Smart Cities Under Attack
Smart cities will undoubtedly experience increased exploits until authorities give cybersecurity the priority it deserves. Hackers have demonstrated a propensity to take advantage of any vulnerability.
A smart city gathers and analyses data using sensors and linked devices. The management of resources, improvement of daily living for inhabitants, and optimisation of city operations all rely on this data. Smart cities use technology to enhance and control traffic, and public transportation accessibility, manage water and power supply and improve law enforcement, educational institutions, healthcare facilities, and other services.
How Does a Cities Become Smart cities?
There are three main operational layers in smart cities:
- Technical Layer: Numerous sensors and connected devices are utilised to offer various services.
- Dedicated Applications: Computer programmes used by people and city officials to enhance city operations.
- Application Use: Designated people within the city who implement and use the applications.
Three examples of city activities that turn it to smart cities:
Smart Transportation: Enables better traffic management through signal control systems, smart cards, and navigational apps. Smart transportation solutions alert vehicles to available parking spaces, alert drivers to traffic incidents, and alert travellers to traffic and other road conditions.
Based on smart metres that collect information on energy and water consumption and usage. Cities can control supplies thanks to this information. Providing extra water or energy to areas of the city that use more resources is one example.
Utilising technology and innovative gadgets to improve health treatment and diagnostics. Smart sensors, for instance, can identify air or water pollution before it concerns the public’s health. Additionally, sensors can collect information from hospitals and track the spread of diseases.
Most common cyber attacks on smart cities
Around the world, smart cities have deployed billions of connected “things.” The growth of the Internet of Things (IoT) presents a variety of weaknesses that cybercriminals and other bad actors can take advantage of. Smart cities are intended to boost productivity and efficiency, but if cyber security is not taken seriously, they could pose significant hazards to citizens and the government. There are countless approaches and potential vulnerabilities. However, some of the more widespread attacks include:
- Advanced Persistent Threats (APT)
- Data and identity theft
- Man in the middle (MitM)
Advanced Persistent Threats (APT)
The technologies that enable everything to be connected are essential to smart cities. As a result of their interconnectedness and the requirement to integrate new technologies with legacy systems, they are particularly vulnerable to cyberattacks, particularly those carried out by the Advanced Persistent Threat (APT).
The IoT networks, standard in many places, have recently come under attack from cybercriminals responsible for APT attacks. In this study, we used a dataset on Advanced Persistent Threats (APT) that was made publically available and created a data-driven method for identifying APT stages utilising the Cyber Kill Chain.
APTs are one of security professionals’ most significant difficulties since they are highly advanced, targeted attacks that can elude intrusion detection systems.
The primary risk associated with APT assaults is that even when they are identified, and the immediate danger seems to have passed, the hackers may have left several backdoors open that enable them to reappear whenever they choose. In addition, many common cyber defences, such as firewalls and antivirus software, aren’t always able to stop these attacks.
Data and Identity Theft in Smart Cities
As stated, identity theft occurs when someone steals another person’s identity, or more specifically, personal data like a social security number, to commit fraud, most often for financial benefit. The offender is aware that they have stolen someone else’s identity, and their goal is to utilise it to open new accounts or make changes to ones that already exist using the stolen identity.
Since the individual conducting the crime will have access to a list of resources linked to the stolen identity, all sensitive personal information is in danger. Then, accounts in sectors like healthcare, finance, insurance, gaming, and others can be made using these resources.
Once an identity has been stolen, anything the victim may possess that is useful to identity thieves is fair game.
One in five Europeans has suffered identity fraud in the past two years, making identity theft a big problem in Europe and worldwide. Additionally, as the world becomes more digitalised, identity theft is becoming more common, with a new victim being reported every two seconds.
What are the Types of Identity Theft?
Identity theft comes in various forms, each with particular difficulties. The following types are among the most typical:
Financial: The most common kind occurs when a criminal access your bank accounts and credit cards and utilises them to make unlawful purchases.
Social Security: This happens when someone obtains another person’s social security number and uses it to make credit cards, loans, or other benefit applications.
Medical: When someone uses another person’s insurance information to obtain medical treatment or services, it is considered medical identity theft.
Tax: When someone files a fraudulent tax return and requests a refund using another person’s social security number, it is known as tax identity theft. Identity thieves may also apply for government benefits like food stamps or unemployment compensation.
Synthetic: When committing synthetic identity theft, a thief will combine bogus and actual information from an ID to establish a new identity. Then, using this new identity, fraudsters register additional accounts and make fraudulent purchases.
Child: Child identity theft occurs when a criminal obtains a child’s private and sensitive information to get money, employment, or perhaps avoid being apprehended. Children are easy prey since they have less personal information linked with their names and are oblivious to identity theft.
Criminal: Criminal identity theft is when a person assumes another person’s identity to avoid being arrested, serving a warrant, or being subjected to a background investigation.
Man in the middle (MitM)
A MITM(man-in-the-middle) attack is a cyberattack in which attackers eavesdrop on or appear to be legitimate participants to intercept an ongoing conversation or data transfer. It will seem to the target as though a typical information exchange is taking place. Still, the attacker can stealthily hijack information by getting in the “between” of the conversation or data transfer.
A MITM attack seeks to obtain sensitive information such as login information, credit card numbers, or bank account information that can be used to commit additional crimes, including identity theft or unauthorised financial transfers. Since MITM attacks occur in real time, they are often only discovered once it is too late.
The Two Phases of a Man-in-the-Middle Attack
Interception as main problem in Smart cities
Before it reaches its destination the initial stage involves intercepting user traffic across the attacker’s network before it reaches its destination.
