cloud security

Aviation Industry Grapples with Basic Cyber Protection

 

EasyJet, one of UK’s largest budget airlines disclosed to its customers in March that a massive data breach had taken place, affecting nine million of its customers and involving over 2,000 credit-card details.

EasyJet now reports it has been the target of a “highly sophisticated” attack, which provided hackers with access to customers’ email addresses and 2,208 credit-card details.

EasyJet’s data breach dwarfs a 2018 British Airways data breach, which was fined $225m last year by the Information Commissioner’s Office under Europe’s General Data Protection Regulation (GDPR).The airline industry is already facing major challenges as many aircraft carriers are facing service disruptions due to the pandemic. Additionally, there is a legal battle being fought in courts by the directors of the carriers over business strategy approaches.

The latest hack signals how imperative it is for enterprise airlines to ensure Infosecurity best practices are put in place in order to avoid future devastating data breaches from taking place. The industry as a whole lacks strict requirements to prevent such incidents or even adhere to specific cybersecurity standards.

Aviation Security Challenges

With one of the most integrated and complex information and communications technology (ICT) systems, the aviation industry faces threats on a number of fronts with its increasing interconnectivity. From data theft to national and political motivations, today’s aviation industry faces multiple cyber risks on a multi-front war.

Common threats to the aviation industry include, but are not limited to:

1. Phishing Attacks

Last year the Center for Internet Security reported that 75 US airports were the targets of advanced persistent threats.

2. Jamming Attacks

Jamming attacks occur when an attacker injects a ghost flight into the air traffic control system.

3. Remote Hijacking

Security flaws in the software and hardware used for communication in the aviation industry allows hackers to remotely attack or control in-flight and on-board systems.

4. DDoS and Botnet Attacks

Distributed-denial-of-service attacks utilize botnets of compromised networks to flood air traffic control and other critical systems, resulting in the platform crashing.

5. WiFi-based Attacks

Vulnerabilities in a plane’s onboard system could allow hackers to use the onboard WiFi signal or in-flight entertainment systems to hack into the plane’s avionics equipment.

HSM for Aviation

The increased wave of security concerns for airlines has continued to ripple across the aviation industry. The growing consensus among security experts outlines the need for air-tight security solutions that will address the threat of malicious hacking attempts and data theft.

Hub Security’s next-gen HSM offers excellent performance military-grade key management and cryptographic solutions built on FPGAs which can handle more data per second than traditional CPU based  HSMs.  enabling  safeguard against massive attacks of novel and critical cyber threats in cloud and enterprise industries.

Hub Security’s combination of hardware and software solutions includes ultra-secure internal signing authorization flow. Designed with a multi-signature vault, hardware firewall, access control, and a deep neural network learning system, Hub Security’s Hsm is built to anticipate and prevent unique aviation attacks.

Join Hub Security’s TokenSoft’s CEO Mason Borda and CRO David Hochhauser online this Thursday, June 18th for a discussion on Real Estate Tokenization.

What is Homomorphic Encryption

 

Technology is changing rapidly around us daily and a growing number of organizations are implementing service to improve their security and levels of productivity. However, as we enter the new generation of connectivity and exponential growth of personal data generation and collection, we must re-examine the entire idea of security and the ecosystem that connects all its moving parts.

Many common services, such as cloud data storage, are not as secure as they may seem. These vulnerable endpoints leave companies at high-risk for any number of cyberattacks, ranging from data breaches to ransomware schemes with far-reaching consequences for entire organizations. That’s where homomorphic encryption comes in.

Homomorphic Encryption

Homomorphic encryption is a method of encryption that allows computations and queries to be performed upon fully encrypted data, making it possible to analyze or manipulate encrypted data without decrypting it.

Since most data theft occurs while data is being temporarily decrypted for us or stored as plain text, homomorphic encryption allows anyone to perform operations on data without the need to first decrypt it –– making the entire system safer from data theft and privacy violations.

The risk of privacy leakage of sensitive information in complex IT systems can’t be ignored, and there is a growing interest in applying homomorphic technology to provide data privacy and decentralized access to organizational data.

Applications of Homomorphic Encryption

In the real-world, homomorphic encryption has a number of practical, industry-relevant applications. From electronic voting systems to protecting information on the cloud to enabling private queries in search engines. Real-world applications for homomorphic encryption can include:

1. Securing Cloud Storage

Whether your organization uses a third-party cloud storage service or has only some data offloaded to the cloud, it’s critical to never fully trust the security of your cloud software-as-a-service (SaaS) provider.

It’s already well known that cloud storage isn’t always as secure as we’d like it to be. The remnants of which can still be seen from The Wall Street Journal’s investigation into the global hacking campaign called ‘Cloud Hopper.’

