Small devices, big risk: IOT
At this year's it-sa there was scarcely an exhibitor stand that didn't have the three letters IoT somewhere on it. While the acronym is causing headaches for IT security experts, the sector has adapted its products to the Internet of Things.
At the moment, a botnet consisting of IoT components is sending out 1.8 million spam emails every single day. Its owners generally do not know that their surveillance cameras or WLAN routers are being misused to send out unwanted advertising. The attackers are deliberately keeping the volume of emails small so that the devices do not attract attention and get blocked by spam filters. The botnet known by the name Linux.ProxyM currently consists of just around 5,000 devices, but is likely to grow rapidly. The attackers use Linux-based IoT devices in which the access data provided by the manufacturer have not been changed, in a similar way to the Mirai botnet that was used on a massive scale to launch DDOS attacks a year ago.
Whether camera or router, most IoT devices used by consumers run on a Linux operating system. This makes them very attractive to cybercriminals, because there is plenty of malware available for it on the darknet and most users of such devices are not familiar with Linux; moreover, updating the software for most IoT devices is a complicated process.
Modern bank robbery using IoT devices
Anyone bringing unsecured IoT devices into a company network unintentionally creates "floodgates" through which data migrate and unauthorised access is possible. There are many examples where criminals have misused such devices. One such example is the Russian gang operating under the name Carbanak, which hacked into the surveillance cameras of banks and observed customers entering their passwords, just another method of robbing banks of their money.
Two years ago, an investigation by management consultant McKinsey found that deficient IT security was the biggest hurdle for the success of the IoT. For the IoT market, the management consultants confirmed an annual growth rate of 15 to 20 percent, which would be much higher if the industry were in a position to tackle the security problems. But customers too lacked security awareness and were also not prepared to pay more to cover the higher costs of security. So the results of a survey of IT executives are not surprising: More than 90 percent of respondents think there will be more attacks on industrial IoT, known as cyber physical systems.
IoT manufacturers are struggling to meet challenging requirements
For many manufacturers of IoT components, however, it is not at all easy to meet the necessary specifications, especially in the industrial environment. The devices themselves are supposed to be as small and flexible as possible but not use a lot of power. In such circumstances, security is often left out of the equation. The encryption of transferred data alone calls for more powerful chipsets, which not only need more electricity but also more space. They also produce waste heat.
In addition, manufacturers have to contend with different forms of attack. If the devices are well protected the associated app is attacked. And if this doesn't work, attackers turn to the Cloud platform where the data has been collected and processed. This means that three very different scenarios have to be considered.
There are also differences in the objectives of the cybercriminals. As is clear from the first example given, numerous components are only attractive because they are well networked and easy to hijack. These devices are hacked so that they can be used to launch attacks on other targets. As the attacks are not directed at the device owners, they often have no idea that their devices have been misused in this way. IOT components, which are an integral part of important infrastructure like cameras in banks, are a worthwhile target in themselves, often only as a means of gaining access to a company's network.
The vendors of security products for cyber physical systems have responded to this variety of threats with a wide range of solutions. Many are dedicated to detecting anomalies in the network, while others offer identity and access management for Cloud platforms or hardware modules for secure M2M communication.
You will also find news about all aspects of it-sa and the IT security environment in the it-sa Security Newsletter.