The Internet of Things (IoT) is one of those concepts that seems to be gaining irreversible momentum in the world of technology. The basic concept - that every object in our daily lives, from refrigerators to thermostats to lights is WiFi enabled and connected to our networks - is an appealing one to many, offering up a Jetsons-like future where your home responds to your needs and commands. Developers in this space envision a future where your refrigerator can order milk from an online delivery service when it senses your stock getting low and your furnace can switch on 20 minutes before you get home to maximize efficiency and comfort.
As a security professional, however, reading this might well be sending up the brightest of red flags. From a network and cybersecurity perspective, every wireless-enabled device represents a potential access point for malicious actors - and if people struggle to keep their antivirus up to date, how many users are going to take care to update their smart toaster’s firmware?
Indeed, such networks are already being exploited. The Mirai botnet uses IoT devices to support DDoS attacks that resulted in several prominent outages last year, and by the looks of things, this trend is going to continue.
“The Mirai botnet has forced stakeholders to recognize the lack of security by design and the prevalence of vulnerabilities inherent in the foundational design of the Internet of Things devices leveraged in the attack,” conclude the Institute for Critical Infrastructure Technology in its report on the phenomenon, somewhat ominously titled Rise of the Machines. “In fact, due to a saturated pool of bot victims, script kiddies have already begun adapting the malware to new victim hosts or adopting new malware altogether. Mirai presents an interesting case study because its operation and activity inform the security community of threat actor trends in targeting, services, and capabilities.
Put simply, the most common and likely problem created by the IoT is the way it creates new possibilities for DDoS attacks that can knock out specific services or websites by flooding them with traffic. The devices, once infected, send constant requests to a single address mimicking legitimate traffic. Eventually, the sheer bandwidth of malicious and legitimate requests simply crashes the target, or forces their Internet Service Provider (ISP) to shunt the traffic into a “black hole.”
In October 2016, the Mirai botnet conducted just such an attack on Dyn, an internet performance management firm whose products are employed to control traffic and mitigate such attacks. By sending tens of millions of DNS lookup requests to Dyn, they crashed the service and rendered dozens of major sites like Netflix, CNN, Reddit and others completely inaccessible.
The total bandwidth employed in the attack is estimated at 1.2 Tbps - making it one of the largest such attacks on record.
“We have a serious problem with the cyber insecurity of IoT devices and no real strategy to combat it,” David Fidler, an adjunct senior fellow for cybersecurity at the Council on Foreign relations told the Guardian. “The IoT insecurity problem was exploited on this significant scale by a non-state group, according to initial reports from government agencies and other experts about who or what was responsible. Imagine what a well-resourced state actor could do with insecure IoT devices.”
As with most security issues, the old maxim holds true - “an ounce of prevention is worth a pound of cure.” Limiting the number of web-enabled devices within an organization to the operationally necessary amount is never a bad idea. Every WiFi-enabled device you remove or limit is one fewer access point or potential botnet member.
Similarly, it’s important to review the technologies and the safety measures on the IoT devices - as well as conventional computers - you do employ. There are distinct differences between those firms producing such technology that take security access seriously and those for whom it’s an afterthought. The nature of these products makes it complex - after all, most reviews for a printer, for example, don’t include information about its security features - but it’s worth the extra time and expense to prevent a costly and devastating attack.
Beyond the prevention aspect, however, you need to prepare for the somewhat inevitable possibility of a breach. We live in an era where even global intelligence agencies routinely end up leaking data and experiencing security failures. Once these do occur, what matters is how quickly and effectively you react.
IoT devices vastly increase the number of potential failure points in your networks - networks that are already extremely complex and interwoven. Untangling and tracking down a specific access violation is a challenging task - but one that’s made significantly easier by technology.
As a big data analytics system, Visallo gives cybersecurity professionals and intelligence analysts the most important tools to deal with these massive data sets. It allows investigators to aggregate a range of different sources into a unified platform. With this technology, you can craft powerful visualizations of the connections between disparate inputs and actions. Web-enabled devices may be proliferating, which makes it all the more important to invest in tools that can keep pace.
Visallo’s benefits extend to a suite of collaboration tools equipped with granular access controls. Administrators get the ability to limit access privileges for each user. This ensures everyone can access the most important data without risking accidental exposure of data. When an investigation employs multiple parties and stakeholders, Visallo makes it possible for each to work on their piece of the puzzle, while sharing their work with everybody else.
The IoT may represent a new and risky development for security professionals, but it doesn’t have to be overwhelming. The tools now exist to cope with this new reality.