Not only does homomorphic encryption have the potential to secure data stored on the cloud, but it also retains the ability to calculate and search ciphered information that you can later decrypt. This is super important to safeguarding the integrity of your data as a whole –– a win-win scenario for security experts, organizations and customers.

2. Enabling Data Analytics

Homomorphic encryption allows safe and secure access to data for researchers. Without the need to decrypt, data can be encrypted and outsourced to commercial cloud environments for research purposes — all while keeping patient data secure.

Homomorphic encryption can be used for businesses and organizations across a number of industries, including but not limited to, finance, retail and healthcare. By allowing predictive analytic service providers to safely analyze medical data without putting data privacy at risk, homomorphic encryption is empowering research teams worldwide and the advancement of new technological developments.

3. Improving Election Security and Transparency.

It’s been a hot topic lately, but researchers are now looking into how to use homomorphic encryption to make democratic elections more secure and transparent. The Paillier encryption scheme, for example, uses additional operations and would be best suited for voting-related applications.

By allowing users to add various values in an unbiased manner, homomorphic encryption has the ability to keep these values private. This kind of technology has huge potential to not only protect data from unwanted manipulation, but also allow it to be used to independently verify results by authorized third-parties.

Hub Security’s miniHSM

Hub Security’s HSM is a high-performance key management and cryptographic solution built on FPGAs –– designed to protect against unique cyberattacks. Hub Security’s miniHSM is the first of its kind to offer a pocket-sized HSM solution coupled with an ultra-secure HSM-to-HSM communication layer for air-tight security that can support any cloud-based or digital asset.

Learn More

Webinar Video – IoT Cyber Vulnerabilities, smart cities and beer

Last week Hub Security CTO, Andrey Iaremenko, discussed IoT cyber vulnerabilities. The topics discussed included also security risks with smart cities, cars and homes.See below the webinar intro to IoT, IoT vulnerabilities and the full webinar recording. 

Intro to IoT

IoT Cyber Vulnerabilities

IoT and Beer - Full Webinar

Tackling Cloud Security in Uncertain Times

More data and applications than ever have moved to the cloud creating unique infosecurity challenges for both cloud providers and cloud customers alike. Cloud data storage security has forced today’s cybercriminals to invent new ways to circumvent today’s cyber solutions in order to gain access to the sensitive data of millions of businesses and individuals.

Seagate® Technology, a world leader in data storage and management solutions, opened its LyveTM Labs Israel initiative in February. Its mission? To form partnerships with businesses in order to enable innovations by providing simple, secure, and efficient ways to work with exabytes of data. 

The initiative empowers the seamless movement of data, optimizing its business value both in flight and at rest. “The reason Seagate created Lyve Labs is because we understand that innovation cannot happen in silos,” said Seagate’s CEO Dr. Dave Mosley. “Innovation is a work of collaboration. The innovators at Lyve Labs are indebted to other innovators. In turn—drawing on over 40 years of Seagate’s experience as a global leader in data storage and management solutions—we want to help enable innovations that use data for the good of humanity.”

Watch Erez Baum, Seagate Lyve Labs Israel senior director and Eyal Moshe, Hub Security CEO discuss how Global companies can partner and collaborate on Cloud, data and security.

The startups partnering with Lyve Labs Israel take on data challenges that tackle real-world problems, such as disaster management and cloud security. One such startup is Tel-Aviv based cybersecurity firm Hub Security who have partnered with Seagate® Technology as part of its new initiative to explore ways to create safe and secure data management solutions. 

AXA Ventures Leads $5 Million Investment in Next-generation Cybersecurity Startup Hub Security

FPGA-based cyber platform closes Series A funding round with additional investment from OurCrowd
Tel Aviv, May 7, 2020Hub Security, a startup that offers military-grade cybersecurity solutions for fintech, cloud, blockchain and data storage, announced today it has closed a $5 million Series A funding round led by AXA Ventures, with participation from Jerusalem-based OurCrowd.

The company said the investment will be used to strengthen Hub Security’s team, expand their technology and offer enhanced products to fintech companies, focusing on enabling access to credit, corporate banking solutions, cross-border payments and providing ultra-secure banking solutions.

Hub Security offers a solution to growing security concerns related to cloud and enterprise organizations that are raising alarm bells across industries struggling to combat rising levels of cyberthreats and attacks.

There is consensus among security experts of the need for military-grade security solutions that can address the threat of data theft and exploitation –– especially in the era of COVID-19.

“We believe this round of funding is crucial to helping us continue our mission of providing military-grade level cybersecurity solutions to top cloud and digital asset management providers,” said Eyal Moshe, Hub Security’s CEO.
“Hub Security’s end-to-end approach to the development and delivery of its hardware and software components ensures the highest level of security throughout the entire product lifecycle –– something that’s critical now more than ever in the era of COVID-19. We don’t take for granted the trust we’ve seen from investors, especially in the current financial climate,” said Moshe.As a growing number of industries turn to cloud and data storage solutions, there is an increasing demand for cybersecurity solutions that can combat emerging threats.Hub Security boasts an expanding portfolio of fintech, cloud, and insurance clientele.

