While in the office, a CISO looks down at his smartwatch, which has just notified him that someone is at the front door of his house. He picks up his smartphone, opens the doorbell app, and speaks to the delivery person at his door, asking them to please leave the package in the garage. The CISO then uses the mobile app to open his garage door. He watches the delivery person place the box inside his garage via his security camera app. As the delivery person leaves, the CISO closes his garage door. Not too long ago, this would have sounded like science fiction. In 2023, thanks to the Internet of Things (IoT), this is an ordinary day.
What Is the Iot?
The (IoT) refers to devices (things) connected to wireless communication networks, such as smart TVs, thermostats, outlets, doorbells, fitness trackers, printers, etc., and the list goes on and on. So many everyday items are connected, share information with other devices, apps, or the internet, and are part of the IoT. This interconnectivity streamlines workflows and supports multitasking, enabling users to conduct business and monitor their homes from any location.
What Is the IoMT?
The Internet of Medical Things (IoMT) is a subcategory of the IoT. IoMT references medical devices (things) that communicate and share data over the network. Some examples of IoMT devices are heart monitors, thermometers, x-ray machines, ultrasounds, and the list continues. These devices connect doctors, nurses, patients, and diagnostic equipment to promote accessibility and flexibility in patient care.
What Is the Negative Side of IoT?
With all the benefits IoT devices add to daily personal and business life, they also introduce risk. IoT devices are a prime target for cybercriminals. If one IoT device is compromised, it can lead to a significant security breach. Many of these devices were designed with non-technical users in mind. They connect easily to one another, and few incorporate security features such as antivirus or firewalls. More devices equal more potential for firmware and software vulnerabilities that should be patched. IoT devices are difficult to track and maintain. Although most people now understand the importance of antivirus on their computers, few appreciate the potential danger of cybercriminals hacking their smart home devices or connected automobiles, nor the extent of information those IoT devices can access.
What Are Some IoT Attack Techniques?
Due to their ease of connectivity and the ever-expanding volume of devices, the introduction of IoT devices has dramatically increased the cyberattack surface. Cybercriminals can weaponize IoT devices in many ways. Below are a few of the most common abuse techniques.
Botnets: A botnet is essentially a robot network. A single computer, dubbed a bot herder, controls hundreds, maybe thousands, of IoT devices infected with malware. The owners of the IoT devices generally have no idea their devices have been compromised. These infected IoT devices, called zombies, are used to do the hacker's bidding, such as launching a Distributed Denial of Service (DDoS) attack. In a DDoS attack, every zombie would simultaneously connect to the same network, overwhelming it and taking it offline. Cybercriminals sometimes use the dark web to rent out the botnets they control.
Data leaks: A data leak occurs when an unauthorized party gains unpermitted access to valuable data. Mirai malware has been used to infect IoT devices to create a botnet that bad actors can use to steal personal data. As many IoT devices do not encrypt data in transit, they are susceptible to on-path attacks, also known as adversary-in-the-middle attacks. Cybercriminals can easily position a network device under their control between two IoT devices, intercepting the information shared in plain text.
Eavesdropping: Bad actors can also use IoT devices to spy on unsuspecting users. As previously mentioned, most IoT devices don't support data encryption, so any information transmitted to another IoT device or the internet can be viewed in plain text. When that IoT device has a microphone, criminals can listen, and when it has a camera, well, "it always feels like somebody's watching me." IoT devices don't just invade the privacy of those who own them but also anyone near them.
Lateral movement: IoT devices are often completely unsecured or protected by only a weak password. They can be the path of least resistance into a business network. An adversary only needs a single weak spot to enter a network environment, begin scanning, and move from device to device until they find a path to the gold (e.g., a domain controller or server holding valuable data).
Can IoT Security be Improved?
While IoT devices introduce some inherent risks, there are steps organizations can take to help reduce these risks.
- Maintain a current and accurate inventory of active IoT devices. It is impossible to manage IoT devices you don’t know about.
- Purchase IoT devices only from trusted manufacturers and dealers. IoT devices are comprised of many different parts, making them susceptible to supply chain attacks. Ensure only reputable brands are permitted in a business environment.
- Change default passwords to complex, unique passwords. The easiest way to compromise a device is by logging into it, and default passwords can be found online. A straightforward way to quickly reduce the risk of IoT devices is by adding a secure password.
- If the device supports MFA (Multi-Factor Authentication), ensure it is enforced. MFA helps ensure only authorized individuals can log into any device as authentication requires inputting a code or accepting a push notification on a second device (often a cellphone).
- Set a routine for updating and patching IoT devices. Manufacturers release patches and updates to address software and firmware flaws, increasing the device's security. Unpatched devices are a prime target for bad actors.
- Segment the business network to separate IoT devices from valuable data locations. Keep IoT devices logically separate from data stores to reduce the risk of cybercriminals using an IoT device to steal your data.
- Adopt a Zero Trust cybersecurity posture. Ensure that no user or device can access any resource they don’t need for business purposes.
How ThreatLocker Mitigates the Risk of IoT Attacks
Network Control: ThreatLocker helps prevent IoT attacks through Zero Trust network access. Network Control allows granular control over what devices can connect to which network assets. Blocking unauthorized network connections minimizes the ability for compromised IoT devices to be used as a doorway into the network. Network Control renders open ports invisible to unauthorized devices, reducing the likelihood of successful IoT attacks.
Storage Control: ThreatLocker Storage Control provides precise access to storage locations. Protect valuable data from IoT devices by permitting only specific computers, users, or applications to access data stores, reducing the ability of cybercriminals to leverage IoT devices for data theft.
Ringfencing™: ThreatLocker Ringfencing™ supplies application restraint. Block applications from interacting with one another, the internet, the registry, or protected files. Ringfencing™ can lessen the ability of a weaponized IoT device to steal data and send it out to the internet. For example, many data exfiltration attacks lean on PowerShell to copy and send data to the internet. Out of the box, ThreatLocker stops PowerShell from communicating with the internet, preventing this misbehavior.
IoT supports the flexibility needed to remain productive in our fast-paced world. Activities that would have been considered futuristic are now part of everyday life, like watches that also answer calls, monitor your heart rate, and send text messages. These technological innovations improve life, streamlining tasks and increasing connectivity. However, with advancements in technology come advances in cyber threats. Any device that connects to a network can serve as a potential attack vector. Organizations must be diligent in protecting themselves and their valuable data. Implement a Zero Trust security posture and stay ahead of cybercriminals.
Organizations need a Zero Trust security solution when the Internet of Things becomes the Internet of Threats. Schedule a demo to see for yourself how the ThreatLocker Endpoint Protection Platform provides best-in-class Zero Trust protection against known and unknown threats.