You are here

You are here

Lives, property, economies, and the IoT risk

Kate Scarcella Chief Cybersecurity Architect, CyberRes
Heart rate sensor circuit

IoT devices are running our lives, and we barely notice it. We've got closed-circuit cameras and video doorbells to protect our property. We've got computer-controlled lawn sprinklers and smart lights to save us money. We've got robot vacuums to clean our floors, voice-enabled remotes to relieve us of pushing buttons, and smart refrigerators to tell us when we're running low on beverages and other sundries.

Businesses, too, are becoming more dependent on IoT devices, which can improve efficiencies and reduce costs. In fact, advancements in IoT have had a transformational impact on some industries, such as energy, automotive, and agriculture.

But with great ubiquity comes great risk. Most IoT devices aren't natively secure. They're notorious for being unsecured, unmanaged, and lacking critical software to keep them safe. Making matters worse, the devices are proliferating exponentially, creating orchards of ripe targets for malicious actors.

Industries bearing the brunt

Attacks on those targets can be catastrophic and occur in a variety of industries.

In agriculture, for example, devices are used to determine how to plant seeds, when to plant them, when to harvest them, and when and how much to water them. An attack on those devices can result in crop failures, famine, and farm bankruptcies.

In the automotive industry, vehicles are laden with IoT devices to take tasks out of the hands of humans and into the circuits of machines. Within a few years, it's expected that fully autonomous trucks will be transporting goods on our highways. Those rigs will be bristling with IoT devices to enable navigation and other tasks. Attacks on those devices could lead to lost cargoes or, worse, crashes costing human lives.

In the renewable energy field, which will be expanding rapidly as nations try to avert a global warming catastrophe, cyber attacks could lead to the destruction of alternative energy infrastructure and power disruptions.

But you needn't be in a bad actor's crosshairs. Here are some factors to consider.

Ease and speed of compromise

Attacks on IoT devices aren't part of some future scenario. They're happening now, and they're happening in huge numbers. To get some visibility into the situation, we recently exposed an unsecured IoT to the Internet. After thousands of drive-by attacks, within 36 minutes the device was discovered by threat actors. Four minutes later, it was compromised by an attacker who connected to it using the Secure Shell protocol (SSH).

The attacker then performed some reconnaissance on the device and checked its connectivity. Within 42 minutes of being exposed to the Internet, the device was broadcasting malicious outbound traffic. Within the first three hours of exposure, a successful root login took place and the device was added to a Mirai botnet. Mirai is largely used to launch distributed denial-of-service attacks.

Although the device had been compromised by one adversary, others continued to launch password-guessing attacks against it. To further secure the device, the hacker who compromised it changed the passwords to flash the BIOS and NVRAM module and changed the password for all the accounts on the machine to a hard-to-guess password. Password-guessing attacks on the device continued until the device was removed from the Internet.

The key for IoT: Endpoint security

The ease at which attackers can compromise an IoT device would shock security pros, if they weren't being inundated by the amount of data produced by these devices. On an oil rig, for example, there can be upwards of 30,000 sensors producing more than a petabyte of data a day.

Securing that many devices and that amount of data will require organizations operating in the IoT space to rethink their security posture. That re-evaluation should include securing the IoT endpoints with software agents and robust analytics that can scale to meet an organization's demands.

An endpoint agent can provide an IoT device with the kind of security needed to guard it against compromise. It should be able to foil access attacks, such as attempts at authentication manipulation, man-in-the-middle attacks, malicious data input and messages, and data input injection.

It should also address exploits, such as changing data in files and memory, installing malware, full image replacement, command interaction, and return-oriented programming, a.k.a. chunk-borrowing. This is where an attacker uses control of the call stack to indirectly execute machine instructions or groups of machine instructions.

By thwarting those kinds of access and exploit attacks, the agent should be able to prevent the device from becoming part of a threat actor's command and control network, as well as prevent using it to steal data, and prevent its operation from being altered.

Need for AI/ML analytics

As powerful as an agent can be in preventing a device from being compromised, there's always the potential for an attacker to gain control of a device, typically by obtaining legitimate credentials through social engineering or outright theft. That's where a solution that includes analytics to flag anomalous behavior by the device can come in handy.

Such behaviors can include an unusual number of authentication attempts made to or from a device, unusual commands or command arguments on a device, an unusual spike in events from the device, device operation at an unusual time or from an unusual place, or an unusual number of network locations.

Because there can be billions of events occurring on an IoT network producing hundreds of anomalies, it's important that any analytics component include artificial intelligence and machine learning to whittle down that data to a manageable number of high-quality leads that can be followed up by security teams.

Don't delay securing your IoT systems

There are billions of IoT devices collecting and transferring data now, and billions more to come. Businesses are grabbing that data and using it, but little is being done to protect it. When something is done, it's usually done the way it was done in the past. That can't continue. It's just not working.

Keep learning

Read more articles about: SecurityData Security