In February 2020, the company announced its strategic partnership with Seagate® Technology as part of its new LyveTM Labs.

The initiative was launched in order to provide methods for safe and secure data management solutions, both on and off the cloud.“Hub Security’s miniHSM is the first of its kind to offer a pocket-sized HSM solution, which provides an ultra-secure HSM-to-HSM communication layer built uniquely for cloud, banking, healthcare, and government enterprises with scalable, air-tight security that can support any cloud-based or digital asset,” said Moshe.HUB Security utilizes military-grade cybersecurity tactics for its HSM architecture that is designed for FIPS140-2 Level 4 protection (In advanced stage process) –– the highest protection level available for mobile cryptographic security solutions on the market to date. HUB Security’s combination of hardware and software solutions include ultra-secure internal signing and authorization flows with a multi-signature vault, hardware firewall and an AI-learning system designed to anticipate unique cyberattacks.“On our FPGA-based HSM, we have an innovative approach,” Moshe said. “This is in sharp contrast to HSMs relying on legacy architecture, where you have to connect your source via PCIe — and depend on the operating system to deliver the data to your application.

HUB Security approach  gives very high bandwidth, as well as low latency.”“I was actively looking for a ‘software-defined HSM’ platform company in Israel for the past 12 months and I was very pleased when I met Hub Security and learned about their unique offering. We agreed very quickly to partner and invest,” said Moshe Raines, Partner at OurCrowd and Labs/02 managing partner.

About Hub Security: Hub Security is a top-tier, military-grade provider of HSM and key management solutions for fintech, cloud and blockchain security. Leveraging military-grade cybersecurity tactics and utilizing cutting-edge innovations, HUB Security has developed a family of products that provide the highest level of enterprise security available on the market today. https://hubsecurity.io/

What is Ransomware

Today the world has become increasingly aware of the threat of cyber attacks and data breaches, but not all organizations know how to defend themselves against them. Systems breaches great and small have more than doubled in the past five years, and the attacks have grown in both sophistication and complexity. 

From DDoS to ransomware attacks, a cyberattack can have devastating consequences for a brand. Not only does it lead to a loss of consumer confidence, but the manner in which a company handles an attack can also have a significant impact on the business’s bottom line and reputation.

Learn more on cyber security, HSM and key management

In this article, we’ll take a bird’s-eye view at what ransomware is, who it targets, and how it works so you can work to defend you and your organization from future attacks.

What Are Ransomware Attacks

Ransomware is a type of malware that encrypts data, making it impossible for the owners of that data to access it unless they pay a hefty fee. In March 2017, the WannaCry virus spread independently through the networks of unpatched Microsoft Windows devices, leaving thousands of computers infected and making off with a total of 327 payments.

Ransomware has cost businesses more than $75 billion per year in damages (Datto), and ransomware remains the most common form of cyberattack. By the end of 2016, 12.3 percent of global enterprise detections were ransomware, while only 1.8 percent of consumer detections were ransomware worldwide. By 2017, 35 percent of small and medium-sized businesses had experienced a ransomware attack of some kind.

According to a Kapersky Labs report, cybersecurity statistics show ransomware attacks were launched from within more than 190 countries, with financial services the second most targeted industry after healthcare.

Not only are banks at high-risk, but cities and municipalities are as well. In August 2019, 23 local government organizations in Texas were hit by a coordinated attack, likely from a single threat actor. In June 2019, the state of Florida was also hit hard by ransomware attacks, and in just one month no less than three Florida municipal governments were attacked by Emotet, TrickBot, and Ryuk ransomware.

How Ransomware Attacks Happen

Phishing is a common type of cyberattack that’s often used to steal user data, including login credentials and credit card numbers. Phishing occurs when an attacker tricks an unsuspecting victim into opening a malicious link, leading to an installation of malware which then freezes the system as part of a ransomware attack. This can have devastating results on a business.

One of the major news stories of 2013 was the Target data breach that affected 110 million users, including 41 million retail card accounts. It turns out that cybercriminals did not attack Target directly. They targeted a third-party HVAC vendor, which had trusted access to Target’s servers. Upon compromising FMS’s servers, gaining complete access to Target’s was simple.

Learn more on cyber security, HSM and key management

Types of Ransomware Attacks

As far as ransomware goes, there are three primary kinds of ransomware. Each ranges in severity from mildly to code-red dangerous. Let’s break them down now.

Scareware Attacks

Scareware is actually not as scary as it sounds. This kind of attack is primarily supposed to seem scary when in reality the victim is safe until it provides unwarranted access. Scareware usually includes rogue security software and tech support scams, such as pop-up messages claiming that malware was discovered and the only way to get rid of it is to pay up. 

