Menu

IoT FEATURE NEWS

Cyber Attack: The Next Frontier is the One You Don't See

By

The IoT is in a quiet crisis.

It is a crisis of security in which we are not the targets, but the vectors. The Mirai botnet and all the other recent attacks have used vulnerable IoT devices and systems as the method and vehicle for attacking third-party websites, systems and companies (remember Dyn?). Soon enough, and once the bad actors realize the value of IoT targets, our devices will be the targets, just as vulnerable as now if we don’t fix things.

These recent attacks have come about because of basic failures in simple security protocols for passwords, careless coders not closing a known SSH vulnerability, DNS faults and a host of other factors that we know about. What we need to start thinking about is what we don’t know about, yet.

It’s already happening, of course. Within the last few weeks, hundreds of thousands of Deutsche Telekom customers in Germany had their broadband service cut off following a hack-attack on its hardware. At one point, as many as 900,000 people suffered internet outages. That number fell to 400,000 as security measures were implemented.

The company said the incident was likely part of an apparently botched attempt to infect customers’ routers with a new version of (guess who) Mirai. Deutsche Telecom issued a software update to its 20 million German customers and asked affected folks to disconnect routers.

This new strain of Mirai targets a flaw in the SOAP (Simple Object Access Protocol) service embedded in the Zyxel router products, allowing the malware to take over the devices, according to a PC World Article. (Source: http://www.pcworld.com/article/3145449/security/upgraded-mirai-botnet-disrupts-deutsche-telekom-by-infecting-routers.html).

Security experts were, naturally, expecting this kind of thing.

“I am not surprised that this happened to Deutsche Telekom, as we know that most home gateways are insecure, yet present an attractive target for attackers because they are always on and always online,” said Cesare Garlati, chief security strategist, prpl Foundation (www.prplfoundation.org). “The problem in this instance was that the manufacturer updated its box from previous versions and left a service normally reserved for carrier use to maintain its service open to the internet and unauthenticated.  We also need to change the mindset of the carrier industry and government to realize that there is no such thing as a ‘secure backdoor’ or this is a problem that we will likely see again. Luckily, Deutsche Telekom was able to patch the issue, which was exactly the right thing to do, it just was maybe more reactive than proactive.  In the future, I hope we see carriers considering manufacturers with higher security standards.”

Companies have been ignoring the warnings of security experts, analysts and pundits for years in the search for more profit and faster product delivery to market. This is unacceptable.

“For years security pros have been warning about the dangers of the millions of insecure home routers like the ones targeted in the Deutsche Telekom attack this weekend. What has changed is the arrival of the Mirai exploit targeting these routers and other IoT devices. Mirai is to IoT attacks what the assembly line was to the industrial revolution,” said Jonathan Sander, VP of product strategy,  Lieberman Software (www.liebsoft.com). “We should expect to see bad guys manufacturing attack after attack with it. Unlike an assembly line, though, Mirai is downloadable by anyone. In the Deutsche Telekom case, it looks like the attacker may have set Mirai up incorrectly. It certainly wouldn't be the first time someone set up large scale software badly. Deutsche Telekom and others have a large challenge on their hands. Not every attacker will get Mirai wrong and save the day for them. And those years of warnings they and every other vendor have gotten about the poor security of IoT means they are years behind the problem.”

Rod Schultz, VP of product, Rubicon Labs (www.rubiconlabs.io), added, “With this attack and with Mirai you are beginning to see the dangers with ‘break once, break everywhere’ technology. You have an ecosystem of routers that are hosted by Deutsche Telekom that have little digital diversity (same hardware and software), and an exploit on one router appears to be working on all routers, or there is a cascading effect that is bringing down the network. Management of devices is simpler when they are all the same, but that simplification is also leveraged by attackers to compromise the system. To be clear, this is not a simple problem to fix, and that security challenge is going to be exploited by attackers for many years to come.”

A new report from Arthur J. Gallagher & Co. examines emerging cyber security exposures, how organizations can protect themselves, and practical steps to take before and after a breach occurs.

