Join C-suite executives in San Francisco on July 11-12 to hear how leaders can integrate and optimize AI investments for success
. learn more
lack of design – Plagued by security and long-standing use of default passwords, Internet of Things (IOT) devices are fast becoming a favorite target for attackers. Coupled with the proliferation of many different roles and identities assigned to each advanced IoT sensor in an operational technology (OT) network, and their proximity to the mission-critical systems that run the business, attackers love to target IoT as well. It’s no surprise that devices.
Forrester’s recent report, The State of IoT Security to 2023, explains the factors that make IoT devices increasingly popular with attackers around the world.
IoT attacks are growing significantly faster than mainstream vulnerabilities. Kaspersky ICS CERT found that 34.3% of all computers in the industrial sector will be affected by attacks in the second half of 2022, with 1.5 billion attacks on IoT devices in the first half of 2021 alone. More than 40 percent of OT systems blocked malicious objects. SonicWall Capture Labs threat researchers documented 112.3 million instances of IoT malware in 2022, an 87% increase from 2021.
IoT devices are easy targets, providing attackers with vulnerabilities they can exploit to Deliver ransomware and malicious code and launch intrusion attacks. Source: Forrester, The State of IoT Security to 2023
Ritesh Agrawal, CEO of Airgap Networks, observed that while IoT endpoints may not be business critical, they can easily be compromised and used to spread malware directly to an organization’s most valuable systems and data. He advises organizations to stick to the basics — discovery, segmentation and identity — of each IoT endpoint.
event
Transform 2023
July 11-12 Join us today in San Francisco as senior executives share how they integrate and optimize AI investments for success and avoid common pitfalls.
Register Now
In a recent interview with VentureBeat, Agrawal advised organizations to look for solutions that don’t require mandatory upgrades and won’t disrupt IoT networks during deployment — a couple of designs he and his co-founders defined when creating Airgap Networks Two of the goals.
] target
IoT device is under attack, Because they are in an industry where uptime is critical to survival, simple targets can quickly lead to massive ransomware payouts. Manufacturing has been hit especially hard, as attackers know no factory can afford prolonged downtime, so they demand ransoms two to four times higher than other targets. 61% of breach attempts and 23% of ransomware attacks primarily targeted OT systems.
Forrester examines why IoT devices are such high-value targets and how they are being used to launch broader, more destructive attacks across organizations. The four key factors they identified are as follows:
1.
The security blind spots of IoT devices are designed in .
Most legacy, currently installed IoT devices were not designed with security as a priority. Many lack the option to reflash the firmware or load a new software agent. Despite these limitations, there are effective ways to secure IoT endpoints.
The first goal must be to close blind spots in IoT sensors and networks. Shivan Mandalam, director of product management for IoT security at CrowdStrike, told VentureBeat in a recent interview, “Organizations must eliminate the blind spots associated with unmanaged or unsupported legacy systems. By increasing the visibility and analytics capabilities of IT and OT systems, Security teams can quickly identify and resolve issues before adversaries exploit them.”
Leading cybersecurity vendors using IoT security systems and platforms today include AirGap Networks, Absolute Software, Armis , Broadcom, Cisco, CradlePoint, CrowdStrike, Entrust, Forescout, Fortinet, Ivanti, JFrog, and Rapid7. Last year at Fal.Con 2022, CrowdStrike introduced enhanced Falcon Insight, including Falcon Insight XDR and Falcon Discover for IoT, designed to address security gaps within and between industrial control systems (ICS).
Forrester 2022 data shows that 63% of advanced security decisions globally – manufacturers will increase their IoT security budgets from 2022 to 2023, which highlights how many security and IT teams have the budget to ensure endpoint security. Source: Forrester, The State of IoT Security to 2023
2. Long-term use of admin password (including credentials) very common.
It is common for understaffed manufacturing companies to use default admin passwords on IoT sensors. They usually use the default settings because the manufacturing IT team doesn’t have the time to set every setting, or doesn’t know the option exists to do so. According to Forrester, this is because many IoT devices do not require users to set new passwords upon initialization, or require organizations to enforce new passwords. Forrester also noted that administrative credentials in older devices often cannot be changed.
Therefore, CISOs, security teams, risk management professionals and IT teams have old and new devices with known credentials
to provide security Leading vendors of solutions to improve IoT endpoint security at the password and identity level include Armis, Broadcom, Cisco, CradlePoint, CrowdStrike, Entrust, Forescout, Fortinet, Ivanti, and JFrog. Ivanti is a leader in this field and has successfully developed and launched four IoT security solutions: Ivanti Neurons for RBVM, Ivanti Neurons for UEM, Ivanti Neurons for supporting the Internet of Medical Things (IoMT) Ivanti Neurons for Healthcare and Ivanti Neurons for IIoT build on the company’s acquisition of Wavelink, which secures Industrial Internet of Things (IIoT) networks.
