Defending against attacks on vulnerable IoT devices
Cyber warfare is increasingly used as an attack method in international conflicts, because of the flexibility, impact, and, often, deniability it offers attackers. Governments leverage powerful technologies to conduct operations against geopolitical adversaries and internal dissidents, and to supplement active military engagements. Threat actors will want to gain control of powerful systems without tipping off their opponent that they have control to achieve wartime objectives. That’s why the ideal points of entry for a cyberattack are vulnerable, neglected Internet of Things (IoT) devices — a threat surface that constitutes the largest unsecured attack surface for most organizations today.
The Story So Far
Early examples like the Stuxnet worm that was deployed as a weapon against Iran’s nuclear program starting around 2005 (and only discovered in 2010) reveal that these attack vectors are nothing new to modern, global security forces. Since Stuxnet, there has been an explosion in the use of powerful IoT/operational technology (OT) devices in organizations of all kinds, ranging from network-attached storage systems, building automation, physical security, and office equipment. Powerful IoT devices are no longer under the control of governments or the military; they’ve been democratized. The large number of IoT devices within an organization makes attacks easier to scale, and the wide variety of device types have diversified attack angles.
Attacks that resemble special operations in their scope and target continue, but now private organizations ranging from entertainment conglomerates to more strategically important enterprises like energy providers must protect themselves as if they were in the crosshairs of a nation-state (as Sony Pictures was when hacked by North Korea).
The Ukraine–Russia conflict is another example of nation-state cyberattacks exploiting IoT devices. Since the beginning of the war, reports have circulated of both sides exploiting unremediated vulnerabilities, specifically critical infrastructure and unsecured IoT devices. Because of the function of these devices — as sensors, parts of camera networks, and so on — adversaries that obtain access gain highly sensitive data, including video and live feeds, which they can subsequently modify, use for intelligence or sabotage, or hold for ransom. Compromised IoT security networks have already led to real-world harm in this conflict and provided attackers with more efficient methods of getting intelligence and battlefield surveillance.
Before and during the conflict, hackers on both sides seeded botnet armies in networks waiting to be deployed. Vulnerable IoT devices are not hard to find if you know where to look for them. New forms of discovery, such as context discovery, will provide details on how the devices function, what applications they are tied to, and the overall data flow across the network. These devices are easy to infect because they are viewed as “set it and forget it” equipment that lack regular cyber hygiene. Because there is almost no effort on “bot eradication,” and instead organizations rely on “bot mitigation,” there are an untold number of bot armies lying in wait. The evidence of this can be found in the price listings available on the Dark Web that feature tens of thousands of compromised devices.
According to Check Point, nation-state actors are increasingly compromising edge devices to target US critical infrastructure. In May 2023, Microsoft warned that Chinese state-sponsored hackers, also known as Volt Typhoon, had gained access to government and communications critical cyber infrastructure. The group’s main goal was to gather intelligence and gain a foothold in US networks for future planned attacks.
Protect Yourself
Here are the three essential lessons for businesses that hope to protect against nation-state attacks:
To read the complete article, visit Dark Reading.