Connect with us

Published

on

Krisanapong Detraphiphat | Moment | Getty Images

John Hultquist, vice president of intelligence analysis at Google-owned cybersecurity firm Mandiant, likens his job to studying criminal minds through a soda straw. He monitors cyberthreat groups in real time on the dark web, watching what amounts to a free market of criminal innovation ebb and flow.

Groups buy and sell services, and one hot idea — a business model for a crime — can take off quickly when people realize that it works to do damage or to get people to pay. Last year, it was ransomware, as criminal hacking groups figured out how to shut down servers through what’s called directed denial of service attacks. But 2022, say experts, may have marked an inflection point due to the rapid proliferation of IoT (Internet of Things) devices.

Attacks are evolving from those that shut down computers or stole data, to include those that could more directly wreak havoc on everyday life. IoT devices can be the entry points for attacks on parts of countries’ critical infrastructure, like electrical grids or pipelines, or they can be the specific targets of criminals, as in the case of cars or medical devices that contain software.

“What I wish is that the vulnerabilities of cybersecurity could never negatively affect human life and infrastructure,” says Meredith Schnur, cyber brokerage leader for US & Canada at Marsh & McLennan, which insures large companies against cyberattacks. “Everything else is just business.”

For the past decade, manufacturers, software companies and consumers have been rushing to the promise of Internet of Things devices. Now there are an estimated 17 billion in the world, from printers to garage door openers, each one packed with software (some of it open-source software) that can be easily hacked. In a conversation Dec. 26 with The Financial Times, Mario Greco, the group CEO of giant insurer Zurich Insurance Group, said cyberattacks could pose a larger threat to insurers than pandemics and climate change, if hackers aim to disrupt lives, rather than merely spying or stealing data.

IoT devices are a key entry point for many attacks, according to Microsoft’s Digital Defense Report 2022. “While the security of IT hardware and software has strengthened in recent years, the security of Internet of Things (IoT) … has not kept pace,” according to the report.

A rash of attacks that reached the physical world through the cyber world in the past year show the rising stakes. Last February, Toyota stopped operations at one of its plants because of a cyberattack. In April, Ukraine’s power grid was targeted. In May, the Port of London was hit with a cyberattack. That followed up on a 2021 that included to major attacks on critical infrastructure in the U.S., taking down energy and food supply operations of Colonial Pipeline and the JBS meatpacking conglomerate.

What many experts are anticipating is the day enterprising criminals or hackers affiliated with a nation-state figure out an easy-to-replicate scheme using IoT devices at scale. A group of criminals, perhaps connected to a foreign government, could figure out how to take control of many things at once – like cars, or medical devices. “We have already seen large-scale attacks using IoT, in the form of IoT botnets. In that case, actors leveraging unpatched vulnerabilities in IoT devices used control of those devices to carry out denial of service attacks against many targets. Those vulnerabilities are found regularly in ubiquitous products that are rarely updated.”

In other words, the possibility already exists. It’s only a question of when a criminal or a nation decides to act in a way that targets the physical world at a large scale. “It’s not always the art of the possible. It’s a market-driven thing,” Hultquist said. “Somebody figures out a scheme that is successful at making money.”

Aside from responding rapidly to attacks, the only answer to the “cat-and-mouse game” is constant innovation, says Shlomo Kramer, an early investor in Palo Alto Networks and currently one of the top cyber security investors worldwide.

There are a handful of companies, new regulatory approaches, a growing focus on cars as a particularly important area, and a new movement within the software engineering world to do a better job of incorporating cybersecurity from the beginning.

Internet of Things has a big update problem

The cybersecurity industry is upping its game. Companies including ForeScout and Phosphorus focus on Internet of Things security, which has a heavy emphasis on constant inventory of “endpoints” – where new devices connect to a network.

But one of the key problems in Internet of Things security is that there isn’t a good process for updating devices with patches, as new vulnerabilities, hacks or attacks are discovered, says Greg Clark, former CEO of Symantec, currently the chairman of Forescout. Many users are accustomed to downloading updates and patches to computers and phones; and even in those cases, a significant number of users don’t bother to do the updates.

The problem is much worse in the IoT: For instance, who bothers to update their garage-door opener? “Not many of the IoT devices have a system to update the code,” says Clark. “It becomes a serious problem to remediate the vulnerabilities in the IoT.”

