The Internet of Things (IoT) plays a key role in digital transformation. However, in many cases, organizations realize that they already have a large fleet of legacy IoT devices that have been gradually deployed over the years. Many of these devices may not have been designed with security in mind.
One of the biggest concerns of IoT is managing the risks associated with a growing number of IoT devices. Information security and privacy issues related to IoT devices have attracted global attention, because of the ability of these devices to interact with the physical world. IoT vulnerabilities continue to emerge, making it critical for manufacturers to emphasize IoT security by design.
IoT vulnerabilities have been discovered and exposed across many industries and these vulnerabilities threaten sensitive data as well as personal safety. Without a doubt, IoT is a prime target for hackers in 2022, and any organization that produces or uses these devices needs to be prepared.
IoT Security Threats
Below we briefly review some of the common cybersecurity threats facilitated by IoT devices.
IoT devices are attractive targets for botnet builders – these are hackers who compromise millions of devices, connecting them to a network they can use for criminal activities. IoT devices are a good candidate for botnets due to their weak security and the large number of virtually identical devices, which attackers can compromise using the same tactics.
Attackers can use unprotected ports or phishing scams to infect IoT devices with malware and enlist them into botnets that can be used to launch large-scale cyber attacks. Hackers can use readily-available attack toolkits to detect sensitive devices, penetrate them, and avoid detection. Another module in the toolkit then instructs the device to launch an attack or steal information on behalf of the botnet owner.
Threat actors often leverage IoT botnets during distributed denial of service (DDoS) attacks; see the example attacks section below.
When hackers use malware to infect IoT devices, they can do more than just enlist the device into a botnet. For example, attackers can access the device data and steal any sensitive information stored there. Attackers also leverage IoT to harvest credentials from device firmware. Using these credentials, attackers can gain access to corporate networks or other systems storing sensitive data. In this way, an attack on a seemingly innocent device can turn into a full-scale data breach.
Shadow IoT arises because IT administrators do not always have control over devices connected to the network. Devices with IP addresses, such as digital assistants, smartwatches, or printers, frequently connect to corporate networks and do not always meet security standards.
Without knowledge of shadow IoT devices, IT administrators cannot ensure that hardware and software have basic security features and find it difficult to monitor malicious traffic on devices. When hackers compromise these devices, they can leverage the connection to the corporate network and escalate privileges to access sensitive information on the corporate network.
Notable IoT Security Breaches and Hacks
Since the concept of IoT was born in the late twentieth century, security experts have warned that devices connected to the internet will pose a risk to society. Since then, numerous large-scale attacks have been publicized, in which attackers compromised IoT devices and created a real threat to public safety and corporate security. Here are a few examples.
In 2010, researchers discovered that a virus called Stuxnet caused physical damage to nuclear centrifuges in Iran. The attack began in 2006, with the primary stage of the campaign in 2009. The malware manipulated commands sent from programmable logic controllers (PLC). Stuxnet is often considered an IoT attack, among the earliest targeting a supervisory control and data acquisition (SCADA) system used in industrial environments.
First IoT Botnet
In 2013, Proofpoint researchers discovered what is now considered “the first IoT botnet.” Over 25 percent of the botnet was composed of non-computer devices such as smart TVs, home appliances, and baby monitors. Since then malware like CrashOverride, VPNFilter, and Triton, have been used extensively to compromise industrial IoT systems.
Compromising a Jeep
In 2015, two security researchers hacked into a Jeep vehicle wirelessly, via the Chrysler Uconnect system deployed in the car, and performed remote actions like changing channels on the radio and turning on the wipers and air conditioner. The researchers said they could disable the breaks and cause the engine to stall, slow down, or shut down altogether.
In 2016 Mirai, one of the largest IoT botnets ever discovered, began its activity by attacking the websites of security researcher Brian Krebs and a European hosting company, OVH. The attacks were of a huge magnitude – 630 Gbps and 1.1 Tbps. Afterward, the botnet was used to attack Dyn, a large DNS provider, and high-profile websites including Twitter, Amazon, Netflix, and the New York Times. The attackers built their network from IoT devices like routers and IP surveillance cameras.
St. Jude Cardiac Device Vulnerability
In 2017, the Food and Drug Administration (FDA) announced that implantable cardiac devices manufactured by St. Jude Medical, including pacemakers implanted in living patients, were vulnerable to attack. Billy Rios and Jonathan Butts, security researchers presenting at the Black Hat Conference, proved their ability to hack into a pacemaker and shut it down, which if it were done by hackers, would kill the patient.
IoT Security Best Practices
As you start to consider an IoT security strategy for your organization, here are a few best practices that can improve your security posture.
Use IoT Security Analytics
A security analytics infrastructure can significantly reduce vulnerabilities and security issues related to the Internet of Things. This requires collecting, compiling, and analyzing data from multiple IoT sources, combining it with threat intelligence, and sending it to the security operations center (SOC).
When IoT data is combined with data from other security systems, security teams have a much better chance of identifying and responding to potential threats. Security analytics systems can correlate data sources and identify anomalies that might represent suspicious behavior. Security teams can then investigate and respond to anomalies, preventing attackers from compromising corporate IoT devices.
Network segmentation is a technique that enables the isolation of specific components from others to improve security. In the case of IoT, segmentation can help prevent attackers or malicious insiders from connecting to IoT devices, or it can prevent compromised devices from infecting other parts of the network. You can implement this technique into your strategies or use a network security solution.
To begin a segmentation effort, create a comprehensive list of IoT devices currently in use, their connection methods (VLAN or LAN), how and what type of data they transmit, and which other devices on the network each device needs to connect to. In particular, check if each category of device needs to have access to the Internet, and if not, disable it.
One suggestion for segmentation is to designate specific categories of devices, such as data collection, infrastructure, or personal employee-owned devices. You can create a segmentation strategy based on the connectivity requirements of each IoT endpoint, and act to isolate or block network access to endpoints that don’t really need it.
Enable Device Authentication
Another way to reduce the vulnerability of IoT devices to attacks is by enforcing full authentication on all devices. Whether your IoT devices have simple password authentication, or more advanced measures like digital certificates, biometric, or multi-factor authentication (MFA), use the most secure authentication available on the device and ensure you never use the factory default password.
AI and ML for IoT Security
An expanding network of IoT devices produces tremendous amounts of data, which are useless without proper analysis. Massive sets of data are analyzed with the help of artificial intelligence (AI) and machine learning, allowing machines to teach themselves, retain what they learned, and hence improve the capabilities of IoT systems.
Being one of the recent IoT trends, AI-based Intrusion Detection Systems (IDS) continuously monitor the network, collecting and analyzing information from previous attacks. They can predict an attack based on historical data and suggest a solution to fight the threat. Even though new hacking techniques are made up, they still may include previously-used patterns, which can be recognized with ML algorithms in real time.
In general, there are two types of ML-based IDS.
Anomaly IDS detects attacks based on recorded normal behavior, comparing the current real-time traffic with previously-recorded normal real-time traffic. These systems are capable of detecting a new type of attack and are widely-used despite a large amount of false-positive alarms.
Misuse or signature IDS compares the similarity between the patterns recognized in the current real-time traffic and the already known patterns of various types of previous attacks. It shows a smaller amount of false-positive alarms, but the new type of attack may pass through undetected.
ML algorithms like Linear Discriminant Analysis (LDA), Classification and Regression Trees (CART), and Random Forest can be used for attacks identification and classification.