On the eve of 20th September, the source code of the Mirai botnet responsible for one of the biggest known cyber-attacks originating and targeting IoT (Internet of Things) devices was released. IoT devices are interconnecting physical devices such as webcams, thermostats, sensors, and other devices that collect and exchange data and can be controlled by end-users over a network. The Mirai botnet has recently been used to deploy a DDoS (Distributed denial-of-service) attack generating 620 Gbps of traffic against the website of the famous American journalist Brian Krebs.
It is particularly noticeable that despite the huge amount of generated traffic, the attack did not rely on any amplifier, but rather used the IoT devices as entry points for these attacks. According to forecasts, there will be as many as 6.4 billion IoT devices connected to the internet in 2016, and this number is expected to reach 20.7 billion by 2020. These staggering figures combined with the release of the botnet source code, poses a critical threat for the existing IoT infrastructure in the industry, as well as for end-users.
As a part of the H2020 framework, the biotope project aims to provide an ecosystem for such smart devices which will also address the security aspect of such devices. itrust consulting plays a leading role in developing the security toolkit that will protect such smart devices against potential cyber-attacks. Such toolkit will seamlessly integrate within the framework of the biotope project providing a complete and secure System-of-System platform for IoT devices.
itrust consulting’s SECaaS addresses IT Security Outsourcing defined as top priority in the recently published statistical data on IT Outsourcing Statistics 2016/2017 by Computer Economics.
itrust consulting is successfully active in this domain for several years now, even before it has been identified as a market trend on the Information Security sector. Meanwhile itrust consulting is recognised by its private and public customers as reliable partner for Security Outsourcing, next to the other services offered, as Audit and Ethical Hacking, Malware Analysis, Research & Development Security Consultancy, Training and Awareness.
Ben Fetler presented a scientific paper entitled "Information Security Maturity as an Integral Part of ISMS based Risk Management Tools" (Authors: Ben Fetler, Carlo Harpes), during the tenth international conference on emerging security information, systems and technologies - SECURWARE 2016 in Nice, France.
Gadyatskaya O., Harpes C., Mauw S., Muller C., Muller S.
(2016) Bridging Two Worlds: Reconciling Practical Risk Assessment Methodologies with Theory of Attack Trees.
In: Kordy B., Ekstedt M., Kim D. (eds) Graphical Models for Security.
GraMSec 2016. Lecture Notes in Computer Science, vol 9987. Springer, Cham.
itrust consulting is proud to announce that the project DIAMONDS, co-funded by the Ministry of Economy and coordinated by Fraunhofer FOKUS, Berlin, has received the EUREKA Innovation award 2015/2016 for added value. The 300k€ investment at itrust consulting allowed us to create a pentesting platform TRICK tester, a reverse engineering open-source tool called malwasm, the portal avcaesar.malware.lu sharing information on malware, a maturity model for risk assessment and treatment, etc. It finally helps to set up the first private CERT in Luxembourg, malware.lu CERT, and offers pentesting services, which creates essential added value for itrust consulting.
itrust consulting actively participates in the debates on the ISO security standardisation ISO/IEC JTC 1/SC 27.
Please register to make a presentation on our industrial Workshop ADaCoR. See Letzebuerger Gemengen's article and the flyer below for additional details.
Carlo Harpes, managing director of itrust consulting, assisted to the kick-off meeting of bIoTope, an EU funded H2020 project. itrust consulting is involved to specify and develop security services for the Internet of Things (IoT), together with the University of Luxembourg and other partners. In particular, itrust consulting will support SmartCity and SmartHome pilots in Brussel, Lyon and Helsinki.
itrust consulting's team wishes you Merry Christmas and Happy New Year 2016!
Sending our greetings by e-mail allows us to donate our end-of-year budget for presents and paper-based greeting cards to the following organisations instead:
- Caritas Luxembourg, for their project "Solidarity and integration" supporting the Syrian refugees in Luxembourg;
- Raoul Follereau ONG, for their project "Sterengthening the educational institution's capacity in the region of Ségou" in Mali.
On invitation by the Lycée Ermesinde in Mersch, C. Harpes participated to a brainstorming together with teachers and students, on the evolution of Information and Communication Technologies (ICT) and the expectation of the sector toward the school system.
For C. Harpes, the ICT sector offers more opportunities than just programming. The use of ICT and new media should be part of any school subject, particularly languages. Basic concepts like firewalls, geolocation, cloud, software installation, and protection of personal data should already be taught to the youngest pupils at secondary schools, as a large majority of our population uses such technologies without fully understanding them or even roughly knowing the related risks and opportunities.
Finally, the very open discussion highlighted that the essential skill required in this sector is the motivation and perseverance in problem solving. Wrongly considered as a predominantly male occupation, the increasing requirement for excellent communication skills should make this sector equally attractive for female candidates.