He said one focus for cybersecurity companies has become putting controls around the devices so they can only do a specific set of things. That way, the devices can’t be weaponized to launch attacks on other networks. “There are a lot of hammers swinging,” Clark said, on products that make the IoT more secure).

Medical devices, which are seen as particularly important and particularly vulnerable, are one focus. Last month, Palo Alto Networks announced a new product aimed at medical device makers.

IoT device makers are not regulated enough

Because the challenges are new, and cut across industries, the U.S. guidelines and regulations remain patchwork. That has left a lot of IoT cybersecurity up to consumers and companies across sectors, rather than the many manufacturers making IoT devices.

“I’m hopeful there will be some new standards, and newer regulations that will force the vendors to do more,” says Randy Trzeciak, director of the science information and security policy & management program at Carnegie Mellon University. “There should be a national discussion around insuring device security, and where the manufacturer needs to take some ownership and responsibility.”

Clark said CISA and the National Institutes of Standards and Technology are working together, issuing guidelines for the thousands of manufacturers that make IoT devices covering such things as ensuring that IoT devices identify themselves to networks as they are added to them. In 2020, the U.S. Congress turned the guidelines into a law, but only for companies that supply the U.S. government with IoT devices. A spokesman for the National Institutes of Standards and Technology says this is the only national law the agency knows of. Some state-specific and industry-specific laws also exist: For instance, data in medical devices would be covered by HIPAA, and the National Highway Traffic Safety Administration has some jurisdiction over cars.

Some investors and executives cautiously welcome the increasing involvement of regulators. “It’s simply too complex,” Kramer said. “There’s not enough qualified and experienced security people.”

How cars are being targeted

As more criminal hackers aim attacks at the physical sphere, cars are a target. That includes theft, with attackers exploiting the keyless entry systems, but also attacks on sensitive information now being stored in cars, such as maps and credit card data.

Led by the European Union, countries around the world are rapidly adopting cybersecurity regulations for cars, with the EU’s coming into effect in July of last year.

The transition to electric vehicles has created an opportunity for regulators to get ahead of the criminals. As the new technology lowered the barriers to entry, more car companies entered the market. In turn, that has created an opportunity for regulators to work with industry groups that want to protect their home-grown industries.

The concerns about cars are nothing new. In one landmark experiment in 2015, two hackers attacked a Jeep Cherokee. “They shut down the engine on the highway – the brakes didn’t respond. This is not a pleasant situation,” said David Barzilai, CEO of a six-year-old Israeli company called Karamba Security, which helps car companies make their IoT devices more secure.

Barzilai says that in the past 12 months, there were dozens of attacks, both by serious criminal gangs and teen-agers. “When we started six years ago, the attacks were by states, mostly China,” he says. “Within the last 12 months, there’s a democratization” in car attacks, he said, pointing to the case in January 2022 of the teen who figured out how to access the control systems of a few dozen Teslas at once,  last January — have already done.

Connected cars usually have SIM cards, that hackers can attack via cellular networks, he said. “All cars of the same vehicle model use the same software,” he said. “Once hackers identify a vulnerability, and a way to exploit it remotely, they can replicate the attack on other vehicles.” 

Cybersecurity grew as an industry mostly as an after-the-fact attempt to fix software and hardware that was long since on the market, as criminals and foreign governments discovered vulnerabilities in the systems that they could exploit. One study by IBM‘s System Science’s Institute found it costs six times more to fix a cybersecurity vulnerability while software is being implemented than when it is under development. The IoT is still relatively new as an industry, giving security-minded developers a chance to get ahead of the cat-and-mouse game, says Trzeciak, and there’s a growing movement of researchers and developers working on this, including Carnegie Mellon’s Software Engineering Institute’s DevSecOps initiative, which aims to add security into earlier phases of software development. That process-based innovation could make all kinds of software, including that in cars and medical devices, more secure — and therefore, the devices safer.

Continue Reading

Technology

Chinese EV players take fight to legacy European automakers on their home turf

Published

on

By

Chinese EV players take fight to legacy European automakers on their home turf

Xpeng CEO He Xiaopeng speaks to reporters at the electric carmaker’s stand at the IAA auto show in Munich, Germany on September 8, 2025.

