With IoT's large attack surface and inherent lack of security, hackers have more opportunities to enter an organization's networks. The IoT industry does not have one clear set of security standards for developers and manufacturers to build in consistent security, but there are many security best practices. IT admins might find it difficult to keep track of and update devices, which can remain in the field for many years.
Hackers scan networks for devices and known vulnerabilities and increasingly use nonstandard ports to get network access. Once they have device access, it is easier to avoid detection through fileless malware or software memory on the device.
1. IoT botnets
After major botnet attacks such as Mirai in 2016, IoT developers, admins and security officers won't forget to take measures to prevent this type of attack. Botnet orchestrators find IoT devices an attractive target because of weak security configurations and the quantity of devices that can be consigned to a botnet used to target organizations.
An attacker can infect an IoT device with malware through an unprotected port or phishing scams and co-opt it into an IoT botnet used to initiate massive cyberattacks. Hackers can easily find malicious code on the internet that detects susceptible machines or hides code from detection before another code module signals devices to launch an attack or steal information. IoT botnets are frequently used for distributed denial-of-service (DDoS) attacks to overwhelm a target's network traffic.
This article is part of
Botnet attack detection is not easy, but IT admins can take several steps to protect devices, such as keeping an inventory of every device. Organizations should follow basic cybersecurity measures, such as authentication, regular updates and patches, and confirmation that IoT devices meet security standards and protocols before admins add them to the network. Network segmentation can wall off IoT devices to protect the network from a compromised device. IT admins can monitor network activity to detect botnets and must not forget to plan for the whole device lifecycle, including end of life.
2. DNS threats
Many organizations use IoT to collect data from older machines that weren't always designed with more recent security standards. When organizations combine legacy devices with IoT, it can expose the network to older device vulnerabilities. IoT device connections often rely on DNS, a 1980s decentralized naming system, that might not handle the scale of IoT deployments that can grow to thousands of devices. Hackers can use DNS vulnerabilities in DDoS attacks and DNS tunneling to get data or introduce malware.
IT administrators can ensure DNS vulnerabilities do not become a threat to IoT security with Domain Name System Security Extensions (DNSSEC). These specifications secure DNS through digital signatures that ensure data is accurate and unmodified. When an IoT device connects to the network for a software update, DNSSEC checks that the update goes where it is supposed to without a malicious redirect. Organizations must upgrade protocol standards, including MQ Telemetry Transport, and check the compatibility of protocol upgrades with the entire network. IT administrators can use multiple DNS services for continuity and an additional security layer.
3. IoT ransomware
As the number of unsecured devices connected to corporate networks increases, so do IoT ransomware attacks. Hackers infect devices with malware to turn them into botnets that probe access points or search for valid credentials in device firmware that they can use to enter the network.
With network access through an IoT device, attackers can exfiltrate data to the cloud and threaten to keep, delete or make the data public unless paid. Sometimes payment isn't enough for an organization to get all its data back and the ransomware automatically deletes files regardless. Ransomware can affect businesses or essential organizations, such as governmental services or food suppliers.
Basic strategies IT administrators can take to prevent ransomware attacks include the assessment of device vulnerabilities before deployment, disablement of unneeded services, regular data backups, disaster recovery procedures, network segmentation and network monitoring tools.
4. IoT physical security
While it may seem unlikely that attackers will physically access an IoT device, IT administrators must not forget this possibility when they plan an IoT security strategy. Hackers can steal devices, open them up and access the inner circuits and ports to break into the network. IT administrators must only deploy authenticated devices and only allow authorized and authenticated device access.
For physical security measures, organizations should place devices in a tamper-resistant case and remove any device information that manufacturers might include on the parts, such as model numbers or passwords. IoT designers should bury conductors in the multilayer circuit board to prevent easy access by hackers. If a hacker does tamper with a device, it should have a disable function, such as short-circuiting when opened.
5. Shadow IoT
IT admins can't always control what devices connect to their network, which creates an IoT security threat called shadow IoT. Devices with an IP address, such as fitness trackers, digital assistants or wireless printers can add personal convenience or assist employees with work, but they don't necessarily meet an organization's security standards.
Without visibility into shadow IoT devices, IT admins can't ensure the hardware and software have basic security functionalities or monitor the devices for malicious traffic. When hackers access these devices, they can use privilege escalation to access sensitive information on the corporate network or co-opt the devices for a botnet or DDoS attack.
IT admins can put policies in place to limit the threat of shadow IoT when employees add devices to the network. It is also important for admins to have an inventory of all connected devices. They can then use IP address management tools or device discovery tools to track any new connections, enforce policies, and isolate or block unfamiliar devices.