The Internet of Things plays a key role in digital transformation. However, in many cases, organizations realize that they already have a large fleet of legacy IoT devices that have been gradually deployed over the years. Many of these devices may not have been designed with security in mind.
One of the biggest concerns of IoT is managing the risks associated with a growing number of IoT devices. Information security and privacy issues related to IoT devices have attracted global attention, because of the ability of these devices to interact with the physical world. IoT vulnerabilities continue to emerge, making it critical for manufacturers to emphasize IoT security by design.
IoT vulnerabilities have been discovered and exposed across many industries. These vulnerabilities threaten sensitive data as well as personal safety. Without a doubt, the Internet of Things is a prime target for hackers in the 2022, and any organization that produces or uses these devices needs to be prepared.
Below we briefly review some of the common cybersecurity threats facilitated by IoT devices.
IoT devices are attractive targets for botnet builders—these are hackers who compromise millions of devices, connecting them into a network they can use for criminal activities. IoT devices are a good candidate for botnets due to their weak security and the large number of virtually identical devices, which attackers can compromise using the same tactics.
Attackers can use unprotected ports or phishing scams to infect IoT devices with malware, and enlist them into botnets that can be used to launch large-scale cyber attacks. Hackers can use readily available attack toolkits, able to detect sensitive devices, penetrate them, and avoid detection. Another module in the toolkit then instructs the device to launch an attack or steal information on behalf of the botnet owner.
Threat actors often leverage IoT botnets during distributed denial of service (DDoS) attacks; see the example attacks section below.
When hackers use malware to infect IoT devices, they can do more than just enlist the device into a botnet. For example, attackers can access the device data and steal any sensitive information stored there. Attackers also leverage IoT to harvest credentials from device firmware. Using these credentials, attackers can gain access to corporate networks or other systems storing sensitive data. In this way, an attack on a seemingly innocent device can turn into a full-scale data breach.
Shadow IoT arises because IT administrators do not always have control over devices connected to the network. Devices with IP addresses, such as digital assistants, smart watches, or printers, frequently connect to corporate networks, and do not always meet security standards.
Without knowledge of shadow IoT devices, IT administrators cannot ensure that hardware and software have basic security features, and find it difficult to monitor malicious traffic on devices. When hackers compromise these devices, they can leverage the connection to the corporate network and escalate privileges to access sensitive information on the corporate network.
Since the IoT concept was born in the late 1990s, security experts have warned that devices connected to the Internet will pose a risk to society. Since then, numerous large-scale attacks have been publicized, in which attackers compromised IoT devices and created a real threat to public safety and corporate security. Here are a few examples.
In 2010, researchers discovered that a virus called Stuxnet caused physical damage to nuclear centrifuges in Iran. The attack began in 2006, with the primary stage of the campaign in 2009. The malware manipulated commands sent from programmable logic controllers (PLC). Stuxnet is often considered an IoT attack, amongst the earliest targeting a supervisory control and data acquisition (SCADA) system, used in industrial environments.
In 2013, Proofpoint researchers discovered what is now considered “the first IoT botnet”. Over 25% of the botnet was composed of non-computer devices such as smart TVs, home appliances, and baby monitors. Since then malware like CrashOverride, VPNFilter, and Triton, have been used extensively to compromise industrial IoT systems.
In 2015, two security researchers hacked into a Jeep vehicle wirelessly, via the Chrysler Uconnect system deployed in the car, and performed remote actions like changing channels on the radio, turning on the wipers and air conditioner. The researchers said they could disable the breaks, and cause the engine to stall, slow down, or shut down altogether.
In 2016 Mirai, one of the largest IoT botnets ever discovered, began its activity by attacking the websites of security researcher Brian Krebs and a European hosting company, OVH. The attacks were of a huge magnitude—630 Gbps and 1.1 Tbps. Afterwards, the botnet was used to attack Dyn, a large DNS provider, and high profile websites including Twitter, Amazon, Netflix, and the New York Times. The attackers built their network from IoT devices like routers and IP surveillance cameras.
In 2017, the Food and Drug Administration (FDA) announced that implantable cardiac devices manufactured by St. Jude Medical, including pacemakers implanted in living patients, were vulnerable to attack. Billy Rios and Jonathan Butts, security researchers presenting at the Black Hat Conference, proved their ability to hack into a pacemaker and shut it down, which if it were done by hackers, would kill the patient.
As you start to consider an IoT security strategy for your organization, here are a few best practices that can improve your security posture.
A security analytics infrastructure can significantly reduce vulnerabilities and security issues related to the Internet of Things. This requires collecting, compiling, and analyzing data from multiple IoT sources, combining it with threat intelligence, and sending it to the security operations center(SOC).
When IoT data is combined with data from other security systems, security teams have a much better chance of identifying and responding to potential threats. Security analytics systems can correlate data sources and identify anomalies that might represent suspicious behavior. Security teams can then investigate and respond to anomalies, preventing attackers from compromising corporate IoT devices.
Network segmentation is a technique that enables isolation of specific components from others, to improve security. In the case of IoT, segmentation can help prevent attackers or malicious insiders from connecting to IoT devices, or can prevent compromised devices from infecting other parts of the network. You can implement this technique into your strategies or use a network security solution.
To begin a segmentation effort, create a comprehensive list of IoT devices currently in use, their connection methods (VLAN or LAN), how and what type of data they transmit, and which other devices on the network each device really needs to connect to. In particular, check if each category of device needs to have access to the Internet, and if not, disable it.
One suggestion for segmentation is to designate specific categories of devices, such as data collection, infrastructure, or personal employee-owned devices. You can create a segmentation strategy based on the connectivity requirements of each IoT endpoint, and act to isolate or block network access to endpoints that don’t really need it.
Another way to reduce the vulnerability of IoT devices to attacks by enforcing full authentication on all devices. Whether your IoT devices have simple password authentication, or more advanced measures like digital certificates, biometric, or multi factor authentication (MFA), use the most secure authentication available on the device and ensure you never use the factory default password.
An expanding network of IoT devices produces tremendous amounts of data, which are useless without proper analysis. Massive sets of data are analyzed with the help of Artificial intelligence (AI) and machine learning, allowing machines to teach themselves, retain what they learnt, and hence improve the capabilities of IoT systems.
Being the one of the recent IoT trends, AI-based Intrusion Detection Systems (IDS) continuously monitor the network, collecting and analyzing information from previous attacks. They can predict an attack based on the historical data and suggest a solution to fight the threat. Even new hacking techniques are made up, they still may include previously used patterns, which can be recognized with ML algorithms in real-time.
In general, there are two types of ML-based IDS.
Anomaly IDS detects attacks based on recorded normal behavior, comparing the current real time traffics with previous recorded normal real time traffics. These systems are capable of detecting a new type of attack, so widely used even in spite of a large amount of false positive alarms.
Misuse or signature IDS compares the similarity between the patterns recognized in the current real time traffics and the already known patterns of various types of previous attacks. It shows a smaller amount of false positive alarms, but at the same time, the new type of attack can pass-through undetected.
ML algorithms like Linear Discriminant Analysis (LDA), Classification and Regression Trees (CART) and Random Forest can be used for attacks identification and classification.
MobiDev offers innovative IoT development services to ensure IoT ecosystem security, using artificial intelligence and machine learning to combat and mitigate IoT cyber threats.