Smart buildings and factories, connected cars, wearables—all of these are part of a growing ecosystem that promises a smarter way to live. At one time, as simple tools used to connect everyday objects and appliances, Internet of Things (IoT) devices have become more than convenient fixtures; they’re necessities. The catch? As each day passes and more connected devices are put online, cybercriminals find new ways to exploit them.
With IoT increasing in popularity, more and more devices are connected to the internet than ever before. IDC reported that global IoT spending is expected to hit $1.2 trillion in 2022. Consequently, cybercriminals are getting more opportunities to create new attacks that target unsuspecting users, who are often unaware that their devices have even been compromised until it’s too late. What’s worse, with edge computing becoming more and more prevalent, billions of IoT devices will soon be directly connected to the cloud and, therefore, potentially even more vulnerable to malicious cyberattacks than they already are today.
A Closer Look at Today’s IoT Security Threat Landscape
In the first half of 2021, Kaspersky reported that 1.51 billion IoT devices were breached, increasing from 639 million breaches in 2020.
Kaspersky discovered that telnet was used in more than 872 million IoT attacks, many of which aimed to mine cryptocurrency, shut down systems through distributed denial-of-service (DDoS) or steal private data. The telnet protocol, a command-line interface that allows remote connection with a device or server, was used by most attackers to gain access to IoT networks.
The IoT is rapidly spreading across homes, businesses, and municipalities. As more devices come online, they open new vulnerabilities for cybercriminals to exploit. If left unchecked, these smart threats could wreak havoc on connected infrastructures, bringing a range of security issues with them.
According to Kaspersky 2020 IoT report, nearly three-in-ten (28%) of enterprises using IoT platforms experienced incidents involving non-computing connected devices in 2019, while 26% were affected by crypto-mining attacks, 27% experienced incidents involving data sharing suppliers, and 27% experienced infrastructure incidents involving third parties. Another study conducted by BDO found that 27% of manufacturers do not have a security strategy in place for vendors and partners involved with IoT projects.
IoT cyberattack case study
In October 2016, a DDoS attack caused by Mirai malware knocked out major websites and online services such as Twitter, Netflix, and Spotify. Although IoT devices were not originally intended to be part of a botnet (collections of internet-connected computers that hackers take over), these particular devices proved vulnerable due to factory defaults, poor security practices among users (such as leaving default usernames), and issues with software updates. Mirai’s attack peaked at a staggering 1Tbps and was believed to have utilized about 145,000 devices in the attack.
The attacks may have had a longer-term impact on Dyn and other Internet companies; data indicates that around 8% of web domains depending on Dyn’s managed DNS service discontinued the service in the immediate aftermath of the attack.
According to data compiled by BitSight, approximately 14,500 web domains that used Dyn’s managed Domain Name System services before the Mirai attack stopped using them immediately following the attack – a significant blow to the company that was the target of the global IoT botnet attack. Smart thermostats, cars, baby monitors, and TVs are hackable.
Also read: IoT Faces New Cybersecurity Threats
What Makes Connected Devices Vulnerable?
- Built-in vulnerabilities: Many IoT manufacturers overlook basic cybersecurity protocols because they view them as too costly or burdensome. This can leave many vulnerabilities for malicious actors to exploit if they find their way onto company networks or partner services that connect to IoT devices.
- Lack of proper testing and quality assurance: Inadequate security testing allows developers to miss key flaws while creating software code, leaving systems vulnerable and opening up different paths for cyber attacks.
- Products aren’t updated often enough: Manufacturers fail to provide updates after a product has shipped and forget about it until something goes wrong (or security researchers discover problems).
- The code isn’t well-audited: Many IoT products run on embedded operating systems or other software whose code hasn’t been sufficiently audited yet.
- Default passwords are often weak: If consumers haven’t changed their device passwords from their defaults, then your home networks could be easy targets for hackers.
