September 13, 2016 marked one of the largest attacks the Internet has ever seen. Analysis of the event showed that traffic was approximately 620 Gigabits per second. That volume far exceeds what can knock regular websites offline.
Based on the size and intensity, it was obvious this was not a run-of-the-mill attack. Something was different, something new. During the analysis, security professionals noticed dispersed traffic. Unlike other attacks that stem from one region, traffic flowed from all over the world.
So who or what was the culprit? Signs pointed to a botnet that enslaved countless Internet of Things (IoT) devices. Routers, IP cameras, and even the office thermostat are connected these days, but often times with weak or hard-coded passwords.
Who do you think was the victim of this attack? Perhaps someone with little knowledge of IoT security issues? Exactly the opposite – it was KrebsOnSecurity, the website of renowned security journalist, Brian Krebs.
While his security team thwarted the attack, many questions remain. At the top of the list is, “How do we prevent IoT-based threats in the future?”
Safety Guidelines for IoT Security Issues
Diversifying networks with IoT devices and sensors creates an increasingly difficult environment to secure. Complicating the issue, IoT technology maintains persistent connections. At all times devices must be able to communicate with each other, end-users, and back-end services. “Always on” presence weakens security, leaving it open for foul play. Given this, we consider it as one of the more pronounced IoT security issues.
While the industry is still developing IoT security measures, we suggest beginning with the following:
Check and Adjust Router Security: The most basic threat prevention starts with passwords. Like routers, other IoT devices initially have hard-coded credentials, but sometimes changing passwords does little to impact overall security due to unpatched vulnerabilities. Routers are exempt from this as they typically provide more built-in security.
However, if you are a small business you also must consider Wi-Fi Protected Setup (WPS). According to the Wi-Fi Alliance, an industry group, WPS is “designed to ease the task of setting up and configuring security on wireless local area networks. WPS enables typical users who possess little understanding of traditional Wi-Fi configuration and security settings to automatically configure new wireless networks, add new devices and enable security.”
At the same time, this exposes routers and makes some easy to compromise. If you have a router that is vulnerable, you can disable the WPS from the administration page.
Invest in Scalable Infrastructure: Scalable infrastructure is imperative when adding more devices to networks. If an attacker targets one connected device and renders it useless, they then can create a ripple effect. With a scalable infrastructure, your network will be able to handle the increase in traffic if an attack were to take place. Pairing this with vigilant server patching and maintenance will prevent cybercriminals from taking down your network.
Create a User Strategy: With a diverse set of devices on the network, IT departments must be diligent with thorough reviews before deployment of BYOD programs. Consider separate VLANs and air gaps for testing. If too much access is given, devices could act as gateways to data breaches or escalated access.
User applications that open network ports or sockets should go through rigorous code reviews. Conducting examinations should be done at an interval commensurate with available staff.
Properly Document APIs: APIs should operate on a system of checks and balances. Exposed or undocumented features create new inroads for attacks.
Endpoint Security Protects from IoT Attacks
Popularity of IoT doesn’t seem to be stalling. In the coming years we are likely to see thousands or even millions of new data-generating endpoints added to networks. This unprecedented scale means that security will need to be foolproof and automated to keep pace.
Next generation endpoint security is the answer to the growing concerns over IoT security issues. Leveraging a lightweight, low-cost endpoint and server protection platform, companies will have an inside look of the behaviors on their endpoint. If one IoT device were to be targeted, powerful behavior-based threat detection would be there to identify and eliminate the threat.
Don’t let your network fall victim to the complexities of managing an IoT environment. Let SentinelOne help you map out every endpoint for constant monitoring.