In 2017 Internet of Things (IoT) devices rose to prominence as attackers have continued to target and use them to support various cyberattacks. IoT devices are almost the perfect target for cyberthieves. They sit on internal networks, have their own IP address, and allow communication with other internet connected devices and systems.
Their ubiquity and large numbers make them highly attractive targets. Yet, despite their growing numbers, IoT devices are relatively unprotected and make easy targets. The industry analyst firm Gartner Group has projected that approximately 21 billion IoT devices will be in use by the year 2020.
The insecurity of IoT devices
The problem with IoT devices is that they have little security and are virtually unprotected. They typically don’t run standard operating systems that support the commonly used information technology security tools or just don’t have enough memory for them. Many also lack the ability to apply firmware updates, making it impossible to patch security vulnerabilities as they come to light.
In the rare instance that a manufacturer offers security updates or patches, most information technology security teams find it very difficult to keep up with these patches. Existing enterprise security tools that monitor device state don’t work on IoT based devices within the network – they have no visibility into these IoT devices. None of the standard layers of cybersecurity, from firewalls to endpoint security, can provide adequate protection for IoT within the network.
The great majority of the new IoT security schemes proposed do not work to protect the devices already installed within your networks, and the many competing and new ideas for protecting IoT are still years away from volume deployment. This combination of perpetually-connected and never secure makes IoT devices the perfect storm of opportunity for cyberattackers.
Beyond IoT compromises
The most visible IoT compromises of 2017 were driven by DDoS attacks, which use a collected network of compromised systems to target a single system and attempt to overwhelm it with excess traffic. In previous years the assembled botnets (collections of machines infected with malware to give the hacker some control over the machines’ behaviors) were primarily composed of personal computers. Now these botnets are being assembled using IoT devices such as security cameras, digital video recorders, wireless routers, thermostats, IoT controlled lighting, and a myriad of other devices.
IoT devices are also being used to establish “backdoors” for cyberattacks that have nothing to do with DDoS. Once attacker malware can be propagated into an IoT device, it almost is impossible for standard network security systems to identify these backdoors before they can be used to support attacker reconnaissance and the theft of data, diversion of funds, or the destruction of important infrastructure.
Most exposed industries
Two industries, manufacturing and healthcare, have especially broad exposure to the increased risks brought by unprotected IoT devices. Manufacturing process control requires a plethora of IoT devices. These can include smart water meters, sensors to measure flow rates, viscosity, temperatures, pressure, and much more. Factory assembly lines depend on feedback and measurement from a myriad of devices, many of which are wireless connected.
In healthcare, the list of IoT devices is growing all of the time. Diagnostic laboratory equipment, a multitude of sensors within intensive care, activity trackers for cancer treatment, pacemakers, insulin delivery systems, coagulation testing, advanced patient monitoring, RFID tags on pharmaceuticals, portable x-ray machines, blood gas analyzers, and much more all depend on IoT devices.
Medical device hijack
Over the past few years the identification of a cyberattack called medical device hijack (MEDJACK) shows the increasing focus by attackers on compromising medical devices. Attackers are now building custom software tools designed to identify and compromise specific network and IoT connected medical devices. They know that medical devices are FDA approved and hence “closed” to the installation of endpoint security software. Hospital security and IT teams cannot install any software within these devices.
Attackers identify an IoT device and then install a “backdoor” to support their access to the hospital network. Once the “backdoor” is installed, it is difficult to impossible for hospital personnel to identify the presence of the attacker. This can not only impact large hospitals, but also surgical centers, MRI/CT scan centers, diagnostic laboratories, dialysis centers, cancer treatment centers, large physician practices, skilled nursing and rehabilitation facilities, and more.
Protecting IoT devices
The technology tide has now turned in favor of the defenders. New best practices and the technologies that support them offer far expanded capabilities to help “protect the unprotected” IoT devices in your networks. One of the most powerful new strategies is network segmentation. Micro-segmentation is placed inline to all enclave traffic within your networks. It substantially reduces east-west traffic (lateral movement) within the networks.
Micro-segmentation allows you to assign policies to all devices and users in your networks that define who is allowed to talk to who and what resources are permitted to be accessed. These policies are based on user, port, and IP address and bring automation to allow their use across the largest enterprise. Micro-segmentation stops cyberattackers from being able to utilize IoT devices either as “slaves” in a botnot or as backdoors for other forms of sophisticated attack.
Micro-segmentation can also be combined with new technologies, such as moving target cyberdefense (MTD) that can further reduce the attack surface available. While segmentation reduces attack surface, cyberattackers are still able to perform reconnaissance and steal actionable network information for attack planning purposes. MTD stops all adversary reconnaissance from compromised endpoints or insider threats. If they cannot see it, they cannot find it, and this places another blanket of protection around IoT devices. IP addresses for IoT devices are obscured and effectively invisible to attackers. This works to protect all of the unprotected legacy IoT devices that are already installed within your networks.
Both segmentation and moving target cyberdefense can be added to your current defense strategy to enable you to substantially reduce the risk of your IoT devices being compromised. These new technologies enable you to protect your current installed base of IoT devices and to accommodate almost any variety of IoT devices that you need to add to your networks in the future.