According to the report, growing array of security and privacy threats pose significant financial, reputational and physical harm to businesses, organizations and the communities they serve. It is critical for organizations of all sizes to understand these various exposures and learn how to detect and address them.

The report, “Protecting Security and Privacy in an Interconnected World,” examines common and emerging technological vulnerabilities and the steps that organizations can take to prepare for, mitigate and address them.

Adam Cottini, cyber liability insurance and risk specialist, and Managing Director, Cyber Liability Practice, Arthur J. Gallagher & Co., says in the report that cyber-attacks can be financially, competitively, politically or ideologically motivated. They can even be the work of thrill-seekers with no specific agenda. These attacks can come from outside or within the organization. Regardless of their origins or the motivations behind them, cyber-attacks can have serious, potentially devastating consequences.

“Security may not always be the manufacturer’s top priority because considerations such as speed to market and returns on investment tend to overshadow the investment in security,” he said. “The more networked technology we use, the more ways there are for hackers to infiltrate databases and cause financial or physical harm. Thus there is a growing need for organizations and individuals to be vigilant in protecting connected systems from the consequences of these threats.”

To leave security on the back burner is becoming more and more foolish, and short sighted. What’s more, it could spell the end of the industry for decades, if allowed become irreversible.

The report recommends several steps that organizations can take immediately to ensure that they are better prepared when a breach occurs:

•           Bring together representatives from all functional areas with responsibilities for managing cyber risk to identify and set high-level security priorities, understanding that reducing this risk involves more than an organization's information technology team

•           Cultivate an internal culture of security awareness, educating and training employees to report suspicious activity or potential/actual breaches

•           Develop an Incident Response Plan detailing the organization's process for addressing a potential or known breach

•           Interview multiple qualified breach response attorneys in advance of a breach, and selecting more than one, in the event that a conflict arises

Insurance
The report examines the insurance coverage that can come into play in the event of a cyber breach, including the third-party liability and first-party breach response and operational costs that are eligible for coverage under a traditional cyber insurance policy. Some cyber exposures, including many related to the Internet of Things, are not covered by a traditional cyber policy but may be covered under other property/casualty insurance policies. Cottini digs into the steps that organizations should take immediately after a breach has been detected to ensure that insurance applies.

Given the number of coverage variables, Cottini recommends that organizations seek the advice of an insurance broker with expertise in cyber insurance to avoid encountering any unanticipated coverage gaps if a breach occurs.




Edited by Ken Briodagh
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Editorial Director

SHARE THIS ARTICLE
Related Articles

Rising Edge Computing Investments to Reach $350B by 2027, According to IDC

By: Alex Passett    3/27/2024

Worldwide spending on edge computing is expected to surge (and then keep going) for the foreseeable future, according to the International Data Corpor…

Read More

ZEDEDA Adds Lisa Edwards as New Board Member, Seeks Opportunities to Strengthen Operations and Scale

By: Alex Passett    3/26/2024

Earlier this morning, ZEDEDA announced the addition of Lisa Edwards to its board of directors.

Read More

An Existing IoT Collab, Emboldened: Digi International and Telit Cinterion Transform Solutions with 5G RedCap Integration

By: Alex Passett    3/25/2024

The ongoing industry collaboration between Digi International and Telit Cinterion signals strong support for the mainstream showcasing of 5G for IoT a…

Read More

Telit Cinterion's 5G LGA Modules, Powered by Snapdragon from Qualcomm, to Create a Big Leap in IoT Connectivity

By: Alex Passett    3/25/2024

Telit Cinterion recently unveiled its FE990B34/40 LGA family of modules, powered by the Snapdragon X72 5G Modem-RF System from Qualcomm Technologies, …

Read More

Embracing Innovation in Mining: The Role of Network-Aware Applications in the Digital Transformation

By: Special Guest    3/21/2024

Shabodi leverages private 5G network capabilities and enables the development of network-aware applications to enhance operational efficiency, automat…

Read More