IoT traffic in the enterprise is rising. So are the threats.
Do you know exactly what IoT devices are on your network and how active they are? You’d better, because they might be opening the door to cybercrime.
IoT devices are, of course, nonstandard computing devices that connect wirelessly to a network and have the ability to transmit data. These devices can communicate and interact over the internet, and they can be remotely monitored and controlled.
Connected devices are part of a scenario in which every device talks to other related devices in an environment to automate home and industrial tasks, and to communicate usable sensor data to users, businesses and other interested parties. IoT devices are meant to work in concert for people at home, in industry, or in the enterprise.
Enterprises around the globe have been adopting the use of IoT products to improve organizational efficiency, enhance communications, and to gain insight into system performance.
That translates to quite a bit of budget being dedicated to these devices.
IDC has predicted that IoT spending will reach $745 billion in 2019 and surpass the $1 trillion mark in 2022. That’s a 15 percent increase over 2018’s $646 billion. According to the same report, the U.S. and China will be spending the most at $194 billion and $182 billion, respectively. They are followed by Japan, Germany, Korea, France, and the UK.
Analyzing IoT transactions
To help organizations get a better understanding of IoT activity in the enterprise, the ThreatLabZ research team analyzed IoT traffic across the Zscaler cloud during a one-month period between March and April 2019.
The analysis looked at the types of devices in use, the protocols they used, the locations of the servers with which they communicated, and the frequency of their inbound and outbound communications, as well as IoT traffic patterns.
The report, titled IoT in the Enterprise: an analysis of traffic and threats, provides a general overview of the most frequently seen device categories, then takes a deep dive into the transaction data for specific types of IoT devices.
It also explores some of the security concerns around IoT devices, including the use of plain-text channels and the threat of malware.
The rapid adoption of these IoT devices has opened up new attack vectors for cybercriminals. And, as is often the case, IoT technology has moved more quickly than the mechanisms available to safeguard these devices and their users.
Researchers have already demonstrated remote hacks on pacemakers and cars. And, in October 2016, a large distributed denial-of-service (DDoS) attack, dubbed Mirai, affected DNS servers on the east coast of the United States, disrupting services worldwide. This attack was traced back to hackers infiltrating networks through IoT devices, including wireless routers and connected cameras.
In August 2017, the U.S. Senate introduced the IoT Cybersecurity Improvement Act, a bill addressing security issues associated with IoT devices. While it is a start, the bill only requires internet-enabled devices purchased by the federal government to meet minimum requirements, not the industry as a whole. However, it is being viewed as a starting point that, if adopted across the board, could pave the way to better IoT security industry-wide.
One of the ThreatLabZ team’s discoveries was that the vast majority of IoT transactions were occurring over plain text channels, instead of the more secure SSL-encrypted channels. While a major security vulnerability, the use of unsecured channels is just one vulnerability with IoT devices. They are notorious for weak, preset passwords that often go unchanged.
Malware in IoT traffic
As with just about every device connected to the internet, malware is also a threat to IoT devices. Each quarter, the Zscaler cloud blocks approximately 6,000 transactions from IoT-based malware and exploits. And, earlier this year, the Zscaler ThreatLabZ team analyzed certain threats that were targeting IoT devices.
The fact is that there has been almost no security built into the IoT hardware devices that have flooded the market in recent years, and there’s typically no way to easily patch these devices. While many businesses have thought security for IoT devices unnecessary because nothing is stored on the devices, this isn’t the case. The Mirai botnet attack illustrated how exposed companies can be as a result of their IoT devices.
Even though these devices continue to be an easy target for cyberattacks, enterprises can take steps to reduce the risk:
- Change default credentials to something more secure. As employees bring in devices, encourage them to be sure their passwords are strong and their firmware is always up to date.
- Install IoT devices on isolated networks (to prevent lateral movement), with restrictions on inbound and outbound network traffic.
- Restrict access to the IoT device as much as possible from external networks. Block unnecessary ports from external access.
- Apply regular security and firmware updates to IoT devices, in addition to securing the network traffic.
- Finally, deploy a solution to gain visibility of the shadow IoT devices that are already sitting inside the network and ensure above safeguards.
Advanced security for IoT devices
IoT devices have become commonplace in enterprises from all industries and in nearly every corner of the globe. These devices were designed to help improve efficiency and expand communications, and organizations continue to explore new ways to incorporate these devices into everyday operations. Of course, many of the devices are employee-owned, and this is just one of the reasons they are a security concern.
With all of these new connected devices, and the enormous amounts of associated data traversing your network and opening up new attack vectors for cybercriminals, can you trust your legacy network to provide adequate security?
The security of your enterprise hinges on your answer.
Read the entire report, IoT in the Enterprise: an analysis of traffic and threats. I’d like to thank our Sr. Security Researcher Viral Gandhi for his help in compiling the report.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Deepen Desai is VP of Security Research at Zscaler