Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
8/7/2020
10:00 AM
Aamir Lakhani
Aamir Lakhani
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

IoT Security During COVID-19: What We've Learned & Where We're Going

Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.

When the pandemic began, organizations worldwide rapidly transitioned to a remote work model. In their rush to ensure business continuity, however, many left their networks exposed to cybercriminals. Furthermore, the potential attack surface of these organizations continues to expand because of digital innovation and business growth, further increasing risk. At the same time, the speed and sophistication of cyberattacks continues to make defending the network more challenging.

With IT teams on constant alert, it can be difficult for organizations to see the big picture. The move to remote work exacerbated the current situation by adding hundreds or thousands of potential attack vectors overnight as remote workers, their devices, and sometimes their home networks were brought onto the network. Consequently, according to data from our FortiGuard Labs threat research team, there has been a significant increase in cyberattacks.

In many cases, vulnerable Internet of Things (IoT) devices — whether deployed in home or branch offices, or internal devices now being accessed by remote users — have played a significant role in this uptick. So, while IoT devices have been instrumental in helping organizations worldwide, the networks these devices are connected to must be properly secured.

IoT Devices, Security, and Remote Work
Now that time has passed since the pandemic began, most organizations have had time to work out many of the kinks associated with their pivot to remote work. From an IoT security perspective, one issue that has had serious repercussions is that not all organizations could obtain the number of laptops they needed for all the employees who had to work remotely.

As a result, many remote workers had to use — and some still are using — a variety of personal devices to connect into the corporate network, ranging from smartphones and tablets to laptops and PCs. The challenge is that those devices aren't only being used for work but also for activities including social media, shopping, and streaming entertainment. They're also typically far less protected by desktop security and endpoint protection solutions, rendering them more vulnerable to the malware associated with phishing attacks.

Attackers don't need to attack these personal devices directly to achieve their goals. Since these devices are connected to a home network, attackers have multiple avenues of attack at their disposal — including spreading malware through other computers, tablets, gaming, and entertainment systems connected to the home network. This also includes online IoT devices, such as digital cameras, smart appliances, and smart home tools like doorbells and thermostats.

In fact, the top three searches on Shodan are related to remote camera access. Granted, some remote cameras are intentionally open to the Internet. However, there is still a large number of cameras connected to the Internet with default credentials. Attackers can easily take advantage of this low-hanging fruit and potentially access systems that were never intended for the public.

What's important to keep in mind is that this may be only the first step for an attacker in attempting to exploit an organization. The ultimate goal is to find a way into a corporate or school network and its valuable digital resources, and attackers know that the easiest way in is often by exploiting a vulnerable device no one expects to be an issue.

Rise in IoT Adoption
One of the major things we're seeing during the pandemic is an uptick in IoT adoption. Juniper Research predicts that IoT platform revenues, for instance, will reach $66 billion in 2020 — a 20% increase over last year. And while medical and healthcare use of IoT is one of the biggest growth areas, it's not the only factor here. For example, as businesses start to reopen safely, touchless and contactless devices have become more appealing. This includes devices such as touchless building access, touchless point-of-sale devices, and body temperature cameras.

Lessons Learned and Key Takeaways
This is no time to stop being vigilant. Cybercriminals are committed to taking advantage of any opportunity to attack, and the IoT provides an enticing avenue for them to get in. Examples of this activity include:

  • Attacks against medical device suppliers. In one attack recently uncovered by our FortiGuard Labs threat research team, attackers sent an email pretending to request multiple medical devices and also containing a malicious Word attachment. If a recipient opened the attachment, it downloaded several files that could exfiltrate files from the user's computer.
  • Phishing attempts tied to COVID-19. Scammers have used the pandemic to send malicious emails, including those appearing to be reports from trusted sources such as governmental agencies and news outlets. It got so bad that the World Health Organization had to issue a statement, and the UN released an advisory to warn people to be on their guard against such phishing scams.

The importance of due diligence cannot be stressed enough. Cybersecurity user awareness training continues to be crucial. Cyber hygiene isn't just the domain of IT and security teams — everyone in your company needs to be given regular training and instruction on best practices for keeping individual employees and the organization as a whole safe and secure. Effective security technology is also essential. Organizations should look at their secure email gateways and access control solutions to ensure they're able to provide the level of protections today's threat landscape requires, and deploy proximity controls such as intrusion-prevention systems to protect IoT devices that can't be directly secured.

Adapt and Fight
Malicious actors never let a crisis go to waste. Even during a worldwide tragedy that affects them as well, cybercriminals have been hard at work, and their attacks are coming with surprising speed and sophistication, leaving already taxed IT teams scrambling to defend their networks. This has become trickier as the adoption of IoT devices has increased to accommodate new remote workers and the requirements of physical security for those returning to the office. Vigilance and ongoing cybersecurity training combined with an integrated security framework — including the deployment of desktop solutions such as Secure SD-WAN for key remote workers — are key aspects of a successful cybersecurity strategy in the fight against the latest crop of pandemic opportunists.

Related Content:

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Aamir Lakhani formulates security strategy with more than 15 years of cybersecurity experience, his goal to make a positive impact toward the global war on cybercrime and information security. Lakhani provides thought leadership to industry and has presented research and ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...