“Internet of Things devices are becoming popular targets for threat actors, with IoT attacks accounting for more than 12% of global malware attacks in 2021, up from 1% in 2019, IBM ,” Dr. Srinivas Mukkamala, chief product officer at Ivanti, explained in a recent interview with VentureBeat. “To solve this problem, organizations must implement a unified endpoint management (UEM) solution that can discover all assets on the organization’s network—even the Wi-Fi-enabled toaster in the break room.”
“The combination of UEM and risk-based vulnerability management solutions is critical to enable seamless, proactive risk response to remediate actively exploited vulnerabilities across all devices and operating systems in an organization’s environment ,” Mukkamala said.
3.
Virtually every healthcare, service and manufacturing Enterprises rely on traditional IoT sensors.
From hospital departments and wards to workshops, traditional IoT sensors are the backbone of how these businesses capture the real-time data they need to operate. Both industries are high-value targets for attackers looking to compromise their IoT networks to initiate lateral movement across the network. 73% of IoT-based IV pumps are hackable, as are 50% of Voice over IP (VoIP) systems; overall, 50% of connected devices in a typical hospital today are at serious risk.
According to Forrester, one of the main causes of these vulnerabilities is that devices running unsupported operating systems cannot be secured or updated. This increases the risk of the device being “bricked” if an attacker compromises the device and cannot patch it.
4.
The problem with IoT is I, not T .
Forrester observes that IoT devices become a security liability as soon as they are connected to the Internet. One of the network security vendors interviewed for this article, who requested anonymity, said one of their largest customers was constantly scanning the network to resolve IP addresses pinged from outside the company.
This is a camera in the front hall of a security factory. Attackers are monitoring traffic patterns to see how they can infiltrate large numbers of workers coming to work, then gain access to internal networks and plant their sensors into them. No wonder Forrester observes that IoT devices have become conduits for command-and-control attacks—or botnets, as in the well-known Marai botnet attack and subsequent attacks.
What does an IoT attack feel like
Manufacturers told VentureBeat that they are unsure how to secure legacy IoT devices and their programmable logic controllers (PLCs). PLCs provide the rich, real-time data streams needed to run their businesses. IoT and PLCs are designed for ease of integration, not security, making it difficult for any manufacturer without a full-time IT and security staff to secure them.
A Midwest-based auto parts manufacturer suffered a massive ransomware attack that began when unprotected IoT sensors and cameras on its network were compromised destroy. VentureBeat has learned that attackers used a variant of the R4IoT ransomware to initially infiltrate the company’s IoT, video, and PLCs for automated HVAC, electrical, and mechanical preventative maintenance.
Once on a corporate network, attackers move laterally to find Windows-based systems and infect them with ransomware. The attackers also gained administrator privileges and disabled Windows Firewall and third-party firewalls before installing the R4IoT executable onto the machine over the network.
The attack made it impossible to monitor the heat, pressure, health and cycle time of the machine. It also freezes and encrypts all data files making them unusable. To make matters worse, the attackers threatened to post all the victim company’s pricing, customer, and production data on the dark web within 24 hours if the ransom was not paid.
The manufacturer paid the ransom, had no choice, and the cybersecurity professionals in their region didn’t know how to respond to the attack. The attackers know that thousands of other manufacturers don’t have the cybersecurity and IT teams to deal with this threat and don’t know how to. That’s why manufacturing remains the hardest hit industry. In short, IoT devices have become the threat vector of choice because they are left unprotected.
Agrawal told VentureBeat, “The Internet of Things puts a lot of pressure on enterprise security maturity. Extending zero trust to IoT is difficult because the endpoints are different and the environment is dynamic and full of legacy devices.” Asked for advice on how manufacturers and other high-risk industry targets should respond initially, Agrawal suggested that “accurate asset discovery, micro-segmentation, and identification are still the right answers, but when large How can the majority of IoT devices be deployed using traditional solutions when proxies are unacceptable? This is why many enterprises see agentless network security like Airgap as the only viable architecture for IoT and IoMT.”
VentureBeat’s Mission will be the technology decision maker for access to transformative enterprise technology and a digital town square that trades knowledge. Discover our newsletter.
Long-term use of admin password (including credentials) very common.