Ways Enterprises are Guarding Against IoT Cyberattacks
Widespread attacks on vulnerable IoT devices such as smart TVs and security cameras have put enterprise networks at risk. How are companies responding? Here are seven ways enterprises are defending against these new threats and how you can prepare your organization for an attack.
- Patch management: When companies routinely apply patches, they reduce risks and vulnerabilities associated with exploits.
- Source code analysis: An adage tells us that an ounce of prevention is worth a pound of cure; source code analysis helps shed light on potential vulnerabilities, assisting organizations in detecting existing flaws or shortcomings before anyone has had time to take advantage of them through an attack vector such as malware or ransomware.
- Network vulnerability assessment: Organizations frequently conduct network vulnerability assessments as part of compliance efforts and enhanced protection against threats.
- Virtual private networks (VPNs): Companies often use VPNs to allow remote access across untrusted networks while preventing data leakage due to these poor connections by encrypting all communications over them.
- Trusted platform modules (TPMs): Many modern platforms have built-in hardware security features known as trusted platform modules (TPMs). These special chips store keys used to decrypt sensitive information stored locally so that hackers cannot steal it via pass-the-hash attacks or by sniffing packets off a network.
- Data loss prevention (DLP): While DLP technology isn’t a direct way to counter cyberattacks, it monitors systems for suspicious activity and protects sensitive data on internal systems.
- Cloud access security brokers (CASBs): Cloud access security brokers (CASBs) monitor cloud environments for suspicious activity, ensuring that confidential data doesn’t leave protected corporate environments.
Best Practices to Secure edge/IoT Devices?
Devices connected to your network are vulnerable to cyberattacks, whether they’re internet-connected printers or wearable gadgets. Most aren’t appropriately secured since these devices don’t run traditional operating systems and have limited software support. Best practices include limiting connectivity and access privileges, updating regularly, and implementing endpoint security software.
Other best practices include:
Introduce a separate Wi-Fi network
One defense strategy is to introduce a separate Wi-Fi network for IoT devices like smart refrigerators or thermostats that don’t require connectivity to PCs or company databases. This allows IoT devices to communicate with other systems within a local area but keeps them isolated from more extensive corporate networks that connect employees with data stored on internal servers.
Patch management
Keep all networked software up to date through regular patching cycles. Patches help ensure that hackers don’t exploit security vulnerabilities found after products are released. Zero-day vulnerabilities (undisclosed bugs and exploits targeting unpatched software) could lead to severe breaches without patches.
Assign static IP addresses
Static IP addresses are also effective because they eliminate any possible point of weakness that hackers could exploit. Suppose a hacker doesn’t know what address is associated with what device. In that case, it’s harder to exploit known vulnerabilities in operating systems or applications that might compromise other connected devices within a home network or local area network (LAN).
Encrypt all transmissions
While many different protocols exist to encrypt data transmission across public WiFi hotspots, enterprises should make sure to use HTTPS exclusively for connections between endpoints and web applications.
Deploy additional monitoring tools
Enterprises can leverage several tools to detect suspicious activities inside or outside their network. Tools include IDS/IPS solutions that monitor network traffic and alert users when signs of malicious activity occur and gateway security platforms that monitor incoming and outgoing traffic between networks.
Implement network segmentation
Another way to harden networks is to implement network segmentation, which isolates portions of a network from each other. Suppose a single IoT device is compromised or infected with malware. In that case, it won’t affect the rest of a company’s digital operations—which are usually kept in a segregated and protected portion of a network that separates other users from specific digital services and equipment.
Conduct security audits
Regular network security audits and penetration tests are a must for identifying weaknesses in enterprise IT infrastructure that could expose IoT devices to cyberattacks. These tests assess whether security measures are sufficient and serve as blueprints for future attacks, and help prevent them from occurring in subsequent penetration tests.
Read next: 12 Tips for Mitigating Security Risks in IoT, BYOD-driven Enterprises
The post Containing Cyberattacks in the Age of IoT appeared first on Enterprise Networking Planet.
