Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/19/2019
04:35 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Global Cyber Alliance Launches Cybersecurity Development Platform for Internet of Things (IoT) Devices

New AIDE Platform Enables IoT Device Manufacturers to Test Security, Identify and Mitigate Global Attack Risks, and Identify Vulnerabilities

London – August 15, 2019: The Global Cyber Alliance, working with its partners, today launched the Automated IoT Defence Ecosystem (AIDE), a first-of-its-kind cybersecurity development platform for Internet of Things (IoT) products. AIDE enables small businesses, manufacturers, service providers and individuals to identify vulnerabilities, mitigate risks and secure IoT devices against the growing volume of threats to this interconnected environment.

A complementary resource to the AIDE platform is the GCA ProxyPot, a custom IoT honeypot solution developed by GCA, which is capable of replicating one IoT device across multiple IP addresses and physical locations to identify global attack risks quickly, efficiently and accurately. Together, the AIDE and ProxyPot platforms allow for organisations and individuals to have greater visibility into the types and scale of threats facing the IoT devices deployed into various environments, including smart cities and other smart ecosystems.

Visit globalcyberalliance.org to learn more or gcaaide.org to request access to GCA AIDE.

“The number of internet-connected devices has grown exponentially over the last decade and with it the cyber risk to companies, organisations and individuals deploying these devices on their network,” said Philip Reitinger, President and CEO of GCA. “The launch of the AIDE platform furthers GCA’s mission of providing scalable, implementable solutions to organisations of all sizes and budgets to secure their devices and reduce risk.”

With an estimated 14.2 billion internet-connected devices currently in use and a projected increase to 25 billion by 2021, the challenge to identify, analyse and mitigate IoT threats has dramatically increased. Also cause for concern, a recent survey found less than 1 in 3 organisations maintain a privileged-access security strategy for their IoT devices, making the organisations an ideal target for threat actors. These statistics highlight the urgent need for addressing the threats to IoT devices.

The AIDE platform offers capabilities for data collection, analysis and automated defence on a scale not previously attained. As part of its first effort to leverage the AIDE and ProxyPot technologies, GCA is working with Attivo Networks to build a SCADA honeyfarm to collect threat intelligence on attacks targeting industrial control systems.

“We are thrilled to be working with GCA to provide the benefits of deception technology to organisations around the world. IoT devices are notoriously difficult to secure and apply typical prevention measures. As a result, innovative solutions like deception technology are playing a critical role in the early threat detection and response to cyberattacks,” said Marc Feghali, Co-founder and Vice President of Product Management at Attivo Networks. “By creating customised decoys that blend in with production connected devices, organizations can quickly detect attackers, engage them, capture their attack methods, derive their attack signature and divert them away from real IoT infrastructure, mitigating the risk of attacks on Operational Technology (OT) infrastructure.”

Specifically, AIDE allows for the following:

 

Collection

The AIDE platform will automatically collect IoT attack data through three methods:

 

  1. Honeyfarms located around the world, including a GCA honeyfarm with more than 1,200 devices, and data feeds from partners;
  2. Virtual IoT devices located on simulated networks; and
  3. ProxyPots that can be distributed around the world and backed by real and virtual IoT devices.

 

Analysis

AIDE aggregates attack data into an analysis platform that is available to companies, academia, nonprofits and other entities to study IoT attack signatures and patterns. In exchange for access to the data, researchers will share any algorithms developed to help AIDE generate additional information products.

The analysis platform will be used to generate data feeds available to GCA partners and the security community. These feeds will be made widely available throughout the cybersecurity ecosystem to enable IoT attack mitigation.

Automated Defence

The real-time threat feeds generated by the platform can limit and mitigate identified attacks while preventing any further compromise of IoT devices. AIDE allows an edge router/policy enforcement point to use threat feeds to mitigate attacks against the local environment and also relies upon an application of the capabilities of the “Manufacturer Usage Description” standard, through which manufacturers can specify the types of activities and communications that are allowed on their devices. This type of automated defence offers small businesses and home users a way to have free or low-cost protection for their small office and consumer network (home IoT) devices that often have no other way to address IoT vulnerabilities.

“The bad guys do not discriminate when deciding which organisations to target for IoT attacks, so our defences shouldn’t either,” said Adnan Baykal, GCA Global Technical Advisor. “With AIDE, any organisation can access our threat feeds for data, conduct analysis and even search specific activity by username, source IP, destination IP, commands, hashes and geographic location. As we continue to establish partnerships and sponsors, the platform will continue to improve and provide added value to those within the ecosystem.”

About the Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect.  Learn more at www.globalcyberalliance.org.

 

Contacts: 
Aimee Larsen Kirkpatrick, [email protected], 808.282.9850 
Adam Benson, [email protected], 202.999.9104

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34202
PUBLISHED: 2021-06-16
There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remot...
CVE-2021-32659
PUBLISHED: 2021-06-16
Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration (the `roomUpgradeOpts` key when instantiating a new `Bridge` instance.), any `m.room.tombs...
CVE-2020-25755
PUBLISHED: 2021-06-16
An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter.
CVE-2020-25754
PUBLISHED: 2021-06-16
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an una...
CVE-2020-25753
PUBLISHED: 2021-06-16
An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml.