation Payback An attack coordinated jointly against opponents of Internet piracy. 2013 2014 Cyberattack in South Korea Celebrity photos Cyber networks of major South 500 private photographs of several Korean banks and television celebrities, mostly women, were networks were shut down in an placed on 4chan and subsequently alleged act of cyber warfare.
    [Show full text]