The Equifax breach is the latest example of attackers targeting open-source software in the enterprise.
Windows has long been the world’s biggest malware draw, exploited for decades by attackers. It continues today: The Carbon Black security firm analyzed 1,000 ransomware samples over the last six months and found that nearly 99% of them targeted Windows.
That’s not news for IT administrators, of course. But this might be: Linux and other open-source software are emerging as serious malware targets. Several recent highly publicized attacks exploit holes in open-source software that many enterprise admins once considered solidly safe.
Let’s start with the big one: the recently disclosed Equifax break-in that resulted in the private information of 143 million people being stolen, including Social Security numbers, birth dates, addresses and more. Typically, when you find the cause of a breach like this, it involves Windows. That’s not the case with the Equifax hack, though.
A web application vulnerability in the widely used open-source Apache Struts web development framework allowed attackers to break into Equifax and do their damage. The framework is used by many enterprises in education, government, financial services, retail and media. Even though the vulnerability was first discovered and patched back in early March, Equifax didn’t install the patch until after it found it had been hacked.
Sound familiar? It should. That’s typically how Windows attacks proceed — enterprises don’t get around to patching Windows to close security holes, and hackers take it from there. A recent study by Adaptiva, which offers security and management solutions for network endpoints, found that 49% of all enterprises surveyed said that their biggest security challenge was keeping Windows and Windows applications updated. And 59% said it takes a month or more to update Windows throughout their enterprise.
It appears as if Linux and open source are becoming a similar security headache for companies. Ian Folau, CEO of GitLinks, which specializes in security for open-source software, warns in an InfoWorld blog that at least half of all Fortune 100 companies use Struts. He adds, “Less than 10 percent of companies are monitoring open source in their company, so even if these companies wanted to update their versions of Struts, they would have a hard time figuring out which applications were using Struts.” He believes that many other attacks will be launched using the Struts vulnerability because it will remain largely unpatched.
The Equifax attack isn’t the only big one involving open source or Linux to have emerged recently. The “BlueBorne” attack vector exploits vulnerabilities in Bluetooth implementations. It can be used to take over a device and use it to spread malware or ransomware and become part of a botnet. At risk are almost 5.3 billion devices worldwide that use Windows, iOS, Android and Linux-based operating systems. Among the Linux devices that are at risk are Samsung’s Gear S3 smartwatch, a number of Samsung televisions, some models of drones and many Tizen devices, as well as some Linux desktop PCs and servers.
Some industry watchers predict even more attacks targeting open source and Linux in the enterprise. A Carbon Black blog post, “ 7 Predictions for Ransomware’s Evolution,” warns, “We believe ransomware will increasingly target Linux systems in an effort to further extort larger enterprises. For example, attackers will increasingly look to conduct SQL injections to infect servers and charge a higher ransom price. We have already observed attacks hitting MongoDB earlier this year, which provide an excellent foreshadowing.”
The attacks Carbon Black mentioned happened this past January, when open-source MongoDB databases around the world were hacked and data was taken from them and held for ransom.
All this isn’t to say that Linux represents a greater threat to enterprises than does Windows. Windows is dominant in the enterprise, and as long as that’s the case, it will remain the primary target. But attackers have a way of going after low-hanging fruit, and IT admins aren’t as used to open-source software being under attack as they are Windows. So expect more, larger attacks on open source and Linux in the enterprise as IT admins try to figure out how to protect them as well as Windows.

Sentiment rank: -0.3

© Source: https://www.computerworld.com/article/3230225/security/step-aside-windows-open-source-and-linux-are-it-s-new-security-headache.html
All rights are reserved and belongs to a source media.