If an individual does nothing, they’ll likely continue to be bombarded with pop-ups while all files remain essentially safe. A legitimate cybersecurity software program would never solicit customers this way. If you don’t already have this company’s software on your device, then it would not be monitoring you for ransomware infection, plain and simple.

Screen Locker Attacks

When lock-screen ransomware gets access to a device, it means the user is frozen out of their PC entirely. Usually, when victims turn on their computer a large window appears, accompanied by an official-looking US Department of Justice seal stating illegal activity has been detected and the user must pay a fine. 

However, any official department who suspects illicit activity would simply not freeze someone out of their computer or demand payment. If they suspected piracy, child pornography, or other cybercrimes, any official office would go through the appropriate legal channels.

Encrypted Attacks

Encrypting ransomware is the type of ransomware that can cause real harm and lasting damage. Commonly deployed against small businesses and other larger organizations, the attack works by snatching up large sets of files and encrypting them, demanding payment in order to redeliver. 

The main reason this type is so dangerous is that once cybercriminals get a hold of sensitive data, no security software or system restore can get them back unless the ransom is paid. Even if an organization does decide to pay up, there’s no guarantee cybercriminals will provide the files back safely.

Conclusion

As we have already seen, 2020 will have many cyberthreats to contend with –– many due to COVID-19. Trojans such as Emotet and TrickBot had successful runs last year and we can expect them, or other multi-purpose malware like them, to make a comeback.

While it may seem hopeless and at times even impossible, the good news is it’s not. There are a few key steps every organization can take to protect its digital landscape.  To protect sensitive digital assets, it’s good to start with the basics, like getting organized, understanding attack and breach implications.

But protecting digital assets comes with its own set of unique challenges and proper preparation is required to thwart off and defend against these kinds of attacks. By having safely guarded cryptographic keys and organizational data –– and a proper HSM device in place to protect them –– organizations can protect themselves against incoming ransomware attacks by preventing them from happening in the first place.


Join Hub Security’s CTO online this Thursday, April 30th for a free webinar to discuss cybersecurity threats related to ransomware, IoT vulnerability, and quantum computing.

Cyber Security Fireside Chat – Coronavirus, Government Backdoor and Cloud Vulnerability

We held a fireside chat with our very own, Andrey Iaremneko, Hub Security CTO and Shterny Isseroff discussing urging cyber security matters

Tokensoft Partners with Ex-military Cyber firm Hub Security to Provide Ultra-secure Token Platform HSM

Covid-19 prevents people from coming to work and operating the on-premise security systems that controls large amounts of assets. Hub security enables to do that remotely with the same security standard

What Is Public Key Infrastructure (PKI)?


Encryption requires high levels of cryptography and secrecy. Often encryption aids in the transfer of data from one point to another, safeguarding the data lest it is intercepted or falls into the wrong hands.

Encryption is most commonly used on documents and messages before they’re transmitted, but if the recipient of the information cannot verify its source or the identity of the sender, the authenticity of the information may not be trustworthy.

This is the primary reason for the use of keys when decrypting data. Keys are shared between the sender and receiver of encrypted communications and verified by digital certificates in order to establish the integrity of any incoming information.

In the world of data encryption and decryption, there are typically two kinds of keys, private keys, and public keys. Private keys are when both the sender and recipient of the information have an identical key that allows for the translation of the incoming data. In cases of private keys, both parties must make efforts to keep the key secret and safeguarded –– which can become challenging when more than two keys are involved.

That’s where public keys come in useful. Used more often today, public keys can be used to encode information and a private key is required to decrypt it. A good example of this would be credit card usage. While a credit card company may provide an authorization device with a key that is readily available, customers must input a pin that allows the machine to decrypt their information, making the sharing of sensitive financial data more regulated and secure.

Public keys are the basis for a Public Key Infrastructure when decrypting highly-sensitive data. PKIs enable the use of digital signatures and encryption across large user sets. The Public Key Infrastructure (PKI) is the set of hardware, software, policies, processes, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and public-keys.

Often they help establish the identity of people and devices, enabling controlled access to systems and resources, protecting data and authenticating transactions. Many of today’s emerging technologies, especially within the fintech space, are becoming more and more reliant on PKI technology to guarantee security and protection of sensitive data.

Hub Security Partners with Seagate Technology Lyve Labs Tel-Aviv

Hub Security is proud to announce its partnership with Seagate as part of its new initiative to explore ways to create safe and secure data management solutions.

Top 5 Cyber Threats Facing Cloud Security in 2020

More data and applications than ever are moving to the cloud, creating unique infosecurity challenges for both cloud providers and cloud customers alike. In this article, we outline the top 5 security threats organizations face when using cloud services.

Scroll to top

JOIN OUR NEWSLETTER

Keep up with cyber security news!