COVID-19 has drastically changed the world, forcing almost all non-essential workers to stop traveling and switch to working from home full time. With this new lifestyle of all-remote work, all the time, our dependency on connected devices has never been so high.
Even after the global health crisis passes, we can expect that this trend of increased digital dependency will continue, where remote connectivity will be more deeply integrated into our lives than ever before. Not only will we simply have more connected devices around us at all times, but these devices will expound in sophistication and complexity with higher levels of functionality—and higher levels of risk.
To keep pace with this rising rate of connectivity and to keep ourselves protected from the simultaneously rising cybersecurity threats, we need cybersecurity solutions that can detect attacks, prevent attack persistency, enable quick recovery, and collect forensic data to continuously enrich and improve defenses and stay ahead of new attacks to prevent catastrophe in the future.
Cybersecurity Threats Surround Us
There are already new malware threats taking advantage of our increased remote connectivity. For example, dark_nexus (Dark Nexus) is a rapidly evolving and sophisticated botnet that’s threatening the integrity of IoT. Dark Nexus uses known credentials and installs itself on compromised connected devices, acting as a bot to stage Distributed Denial-of-Service (DDoS) attacks.
Dark Nexus can attack a variety of different IoT devices—devices that have already been compromised include router models, video recorders, and thermal cameras. Furthermore, Dark Nexus can morph to attack different kinds of devices to carry out its nefarious activities, e.g., propagating and infecting more devices or networks from other companies to make the botnet army grow.
Even more frightening is the fact that Dark Nexus was built on the foundations of the Mirai botnet and Qbot, proving that botnet operators have the capabilities to continuously evolve and find new ways to attack poorly secured IoT devices.
The Most Attractive Cyber Prey
The IoT devices that are most attractive prey for Dark Nexus are devices in industrial settings, like utilities routers, smart meters, and industrial controllers. If successful, an attack on these devices could compromise entire infrastructures—of states or even countries.
For example, Dark Nexus could compromise a state’s electric grid, seize control of the smart meters, and manipulate the meters to run too slowly or too quickly. What seems like a simple action can, indeed, have catastrophic results: Manipulating the meters would overrun the energy company’s customer service, erode the public’s trust of the company (and, thus, their willingness to pay), and, ultimately, incite chaos.
As our society becomes more and more digitized, IoT and IIoT (Industrial Internet of Things) devices are becoming more sophisticated and highly functional as they become an increasingly critical part of our everyday lives. But as sophistication and criticality increase, so, too, does the risk of cyberattack.
Preparing for Increased Attacks
As we hope to approach a post COVID-19 world, this dependence on connected devices will surely grow, as IoT will be more integrated into our daily lives than ever. Of course, increased connectivity is advantageous to society, delivering new levels of efficiency, productivity, and innovation; however, increased connectivity also increases the attack surface area—and its value to would-be attackers.
The best defense against these attackers is preparation. We have to assume that every IoT device as vulnerabilities—and that these vulnerabilities will be increasingly targeted by attackers.
So, what can we do now to prepare for increased attacks in a post-COVID, hyperconnected world? First, companies need to be aware of their IoT assets and what the associated risks are. Then, they need to determine adequate security measures that can both prevent and detect future attacks.
For example, if Dark Nexus attempted to install itself on an IoT device, companies should have appropriate cybersecurity measures in place that can immediately notify the secure operating center (SOC) that an attack is being attempted. The SOC could then determine the target of the attack—whether the attackers were targeting select devices or were seeking to hack devices across the network. While it is obvious that cybersecurity solutions need to be able to prevent cyberattacks, companies need to remember that their cybersecurity solutions should also have the capability to detect attempted attacks.
Knowing that an attack was attempted enables companies to collect forensic evidence (e.g., How were the attackers trying to infiltrate? What did they do?). This data can be helpful in the future if companies intend to seek financial compensation for any damages incurred.
In a hyperconnected world, security has become like an arms race. Just as companies improve their defenses against attackers, so, too, do the attackers improve their means for attack. To continue building a robust defense against cyberattacks, companies need data, e.g. ‘How did the attack take place?’ ‘What happened during the attack?’ That’s why companies need to have a cybersecurity solution that can start collecting the data and the evidence immediately upon the attack to empower companies and help bolster their defenses.
COVID-19 has plunged us into a hyperconnected world—with heightened opportunities for attacks. Even in the midst of the crisis, companies need to act now to increase their preventative security measures to fortify our infrastructures to withstand the new normal of complete digital dependency.