Platform can handle ‘hundreds of millions’ of devices and integrate with Google’s analytics services
Google aims to solve the obstacle of IoT device and data management with the public beta release of its Cloud IoT Core platform.
Google Cloud Platform has added new features to the public beta, which ensure secure device connectivity and manageability at scale for end users.
Announced at Google I/O in May, Cloud IoT Core helps businesses to manage IoT data and devices from a central location; it also provides a source of operational data for companies’ analytics systems, which can be used to react to change in real-time.
As well as being able to manage ‘hundreds of millions’ of devices from one location, Google says that companies can use the platform to gain actionable insights, by ingesting IoT data and connecting to its analytics services such as Cloud Dataflow or BigQuery .
Based on feedback from the private beta, users of the platform can now verify the ownership of device keys. Customers can bring their own device key signed by their Certificate Authority (CA); IoT Core verifies the signature of the key provided by the device with the CA certificate during the authentication process.
Google has added secure connectivity over HTTP, in addition to the standard MQTT protocol, to more securely connect existing devices and gateways to the platform.
Finally, users of Cloud IoT Core can now view the last state and properties of a device even when it is not connected, through logical device representation. This provides APIs for applications to retrieve and update these details when a device is not connected.
Some of GCP’s current partners for the platform include Smart Parking and Tellmeplus. Smart Parking is the designer and developer of a parking management technology, now being extended to a smart city platform; this uses Cloud IoT Core to ingest data from ‘any number’ of distributed devices. Group CTO John Heard said:
“Our devices are heavily used and constantly send us a huge volume of data. By connecting these devices to Cloud IoT Core, we have a secure and reliable way to not only ingest that data but then also use it to gain valuable insights. We know exactly how our systems are performing and can push updates to devices to ensure we deliver the best products and services as cost effectively as possible.”
Heard told Computing, “Google’s Cloud IoT Core allowed us to eliminate our own developed functionality with a truly cloud-native foundation service that we can completely trust, leverage and achieve open benefits [with] that would otherwise have been a less compelling alternative. It only took a week for one of our developers to transition our incoming data and device management to Cloud IoT Core and we haven’t had a single issue since!… In short, we picked the Google Cloud Platform, including Cloud IoT Core, because we knew this was going to take us forward on our strategic and capability journey with confidence as well as open new opportunities.”
At the same time as its availability announcement, Google revealed a new pricing model for the platform, whereby customers can register as many devices as they want and only pay when they connect to and exchange data with Cloud IoT Core.
The first 250MB of data each month are free, after which prices are tiered (250MB to 250GB; 250GB to 5TB; and 5TB+).
Customers in vertical markets including transportation, oil and gas, utilities, health care and manufacturing are using the service now.
Google’s Indranil Chakraborty said, “We want to continue working with partners because at the end of the day, for any enterprise customer [building] a complex solution they need to work with companies on the hardware side, with ISVs, and with cloud platforms – you need all the ingredients.”
Speaking about the future of big data and the IoT, Heard said:
“Getting data used to be the hard part. However, IoT management services (like IoT Core and AWS IoT Platform) now make onboarding almost too simple – but this is just a part of the bigger objective: useful information-based insight. The challenge comes from deriving actionable meaning from large volumes of disparate data. In other words, how do I link together seemingly unrelated data?
“We are seeking to change this from being a challenge into becoming an increasingly natural enablement for cities, businesses, and users to ‘see’ powerful yet simple insights from these large and diverse information sets in a totally responsive manner. As an illustration, using the SmartCloud Platform we will be able to detect and show a spike in departures in the downtown area (as parking sensors report vacancy data), then offer this information to my traffic light management system to improve the flow of outbound traffic. This is where powerful data analytic tools (like BigQuery/Dataflow/DataPrep) and machine learning platforms become indispensable. This isn’t just big data, this is streaming big data; not a data lake – a data waterfall. We’re not using terabytes of data just to create reports, we’re using it in real-time to make meaningful business decisions.”

Sentiment rank: 1.1

© Source: https://www.computing.co.uk/ctg/news/3018212/google-extends-iot-device-management-and-analytics-with-public-beta-of-cloud-iot-core
All rights are reserved and belongs to a source media.