Internet of things (IoT) adoption is nothing new, as both organizations and individuals have embraced these devices for a long time. However, the security of this technology isn't necessarily strong enough to withstand any threat. This blog explores some of the top threats facing IoT, including ransomware and AI-based attacks.
The IoT landscape includes a host of network-connected devices many of which we use in our daily lives, including cell phones, smartwatches, smart locks and appliances, cameras, and industrial equipment and sensors. The entire IoT attack surface is the sum total of the security risk eposure from these devices and the larger network ecosystem and infrastructure they are embedded within.
IoT devices are essentially “headless” without onboard security features or the ability to install software. This limitation didn’t matter in traditional operational technology (OT) settings because they were isolated from the larger IT networks and not connected to the outside world in any way. But as technology has advanced, so has the interconnectedness of IoT ecosystems with the enterprise network and the entirety of the internet.
This new connectivity has made IoT and industrial IoT devices a prime target for cyber criminals. IoT attacks include any cyberattacks that seek to gain access to (or control over) IoT devices with the intent to either cause harm to the devices or use them in attacks against other targets.
Most IoT devices are not designed with security in mind, and many do not have traditional operating systems or even enough memory or processing power to incorporate security features. Not only that, but IoT devices are growing in number, with over a million new devices connecting to the internet each day. The result is a significant quantity of data moving freely between devices and across network environments, remote offices, mobile workers, and public clouds with minimal visibility, making it difficult to track and secure this data.
IoT devices are vulnerable to hijacking and weaponization for use in distributed denial of service (DDoS) attacks, as well as targeted code injection, man-in-the-middle attacks, and spoofing. Malware is also more easily hidden in the large volume of IoT data, and IoT devices sometimes even come with malware already onboard. Further, some IoT devices can be remotely controlled or have their functionality disabled by bad actors. In fact, swarms of compromised IoT devices can act as swarms which could really change the game in terms of protecting against these types of attacks.
Additional IoT threats include the following:
1. Convergence of IT, OT, and IoT
IoT devices have become ubiquitous in operational technology (OT); they are used for everything from sensing temperature and pressure to robotic devices that improve assembly line efficiency.
Historically, OT systems and IT networks were "air-gapped" ; OT was separated from the rest of the enterprise and not connected to the outside internet. However, as OT and IT have converged, IoT devices are now regularly connected and accessible from both inside and outside the corporate network. This new connectivity leaves both the OT and IT networks vulnerable to IoT threats and requires new, more holistic approaches to security.
Cyber-crime groups can compromise IoT devices connected to the internet and use them en masse to carry out attacks. By installing malware on these devices, cyber criminals can commandeer them and use their collective computing power to take on larger targets in DDoS attacks, send spam, steal information, or even spy using IoT devices with a camera or sound recording capabilities. Massive botnets made up of hundreds of thousands or even millions of IoT devices have also been used to carry out attacks.
Ransomware is a form of malware designed to lock files or devices until a ransom is paid. IoT devices, however, rarely have much – if any – files stored on them. Hence, an IoT ransomware attack is unlikely to prevent users from accessing critical data (which is what forces the payment of the ransom). With this in mind, cyber criminals launching IoT ransomware attacks may attempt to lock the device itself instead, though this can often be undone by resetting the device and/or installing a patch.
How ransomware truly makes headway in the IoT world is by focusing on critical IoT devices (such as those used in industrial settings or those upon which significant business operations depend) and requiring ransoms to be paid in a very short time span (before a device could be properly reset).
4. AI-based Attacks
Bad actors have been using AI in cyberattacks for over a decade – mostly for social engineering attacks – though it is only in recent years that this trend has really started to take off. AI is now being used more broadly across the cyber-crime landscape.
With cyber crime becoming a booming business, the tools needed for building and using AI in cyberattacks are often available for purchase on the dark web, enabling just about anyone to take advantage of this technology. AI systems can perform the repetitive tasks required to scale up IoT threats rapidly, in addition to being able to mimic normal user traffic and avoid detection.
5. IoT Device Detection and Visibility
One difficulty in securing networks with IoT devices is that many such devices are not readily detected by network security. And if the security system is unable to detect a device, it won’t be able to easily identify threats to that device. Network security often lacks visibility into these devices and their network connections, as well. Hence, one of the key pieces in securing a network with IoT is readily identifying new devices and monitoring them.
Robust IoT security requires integrated solutions that are capable of providing visibility, segmentation, and seamless protection across the entire network infrastructure. Key features of such a solution include the following:
Additionally, as digital innovation expands networks and there is an increased reliance on remote access, a zero-trust approach is necessary to protect distributed environments, including securing IoT. With Zero Trust Access (ZTA), role-based access control is a crucial component of network access management with a least access policy that gives users the minimum level of network access required for their role while removing their ability to access or see other parts of the network. ZTA also can authenticate endpoint and IoT devices to establish and maintain comprehensive management control and ensure visibility of every component attached to the network. For headless IoT devices, network access control (NAC) solutions can be relied on for discovery and access control. Using NAC policies, organizations can apply the zero-trust principles of least access to IoT devices, granting only sufficient network access to perform their role.
Tools such as Fortinet’s Network Access Control solution – FortiNAC – provide these capabilities and more. When fully integrated into the Fortinet Security Fabric, FortiNAC offers visibility, control, and automated response for complete protection of any network containing IoT devices.
Learn how to simplify, automate secure remote access that verifies who and what is on your network and secures application access no matter where users are located with Zero Trust Access.