25 SEP 2017

The main IT threats of 2017 (Part I)

In the contemporary technological landscape, while on the one hand there is a tendency to integrate codes, platforms and regulations, on the other, cyberattacks increase. Cybercriminals move in parallel with the evolution of technology, and defensive systems are not always able to face with these attacks. Let’s see together what are the main critical issues emerged in recent months and the phenomena to pay attention to.

The General Data Protection Regulation

The purpose of the GDPR is to harmonize regulations on the protection of personal data at European level and to guarantee citizens the right to privacy. The General Data Protection Regulation (GDPR) is going to enter in force on 25 May 2018, replacing the previous Data Protection Directive 95/46/EC.

Among the main news of this legislation, which is currently considered one of the biggest challenges to companies in the field of data management, we should mention:

  • Extraterritorial applicability: the GDPR applies to all subjects that save and/or process data related to subjects residing in the EU territory;
  • Sanctions: the GDPR explicitly considers financial penalties whose amount (up to 4% of the annual total turnover or 20 million €) is extremely significant and constitutes a risk factor to consider;
  • Privacy by design: the GDPR requires that data protection is considered as a factor to be taken into account from the early stages of the design of a system, rather than being added later;
  • the GDPR also introduces the concept of “breach notification”, whereby any person who has been the victim of a theft of personal data that can “cause risks for the rights and freedom of individuals” must give public notice within 72 hours from when he discovers the fact.

The introduction of the GDPR constitutes, in addition to an evident risk factor to consider in the planning of personal data management strategies, also an opportunity to make the legal context relating to the protection of privacy uniform and effective, finally.

Operating systems affected by viruses

2018 could see increasing vulnerabilities of a lot of new systems. This trend is new compared to the traditional scenario in which the operating systems that are most affected by viruses are those produced by Microsoft, a situation caused by the combination of two factors:

  • presence of numerous vulnerabilities (especially in older versions of OSs) due to inadequate software design techniques;
  • a huge spread of these OSs.

These two factors together have made Microsoft ecosystem a target particularly attractive and easily “exploitable” by attackers. Over time, the situation has changed, thanks to the considerable progress made by Microsoft in terms of the security of its OS and of the simultaneous increase in the diffusion of other OSs (OSX, Linux, etc.).

Today we can say that, even if there is a certain “preference” of the attackers for Microsoft world, any operating system can be considered completely free from the malware problem. This also applies, and perhaps even more significantly, to devices belonging to the class called IoT (as we see soon).

The Internet of Things and the Industrial Internet of Things after Mirai

In the coming years, technologies such as the Internet of Things (IoT) and the Industrial Internet of Things (IIoT) will certainly play a more relevant role in targeted hacker attacks. With the IoT and IIoT acronyms, we generally indicate a class of computational devices not immediately attributable to standard types (PCs, servers, smartphones, etc.) and normally dedicated to specific and well-defined uses; in this category, for example, we find components of the domestic and industrial automation systems, smart sensors and some types of devices for mobile use. The main features of these devices are their widespread distribution, the reachability via the Internet and the availability of computational resources that, although limited compared to those of more traditional devices, are nevertheless significant. In the presence of vulnerabilities in the OS used, the features listed above allow an attacker to use these devices to launch attacks, especially DoS and DDoS (see below) and their impact can be extremely serious.

A DDoS attack (Distributed Denial of Service) is an attack that aims to interrupt a service; this type of attack is normally conducted through the use of a large number of devices (both traditional and IoT) that produce large quantities of network traffic directed towards the system or the systems to attack. In the absence of countermeasures, which are complex to implement and typically require carriers involvement, the attack can lead to total or partial unavailability of the system even for prolonged periods of time, with all the consequences of the case (economic damage, image damage and many others).

In the next article we are going to talk about ramsonware, business compromised e-mail scams, cyber propaganda and mobile devices viruses…

Edited by Lucia D’Adamo, supervised by Marco Pirrone