By distributing free, malicious WiFi hotspots to the general population, an attacker can carry out a passive attack, which is the most typical (and straightforward) method of achieving this. When a victim connects to one of these hotspots, the attacker has complete access to any online data transfer. They usually don’t have password protection, and their names typically match where they are.
Attackers who want to engage in more direct interception may carry out one of the following actions:
- By changing packet headers in an IP address, an attacker can impersonate an application using IP spoofing. Users who attempt to browse a URL linked to the programme are consequently redirected to the attacker’s website.
- ARP spoofing is utilising phoney ARP messages to connect an attacker’s MAC address with a valid user’s IP address on a local area network. As a result, information that the user intended to send to the host IP address is instead delivered to the attacker.
- DNS spoofing, sometimes referred to as DNS cache poisoning, entails hacking a DNS server and changing the address record of a website, resulting in users attempting to access the website being routed to the attacker’s website by the modified DNS record.
Decryption
Any two-way SSL traffic must be encrypted after being intercepted without notifying the user or application. There are numerous ways to accomplish this:
- As soon as a connection request to a secure site is initiated, HTTPS spoofing delivers a fake certificate to the victim’s browser. Any information submitted by the victim before it is provided to the programme is then accessible to the attacker. The compromised application’s digital thumbprint is stored, and the browser can verify it by comparing it to a list of recognised websites.
- A TLS version 1.0 vulnerability in SSL is the focus of SSL BEAST (a browser hack against SSL/TLS). Here, malicious JavaScript has infected the victim’s PC and intercepts encrypted cookies sent by a web application. After that, the app’s cypher block chaining (CBC) is hacked, allowing its cookies and login tokens to be decrypted.
- When an attacker gives the user and application fake authentication keys during a TCP handshake, SSL hijacking happens. As a result, the guy in the middle controls what seems to be a secure connection.
- By intercepting the TLS authentication transmitted from the programme to the user, SSL stripping degrades an HTTPS connection to HTTP. While the user is still connected to the application’s secured session, the attacker sends them an unencrypted site version. The attacker can see the user’s complete session in the meantime.
These are only a few ways malicious actors might target smart cities. It’s not all bad news, either. Cities may reduce security dangers to a minimum if the proper precautions are taken, and local officials act responsibly. How? Read on.
Smart Cities Security Solutions
Cities can reduce the risks associated with cyber security by implementing several safeguards and obtaining the appropriate assistance. There are two ways how to do this.
The first entails paying a security company to break into a network and find weaknesses. After an assault, the security company will identify any vulnerabilities and provide workable defences. In essence, external companies will imitate attacks and search for flaws. Although this kind of penetration testing is excellent, it is preferable.
Even if hackers can gain access, cities can use a second security mechanism to defend their connected infrastructure. To maintain the security of smart cities, the following elements must be a regular part of a city’s cyber security programme:
Encrypted data – There should never be a data breach. Data can be encrypted to make it useless and unreadable for everyone but those with the encryption key needed to decode it. Additionally, the encryption key should be utilised with two-factor authentication. Encryption should be utilised as standard practice because the infrastructure for smart cities deals with sensitive data. In this manner, hackers won’t be able to use sensitive PII data even if they get their hands on it.
Constant security monitoring – A dedicated team that can monitor traffic and look for anomalies is needed for security monitoring. Security tools that can analyse large amounts of data and look for signs of compromise can automate this. Potential danger areas can be isolated as soon as they are found, averting any data breaches.
A far-reaching support platform – Any new platform for support should be able to secure various connected environments and objects. One overarching security system needs to be implemented since smart cities comprise many networks, SaaS, IaaS, and cloud environments. This is necessary to safeguard every component of an interconnected city.
A smart city can be secured with these basic security procedures. These services aren’t free, though. Cost is a concern, as many municipalities and administrations currently do not have a designated cybersecurity budget.
Predictive Analytics and Big Data
Cybersecurity is a field that is continually changing. As organisations learn what works and what doesn’t, new threats develop, new technologies are introduced, and security policies and processes vary. It’s crucial to examine data to identify security threats and what actions may be taken to minimise them to remain ahead of these developments. When it comes to cyber security, predictive analytics has the potential to be a game-changer.
A crucial aspect of security is prediction. Based on historical data, it enables companies to evaluate the chance of a variety of situations happening—this aids businesses in thwarting dangers before they materialise.
The predictive analysis is expanded upon by predictive analytics. It can generate several hypotheses as opposed to just one prediction at a time to ascertain what might be the most likely result of an occurrence. This can entail estimating the probability that a specific event will occur based on a number of elements, such as past data, user behaviour, and outside variables.
How Predictive Analytics Can Change Cybersecurity
Organisations can stave off cyberattacks using security analytics to spot signs of illicit activity. By projecting various scenarios, analysts can plan for these events with more time to react. Assume, for instance, that a company noticed many user logins from a particular nation. If so, it can develop a model to determine whether this user behaviour heralds nefarious action.
Predictive analytics is another tool that security teams can employ to anticipate potential attacks and prepare for them. The success of an attack might be predicted using predictive analytics, which would then prompt an immediate response to take appropriate action. This can entail spreading knowledge about a new threat so that team members are better equipped to stop it if it materialises.
Big Data
Integrating big data into cybersecurity to enhance threat detection with a more sophisticated method. Any system’s detection process must quickly pick up both significant and subtle system changes.
Rapid and real-time completion of the sophisticated analysis is required. To examine the history and present data from many data sources, advanced analytical tools are needed, which is only achievable with a Big Data-based solution framework.
