IoT devices are becoming increasingly popular – almost all of them can now be connected to the Internet. Some of them may be at your home or business and you may not even notice them. Smart lights that synchronize with home control applications, IP cameras, weather reports on smart fridges, smart thermostats – basically all devices that don’t expect to be connected to the Internet. Special info Linux Plesk server management.
The ongoing coronavirus pandemic, now that 100% of staff have been withdrawn and IT teams need to be able to work remotely while maintaining security, is further evidence of this.
The devices of the Internet of Things make our lives a little easier and more convenient, but they cost more because they provide new attack vectors for cunning cyber attackers. Gartner predicts that more than 20.4 billion IoT devices will be connected by 2020, allowing these attackers to choose from a variety of targets. In addition, recent research has shown that the number of hacker attacks on IoT devices has increased by 300%, further indicating that unprepared home networks are easy prey for cybercriminals.
IoT devices are often overlooked as part of the network because the connections and openings they leave in the network are not counted at the same time. The average user often assumes that the security is built in and is therefore not a problem. The problem is that IoT devices are not built for safety reasons; the aim of production and development is to be the first to come on the market with a good product. This can lead to unintended weaknesses in the device, which the consumer has to eliminate. In addition, installers may not have appropriate security training and may not understand the safest way to configure the device, leaving the customer vulnerable. For example, it is known that camera manufacturers open ports and leave them open for Internet access, allowing attackers to scan and search for vulnerabilities.
These devices are vulnerable to common attacks such as privilege escalation, denial of service, severe limitations, firmware interception, etc. Some malware such as Mirai uses it and specifically targets Linux-based IoT devices, transforming them into attacker-managed bots for use in large-scale DDoS attacks – exactly what happened to the Mirai botnet in 2016 when Internet access was disrupted on the east coast of the United States.
IoT devices are often hacked due to unpatented firmware or the use of standard usernames and passwords. Shodan, the search engine for IoT devices, is one of the methods attackers use to search for devices that have access to the Internet, where they can try to access the network using these standard references.
From a business point of view, a single malicious device can endanger an entire network, and this feeling persists even when employees work from home. When connected to the network, whether in the office or via VPN, the device has access to vast amounts of sensitive data. If the organization in question has not properly segmented the network, an attacker may intercept an IP camera on the Internet and move on the data side of the network or infect other devices connected to the network with malicious software.
Unfortunately, there are no security standards for IoT devices and many vendors do not test the vulnerability of their devices before they are shipped. The Internet of Things is still relatively new and governments are slow to enact laws or regulations for new technologies because laws quickly become outdated or misinformed from the start. Let’s take the example of the robots: in 2009, the FTC introduced rules prohibiting robots without the consent of the recipient, with a few exceptions. However, enforcement has been extremely difficult and, as many people know from the recent call list, the frequency of the robots has not decreased.
At the same time, through regular orders, companies can take certain measures to protect their network against IoT attacks and better prepare for the return of employees to the office:
- Change the default username/password. It often produces ship’s equipment with very simple references that are easy to find on the internet. Replace them with complex sentences that would otherwise not be used.
- Change the name of the device. If your device has the ability to change the name, please change it to a name other than that of the manufacturer. Some names provided by the manufacturer may tell attackers what they are so that they can investigate the available vulnerabilities of the device after they have been listed.
- Get a global view of security events by absorbing events from all devices/applications on your network. When an incident occurs, a quick response and damage limitation is necessary to prevent or minimize damage. This visibility allows you to be better prepared to reduce the impact of everything relevant to your network.
- Separation of devices in the network. If possible, IoD devices such as camera systems should be removed from your internal network in case they are hacked, to minimize the chance of attackers entering your network.
- Explore your IdO devices before you buy them. Before you buy new IoD devices, study them and make sure that the vulnerabilities are known and can be fixed. If they do not exist, another supplier can offer a safer product.
- Apply the seller’s patches. This is good practice, not only for IoT devices, but also in general. Unfortunately, some suppliers do not release additional patches. This is another reason you should consider before buying.
Photo credits : shawn_hempel/depositphotos.com
Josh Smith is a Cyber Security Analyst at Nuspire, a managed network security service provider, where he specializes in the security of information systems. As a member of the Security Analysis and Reconnaissance team, Josh is an expert in identifying cyber security trends, analyzing threat actors and tracking information about operational threats.with great risk often comes great reward,the greater the risk the greater the reward meaning,how do we benefit from this increased interconnectivity?,what are the risks associated with this kind of connectivity?,what is the motivation for creating an internet of things,take risk in your life quotes,how does the issue of cybersecurity relate to the internet of things?,risk sayings