Cyberattacks on IoT are growing in sophistication, spreading rapidly, and proving to be more destructive for businesses. There have been many instances where malware infected hundreds of thousands of devices across the network.
We will be discussing the reasons these vulnerabilities exist and how cybercriminals gain access to them. Finally, we will show you how you can use best practices to protect your company from cyberattacks.
These attacks are possible.
Cybersecurity is all about protecting your weakest link. This applies to a single device just as much as it does for an entire network.
When we talk about the weakest link in a network, we are talking about perimeter-network-facing devices that are accessible through the Internet. There are many types of devices, including IP cameras, routers and sensors on a corporate campus at the low end and field-deployed devices like gas pumps, EV chargers and ATMs at the high end. These devices can all be accessed remotely via the internet.
The perimeter
Attackers often scan a network to find connected devices that could be used as entry points.
IoT devices can be used as a stepping stone for cyber attacks. They are often running outdated software and are not monitored for security incidents. Because of the large number of these devices, such as a university campus that can house dozens of devices, traditional incident-response methods might not work as well as they used to. It can be difficult to track where vulnerabilities are coming from when so many assets are compromised within a network at once. Importantly, there are never one point of failure.
IoT Devices Security from Within - Why IoT devices require a different security approach?
1. IoT Devices Security from Within- Why IoT
devices require a different security
approach?
Cyberattacks on IoT are growing in sophistication, spreading rapidly, and proving to be
more destructive for businesses. There have been many instances where malware
infected hundreds of thousands of devices across the network.
We will be discussing the reasons these vulnerabilities exist and how cybercriminals
gain access to them. Finally, we will show you how you can use best practices to
protect your company from cyberattacks.
These attacks are possible.
Cybersecurity is all about protecting your weakest link. This applies to a single device
just as much as it does for an entire network.
When we talk about the weakest link in a network, we are talking about perimete r-
network-facing devices that are accessible through the Internet. There are many types
of devices, including IP cameras, routers and sensors on a corporate campus at the
low end and field-deployed devices like gas pumps, EV chargers and ATMs at the high
end. These devices can all be accessed remotely via the internet.
The perimeter
Attackers often scan a network to find connected devices that could be used as entry
points.
IoT devices can be used as a stepping stone for cyber attacks. They are often runnin g
outdated software and are not monitored for security incidents. Because of the large
number of these devices, such as a university campus that can house dozens of
devices, traditional incident-response methods might not work as well as they used
to. It can be difficult to track where vulnerabilities are coming from when so many
assets are compromised within a network at once. Importantly, there are never one
point of failure.
What's next?
An attack campaign is different from a hit-and run scenario. Sometimes attackers are
able to hide for long periods of time in plain sight, waiting for the right moment. They
may also conduct reconnaissance missions to get to know their potential victims'
networks before going all out.
An attacker's goal is to gain lateral mobility throughout the network targeted by an
attack. They want to be able to freely move throughout the network and attack other
2. assets and entities. The attackers can gain greater control of the network by exploiting
servers, computers, and common office machines like printers and routers. We see
attackers using this control for many purposes, including data theft, extortion and
ransomware infection. A simple breach in one of the perimeter devices can quickly turn
into an attack campaign that could have devastating consequences.
What is the typical attack?
Ransomware infections can infect your network and attach themselves to many assets,
making it nearly impossible to eradicate.
The R4IoT research papers published by Vedere Laborates provide a famous example
of this type of case. In it, a network of IoT devices was hijacked to run malicious
software, cryptominers and other malware. The attack began with exploiting
vulnerabilities in Axis cameras ( CVE-2018-10660, CVE-2018-10661 and a Zyxel-NAS
( CVE-2020-9054). The malware gained control of numerous network entities and was
able to steal information and infect other devices using these network
footholds. Researchers were able (relatively speaking) to two vulnerabilities from 2018
and 2020 to show the effects of malware on unpatched firmware devices. These
vulnerabilities enable attackers to gain complete access through the device's
unauthenticated interface.
A second attack scenario was discovered in Mitel IP phones ( CVE-202-29499). This
vulnerability gave attackers the ability run arbitrary commands on these devices. It
essentially allowed them to do anything they wanted. Contrary to the R4IoT
vulnerabilities, which can only be fixed using signature -based products and traditional
methods, attackers could use this Mitel vulnerability to continue their rampage almost
unassisted.
Not to be forgotten is the recent ZuoRAT attack. This attack was extremely widespread
and infected at most 80 types of devices. The Trojan malware allows remote access to
attackers and has been in existence for many years. This is a serious risk in today's
world, where many people work remotely. The potential for infection of personal
devices can have a devastating effect on an organization's assets.
It's becoming difficult to believe just how easy it is to launch malware attacks. Attacks
like the ones mentioned above can often be bought cheaply on unregulated
markets. The U.S. Department of Justice took control of RSOCKS website a few weeks
back. This Russian-based website sold proxies that were used by attackers to conduct
crypto-mining, DDOS attacks and many other activities. The majority of attackers were
able gain control over network-connected assets and devices by simply using their
default credentials, or guessing weak passwords. This method of guessing passwords
or trying default usernames and passwords led to a malignant network that included
more than 350,000 devices at home, work, and office.
DIGITAL DEVICES LTD
Long before Apple setanaverage consumersmindsettoreplacingtheirhandheldgadgetsintwoyears,
Digital DevicesLtd believedinMoore'slaw thatcomputingwill doubleeverytwoyears.Withour
heritage fromthe daysof IBMPersonal ComputerXT,ourfoundershave gone throughthe technology
advancementsof the 1990s and 2000s realizingthattechnologyisaninstrumental partof anybusiness's
3. success.Withsuch a fast pace industry,anIT departmentcanneverbe equippedwiththe toolsand
trainingneededtomaintaintheircompetitiveedge.Hence, Digital Deviceshasputtogethera teamof
engineersandvendorpartnerstokeepupwiththe latestindustrytrendsandrecommendclientson
varioussolutionsandoptionsavailabletothem.Fromformingclose relationshipswithnetworkingand
storage vendorslike Juniper,SolarWindsandVMWare tohigh-performancecomputingbyHPEor AWS
Cloudsolutions, Digital DevicesLimitedoffersthe latest technologysolutions tofitthe ever-growing
needsof the industry.
Our expertscanguide youthroughthe specificationsandbuildcostefficiencieswhile providinghigh
end,state-of-the-artcustomerservices.We researchandanalysesmarketand itscurrentdemandand
supplychainbyofferingwide range of bulksuppliesof productslike AKG C414 XLII, ShireenCablesDC-
1021, ShireenCablesDC-2021, Dell p2419h monitor,Dell U2419H, Dell P2719H, Dell P2219H, Lenovo
62A9GAT1UK, LG 65UH5F-H andComplete ITInfrastructure products and services.