Don’t wait for regulations to monitor and detect malware in IoT devices
When the masses start to use industry terminology, things have clearly gone mainstream. IoT is now mainstream, and there is no turning back. But, is security ready to move ahead at the speed of market change? As the market continues to expand, IoT will transform not only the way we live our lives but also the way we conduct business.
Yet, IoT poses very real challenges to not only privacy and security but also safety. In order for the market to reach its fullest potential, those challenges can’t be ignored. 2017 was a successful year for attackers who were able to manifest a number of global attacks by targeting IoT devices, in order to launch massive-scale DDoS attacks, cryptocurrency-mining and other nefarious activities.Those threats will continue to increase in 2018.
Unfortunately, IoT technology changes rapidly, making it hard for security and safety to stay in step. The rate of change has been so fast that regulators and policy makers can’t keep pace, which has left the industry with no clear security framework to follow.
A 2017 European Union Agency for Network and Information Security (ENISA) report, found that in the absence of a consistent framework, companies and manufacturers are improvising– taking their own individual approaches to security when designing IoT devices.
The goal of the report, titled: ‘Baseline Security Recommendations for Internet of Things in the context of critical information infrastructures’, is to elaborate baseline cybersecurity recommendations for IoT with a focus on Critical Information Infrastructures, which encompass facilities, networks, services and physical and information technology equipment.
Beyond the security threats, the report also states that the lack of consistency has resulted in interoperability issues between devices from different manufacturers, and between IoT devices and legacy systems. That’s a problem for a lot of reasons – the threat of attacks being a major one.
Here’s a quick look at 3 critical attack scenarios included in the report:
Attack scenario 1: IoT administration system compromise. An attack designed to overtake control of one or more devices within an IoT environment. By gathering information about the different devices in the enterprise network, the attacker could manipulate and crash them or modify values and change functionality and behaviors. In addition to the devices, gateways, software, and sensitive information could also be affected.
Attack scenario 2: Value manipulation in IoT devices. Beginning with the calibration of a robot sensing equipment after a configuration change, the system reboots during which time data is transmitted to the controller. Using the local copy of the data, the attacker can manipulate calibration parameters, making the robot move unexpectedly, affecting sensors, actuators, decision making, and other assets.
Attack scenario 3: Botnet / Commands injection. An attacker exploits a vulnerability inside a device and injects a command that allows access to administrator privileges, with which they can create a botnet (i.e. Mirai). Hard to detect, these attacks also have a powerful cascade effect and the potential to adversely affect critical assets from devices to network management and software.
What’s important to note in the ENISA report is that a consistently recommended countermeasure across all of the critical attack scenarios is the proactive implementation of regular monitoring to verify the device behavior, to detect malware, and to discover integrity errors.
Why? Because these proactive measures work to mitigate known risks, and reduce attack vectors that can lead to new types of attacks.
The ENISA report is an important step in the journey to establish baselines and standards, a journey shared by manufacturers, regulators, service providers and consumers. Since the technology has changed (and is changing) rapidly, relying on regulations alone is not sufficient. These standards should be complemented by implementing the latest security solutions, which, in return, should be as flexible and future agnostic as possible.
Contact us to learn more about our real-time security capabilities for securing IoT devices – [email protected].