If you didn’t know already, there are many attack vectors you must consider if you use Internet of Things (IoT) devices. With the rapid development of the IoT, and the fact that more small devices are connected into the Internet every day, security of IoT devices is a moving target. Read on to learn what you need to know to protect your business today when using IoT devices.
IoT refers to the connection of devices to the Internet. Automobiles, machinery, appliances, and medical and manufacturing devices can all be connected through the IoT— Any internet-connected device that can be monitored and/or controlled from a remote location is considered part of the Internet of Things.
Examples of IoT Devices
IoT came to be from the merging of wireless technologies, micro-electromechanical systems, microservices and the Internet. It has unified operational technology with information technology, allowing for the analysis of unstructured machine-generated data to promote improvements in technology.
It’s predicted that there will be 30 billion IoT devices by 2020.
IoT Botnets
Unfortunately, many companies are using IoT devices without giving enough thought to security. Hackers use IoT botnets to launch cyberattacks. There can be hundreds to millions of devices in a botnet that can penetrate anything from vehicles to your business infrastructure such as routers, IP cameras and digital video recorders (DVRs)–anything that’s connected to the Internet.
Experts have been warning us for years that lax security for IoT devices can have serious consequences. We’re now seeing botnets made up of compromised IoT devices capable of launching distributed denial-of-service attacks (DDoS) on an unprecedented scale.
The MIRAI BOTNET
Considered the botnet that “broke the Internet,” the Mirai Botnet appeared in August 2016. Mirai is a type of malware that automatically finds, infects and conscripts IoT devices into a group of computing devices that can be centrally controlled. From there this IoT army mounts distributed denial of service (DDoS) attacks that flood a device with malicious traffic.
Here’s what happened:
- Mirai infected IoT devices with known, “factory default” usernames and passwords.
- The infected devices joined a botnet group that was directed to attack targets.
- DDoS attacks were launched against Krebs on Security, Ars Technica, DNS services and the country of Liberia.
- The attacks reached up to 1,000 Gigabits per Second.
- Dyn DNS outages took down many services in North America and Europe such as GitHub, Twitter, Reddit, Netflix and Airbnb.
- In December 2016 it disrupted internet service for more than 900,000 Deutsche Telekom customers in Germany, and infected almost 2,400 TalkTalk routers in the UK.
These attacks were enabled by a massive army of modems and webcams under Mirai’s control, and because a hacker known as “Anna-senpai” elected to open-source its code in September. Mirai’s software is remarkably adaptable, so it’s difficult to pin down. Hackers can develop different strains that can take over new vulnerable IoT devices, and increase the population (and computing power) that Mirai botnets can draw on.
What’s more, Mirai:
- Had a list of over 60 common username/passwords known to be defaults on IoT devices.
- Had instructions not to scan networks owned by HP, GE, the USPS, DoD, or RFC1918 private address ranges.
- Predominately infected IP camera systems
- Killed off other competing malware.
- Killed remote management connections.
And you thought this was bad. Today we have the IoT REAPER BOTNET, that’s even more dangerous!
The Reaper showed up on September 13, 2017. It uses some of the Mirai code, but also exploits known vulnerabilities in IoT devices. As of October 21, 2017, it has over 2 million devices that are just waiting to be released to a botnet army. It’s designed to target IoT devices like: NASs, DVRs, NVRs from Netgear, D-Link, Linksys, GoAhead, JAWS, Vacron, AVTECH, MicroTik, TP-Link and Synology. If you have devices like these, contact your manufacturer and get patches. Or at least segment them from your network.
The Problem
We’re seeing ongoing issues. Even the Department of Homeland Security is sending out warnings about attacks on IoT devices. Plus, many of the security technologies in IoT devices haven’t been vetted. We’re still finding “bugs” and new vulnerabilities in them.
But here’s the real problem. Most people are unaware. Do you even know:
- What IoT devices are connected to your network?
- Who manages these devices?
- About new IoT technologies and network protocols?
- If your IoT devices lack built-in security controls?
- If your IoT devices need patches or updates?
IoT devices aren’t like your computer where you can configure and easily patch them. Security is hard to get right, and requires knowledge and effort. Plus, these are new, immature technologies without clear standards, regulations or guidelines on how to secure them.
So, What’s the Answer? – IoT Security Controls
There are four steps to take:
- Learn:
- Subscribe to CERT mailing lists for IoT security alerts.
- Set up testing labs to evaluate new IoT devices.
- Try to get alerts from manufacturers for updates and patches.
- Learn about the CIS 20 Critical Security Controls.
- Inventory:
- Conduct regular discovery and inventory of all your IoT devices.
- Do scheduled vulnerability scanning (consider using Tenable Nessus).
- Segment:
- Encrypt your data (in transit and at rest) to protect your internal assets.
- Use Firewall-Based Segmentation with DMZ (e.g., Cisco NGFW).
- Implement Network Admission Control and Profiling (e.g., Cisco ISE).
- Monitor:
- Use Intrusion Detection Prevention (IDS/IPS) (e.g. Cisco FirePower).
- Employ Network Behavior Modeling to catch improper access (e.g., Cisco DNA, Stealthwatch, and Umbrella).
There’s a lot more you can do. But it’s dependent on what field you’re in and what type of IoT devices you need to secure.
Here’s something you can do now: Contact LA Network. We’ll provide one of these for free:
- Cisco Firepower Threat Assessment
- Cisco Umbrella Evaluation
- Tenable Nessus Scan
LA Networks has an integrated and comprehensive portfolio of security technologies that provides advanced protection for your IoT and other devices. This includes next-generation firewalls, intrusion prevention systems, secure access systems, security analytics, and malware defense. We also offer web and email security, network security and cloud security. For more information, contact us at: {phone} or {email}