A game of hide and seek: find out what is lurking in the shadows

null

Reaching a critical mass
The trend towards a connected Internet of Things (IoT) shows no sign of abating. In fact, global spending is expected to reach $1.2 trillion by 2022 according to IDC, with a compound annual growth rate (CAGR) of 13.6 per cent. It’s not just from the emergence of smart cities either. The IoT is reaching broad-based critical mass across multiple industries. 

As Carrie MacGillivray, group vice president, Internet of Things and Mobility at IDC says: “The IoT market is at a turning point – projects are moving from proof of concept into commercial deployments. Organisations are looking to extend their investment as they scale their projects, driving spending for the hardware, software, services, and connectivity required to enable IoT solutions.”

However, whilst there are thousands of IoT projects taking flight across industry throughout the UK, their connected nature is opening up numerous new cybersecurity threats. Therefore, the IT manager must map out their morphing IT estate and discover which devices may be lurking in the shadows.

Printers to light bulbs
The more ‘things’ that are connected to the ether, the more points of potential infiltration there are to a modern business. Whilst they have been keen to undertake a digital transformation, organisations have often been slow to plug the cybersecurity gaps that have opened up by their rush to remain competitive. 

Today, everything from printers to light bulbs could be a route in for a cybercriminal. Just last month, 400 security cameras from Axis Communications were found to have critical flaws that could lead to their device being taken control of. With minimal effort, an attacker could remotely access the video stream, control the direction of the camera, alter its software or add the device to a botnet for use in DDoS attacks or cryptocurrency mining.

Making a Dyn
Just such a DDoS attack was seen last year when the global domain name system (DNS) server Dyn – responsible for the websites of the Guardian, Netflix, Twitter and many others – went dark under the weight of an unprecedented DDoS attack. In the post-mortem, security researchers ascertained that the primary source of the malicious attack traffic was from an army of infected IoT devices. 

The IoT has become the soft underbelly of the internet and can not only lead to an attack on the building blocks of the web as seen above but could lead to an attack on critical infrastructure. This is real doomsday type stuff. After all, whilst someone accessing your network and turning your boardroom lights off and on might be an inconvenience, someone using an unprotected IoT device to access the Highway Agency’s network, for example, and turn all the traffic lights to green could be catastrophic. 

An unfortunate truth

The IoT has multiplied the number of devices connected to the corporate network by a factor of ten. And that’s just the ones that we know about. The ease and availability of connected devices have led to a trend for Shadow IT. Finding what is happening within your own network’s shadows can be a daunting task for all companies – from startups to multinational blue chips. The unfortunate truth is that many IT departments today are too busy firefighting to carry out a full (and constant) inventory of their own systems. 

Whilst information security standards such as the Payment Card Industry Data Security Standard (PCI DSS) recommend that you undertake quarterly vulnerability scans, it is arguably not nearly regular enough. Some MSPs offer a managed scanning service that can be tantamount to an MRI scan for your network, giving a full and complete view of your network from an external perspective so that you can determine your complete connected footprint. 

Lurking in the shadows
Seeing what devices are lurking within your network’s shadows is essential to ensuring full perimeter security. Ensure that you are running IEEE 802.1X authentication standard so that any IoT devices wishing to attach to your network need prior authentication to do so. However, even when running 802.1X you can’t always legislate for forgetful IT admins. In our experience working with organisations large and small, we’ve found everything from furnaces to elevators that the IT team had no knowledge of. 

Each connected device is a potential route into your network and generally have only limited security, if at all. Even with 802.1X, we see devices continuing to be added to networks without having their factory-set login and passwords changed. This is of particular concern with IoT enabled devices such as building management systems (which provide door access control/entry) as they can compromise your physical security too.

The problem has been exacerbated by the fact that a list of the credentials of many of the most popular IoT devices has already being leaked on the dark web for all to see; meaning the bad guys now have the keys to your kingdom unless you change the locks. So, ensure that any IoT device you discover has robust authentication credentials that are difficult to crack.

The trend towards a fully connected Internet of Things has turned into a game of hide and seek for IT admins. To be an effective seeker you need to use the tools – and expertise – at your disposal to gain the advantage. You also need to look both within and outside of your network boundaries to build a full picture of potential points of attack born out of the Internet of Things. 

Dave Ashton is managed security services practice lead at Claranet.


Image Credit: Jariyawat Thinsandee / Freepik