End users and Critical Infrastructures are the preferred targets, also within Cities:
In 2006, John Aycock published in his book “Computer Viruses and Malware”, a timeline for malware and virus. The first one was a virus which attacked single computers. Then, with the growth of local networks and Internet, worms were developed, special kind of viruses able to propagate exploiting vulnerabilities on servers or tricking the users via e-mail messages. Paraphrasing the timeline “You are here” and “You are now the target”.
Actually, the attackers have a double focus. On one side the interest is for “Servers and Networks”, on the other side, interest is for “End Users”. We read in newspaper about “Phishing”, “Pharming” and “Banking Malware”. Yes, actually the focus is also on user’s credentials, Twitter or Facebook accounts, and on mobile devices.
In 2012, with a famous attack “Eurograbber” attackers have stolen about 36M euros. Attacks focused on End Users in Europe – mainly in Italy and Germany – compromising users computers and mobile phones to grab money from their bank account. At Techub S.p.A. we did a research on a “Over Eurograbber” scenario, presented at “Banks and Security 2013” event in Italy in which there was a combination of End User attacks – like Eurograbber – exploiting the most common web vulnerabilities such as Cross Site Scripting and Open Redirect. In this scenario, the attack was simplified – with an increased probability of success – and adding responsibility not only to the End Users.
What about countermeasures for End Users? In order to protect users, organisations like W3C and IETF, in conjunction with Browser Vendors, are working on some HTTP Security Headers to get additional protection. Developers, in particular with the use of HTML5, are advised to declare Content Security Policy, Cross Origin Resource Sharing and some custom headers to mitigate UI Redressing and one for X-XSS-Protection.
Back to the server-side, the attention is on Critical Services. Offering digital services within cities – as in CitySDK mission – makes a great connection between End User’s Life and Critical Services. In this context, Security and Standards are important, and developers must pay attention to it.