Arjun Kharpal | CNBC

Germany this week played host to one of the world’s biggest auto shows — but in the heartland of Europe’s auto industry, it was buzzy Chinese electric car companies looking to outshine some of the region’s biggest brands on their home turf.

The IAA Mobility conference in Munich was packed full of companies with huge stands showing off their latest cars and technology. Among some of the biggest displays were those from Chinese electric car companies, underscoring their ambitions to expand beyond China.

Europe has become a focal point for the Asian firms. It’s a market where the traditional automakers are seen to be lagging in the development of electric vehicles, even as they ramp up releases of new cars. At the same time, Tesla, which was for so long seen as the electric vehicle market leader, has seen sales decline in the region.

Despite Chinese EV makers facing tariffs from the European Union, players from the world’s second-largest economy have responded to the ramping up of competition by setting aggressive sales and expansion targets.

“The current growth of Xpeng globally is faster than we have expected,” He Xiaopeng, the CEO of Xpeng told CNBC in an interview this week.

Aggressive expansion plans

Chinese carmakers who spoke to CNBC at the IAA show signaled their ambitious expansion plans.

Xpeng’s He said in an interview that the company is looking to launch its mass-market Mona series in Europe next year. In China, Xpeng’s Mona cars start at the equivalent of just under $17,000. Bringing this to Europe would add some serious price competition.

Xpeng steps up global rivalry with mass-market Mona EV series

Meanwhile, Guangzhou Automobile Group (GAC) is targeting rapid growth of its sales in Europe. Wei Haigang, president of GAC International, told CNBC that the company aims to sell around 3,000 cars in Europe this year and at least 50,000 units by 2027. GAC also announced plans to bring two EVs — the Aion V and Aion UT — to Europe. Leapmotor was also in attendance with their own stand.

There are signs that Chinese players have made early in roads into Europe. The market share of Chinese car brands in Europe nearly doubled in the first half of the year versus the same period in 2024, though it still remains low at just over 5%, according to Jato Dynamics.

“The significant presence of Chinese electric vehicle (EV) makers at the IAA Mobility, signals their growing ambitions and confidence in the European market,” Murtuza Ali, senior analyst at Counterpoint Research, told CNBC.

Tech and gadgets in focus

Many of the Chinese car firms have positioned themselves as technology companies, much like Tesla, and their cars highlight that.

Many of the electric vehicles have big screens equipped with flashy interfaces and voice assistants. And in a bid to lure buyers, some companies have included additional gadgets.

For example, GAC’s Aion V sported a refrigerator as well as a massage function as part of the seating.

The Aion V is one of the cars GAC is launching in Europe as it looks to expand its presence in the region. The Aion V is on display at the company’s stand at the IAA Mobility auto show in Munich, Germany on September 9, 2025.

Arjun Kharpal | CNBC

This is one way that the Chinese players sought to differentiate themselves from legacy brands.

“The chances of success for Chinese automakers are strong, especially as they have an edge in terms of affordability, battery technology, and production scale,” Counterpoint’s Ali said.

Europe’s carmakers push back

Legacy carmakers sought to flex their own muscles at the IAA with Volskwagen, BMW and Mercedes having among the biggest stands at the show. Mercedes in particular had advertising displayed all across the front entrance of the event.

BMW, like the Chinese players, had a big focus on technology by talking up its so-called “superbrain architecture,” which replaces hardware with a centralized computer system. BMW, which introduced the iX3 at the event, and chipmaker Qualcomm also announced assisted driving software that the two companies co-developed.

Volkswagen and French auto firm Renault also showed off some new electric cars.

Regardless of the product blitz, there are still concerns that European companies are not moving fast enough. BMW’s new iX3 is based on the electric vehicle platform it first debuted two years ago. Meanwhile, Chinese EV makers have been quick in bringing out and launching newer models.

“A commitment to legacy structures and incrementalism has slowed its ability to build and leverage a robust EV ecosystem, leaving it behind fast moving rivals,” Tammy Madsen, professor of management at the Leavey School of Business at Santa Clara University, said of BMW.

While European autos have a strong brand history and their CEOs acknowledged and welcomed the competition this week in interviews with CNBC, the Chinese are not letting up.

VW CEO says "when you have good competitors you have to be better"

“Europe’s automakers still hold significant brand value and legacy. The challenge for them lies in achieving production at scale and adopting new technologies faster,” Counterpoint’s Ali said.

“The Chinese surely are not waiting for anyone to catch-up and are making significant gains.”

Continue Reading

Technology

OpenAI announces new mentorship program for budding tech founders

Published

on

By

OpenAI announces new mentorship program for budding tech founders

Dado Ruvic | Reuters

OpenAI on Friday introduced a new program, dubbed the “OpenAI Grove,” for early tech entrepreneurs looking to build with artificial intelligence, and applications are already open.

Unlike OpenAI’s Pioneer Program, which launched in April, Grove is aimed towards individuals at the very nascent phases of their company development, from the pre-idea to pre-seed stage.

For five weeks, participants will receive mentoring from OpenAI technical leaders, early access to new tools and models, and in-person workshops, located in the company’s San Francisco headquarters.

Roughly 15 members will join Grove’s first cohort, which will run from Oct. 20 to Nov. 21, 2025. Applicants will have until Sept. 24 to submit an entry form.

CNBC has reached out to OpenAI for comment on the program.

Following the program, Grove participants will be able to continue working internally with the ChatGPT maker, which was recent valued $500 billion.

Other industry rivals have also already launched their own AI accelerator programs, including the Google for Startups Cloud AI Accelerator last winter. Earlier this April, Microsoft for Startups partnered with PearlX, a cohort accelerator program for pre-seed companies.

Nurturing these budding AI companies is just a small chip in the recent massive investments into AI firms, which ate up an impressive 71% of U.S. venture funding in 2025, up from 45% last year, according to an analysis from J.P. Morgan.

AI startups raised $104.3 billion in the U.S. in the first half of this year, and currently over 1,300 AI startups have valuations of over $100 million, according to CB Insights.

Continue Reading

Technology

Benioff says he’s ‘inspired’ by Palantir, but takes another jab at its prices

Published

on

By

Benioff says he's 'inspired' by Palantir, but takes another jab at its prices

Salesforce CEO Marc Benioff on what the market is getting wrong about AI

Marc Benioff is keeping an eye on Palantir.

The co-founder and CEO of sales and customer service management software company Salesforce is well aware that investors are betting big on Palantir, which offers data management software to businesses and government agencies.

“Oh my gosh. I am so inspired by that company,” Benioff told CNBC’s Morgan Brennan in a Tuesday interview at Goldman Sachs‘ Communacopia+Technology conference in San Francisco. “I mean, not just because they have 100 times, you know, multiple on their revenue, which I would love to have that too. Maybe it’ll have 1000 times on their revenue soon.”

Salesforce, a component of the Dow Jones Industrial Average, remains 10 times larger than Palantir by revenue, with over $10 billion in revenue during the latest quarter. But Palantir is growing 48%, compared with 10% for Salesforce.

Benioff added that Palantir’s prices are “the most expensive enterprise software I’ve ever seen.”

“Maybe I’m not charging enough,” he said.

Read more CNBC tech news

It wasn’t Benioff’s first time talking about Palantir. Last week, Benioff referenced Palantir’s “extraordinary” prices in an interview with CNBC’s Jim Cramer, saying Salesforce offers a “very competitive product at a much lower cost.”

The next day, TBPN podcast hosts John Coogan and Jordi Hays asked for a response from Alex Karp, Palantir’s co-founder and CEO.

“We are very focused on value creation, and we ask to be modestly compensated for that value,” Karp said.

The companies sometimes compete for government deals, and Benioff touted a recent win over Palantir for a U.S. Army contract.

Palantir started in 2003, four years after Salesforce. But while Salesforce went public in 2004, Palantir arrived on the New York Stock Exchange in 2020.

Palantir’s market capitalization stands at $406 billion, while Salesforce is worth $231 billion. And as one of the most frequently traded stocks on Robinhood, Palantir is popular with retail investors.

Salesforce shares are down 27% this year, the worst performance in large-cap tech.

Stock Chart IconStock chart icon

hide content

Salesforce and Palantir year to date stock chart.

We're seeing an incredible transformation in enterprise, says Salesforce CEO Marc Benioff

Continue Reading

Trending