With the rise of automation, remote access, and the ever-expanding Internet of Things (IoT), IT and OT teams are collaborating at an unprecedented rate to strengthen organizational network security. The Forescout Research Labs Team has explored many areas of risk resulting from the IT-OT convergence and the rise of IoT to increase awareness and help businesses craft a more holistic cybersecurity strategy.
Our most recent report on the evolving IoT threat landscape is divided into a few distinct areas, focusing on commonly targeted devices and specific points of entry that could be exploited by attackers. Because many malicious actors want to conceal their actions, a large portion of this report focuses on two IoT devices that enable visibility, security cameras, and lighting systems.
IoT Is All Around You
The security of a business operation that relies on heavy machinery and physical labor is no longer disconnected from the world. With a staggering majority of devices – expected to reach more than 30 billion by 2020– connected to vast networks and the internet, cybersecurity becomes a critical focal point for the age of IoT.
When people say that everything is connected, it’s not an exaggeration. Wherever you are reading this, take a moment to look around you – how many things do you see that are remotely controlled or connected to the internet? Now recognize that all of this goes deeper than the eye can see – within the walls of the very buildings we live and work in, the systems that provide functions from climate control to physical security are managed through complex networks consisting of both IT and OT components.
Who Watches the Watchmen?
A perfect example of this is the video surveillance systems (VSS) that ensure the safety of your surroundings in public spaces and provide security for your home and your office. Cameras, a physical component, in most cases no longer rely on analog technology. Today’s IP (digital) cameras are connected to a network, through which they send a signal to monitors used to watch it in real time and to recorders that store the footage.
Using specific protocols, the digital signal with the footage must pass through a complicated web of different network checkpoints, switches, and servers before it ends up on the monitor. These numerous points of entry multiply the possibility of a cyberattack, like hijacking the feed or erasing footage, by a malicious actor.
The Forescout Labs Research team published revealing findings on just how vulnerable these IP cameras are. Some of the issues they came across included:
- Unwanted communication links between the IT network and the VSS caused by firewall misconfiguration
- Unwanted services and insecure protocols enabled
- Weak passwords to access IP cameras
- Vulnerabilities that could result in cameras being taken over by malicious actors
This perfectly illustrates how surveillance systems are physical security tools that need a cybersecurity tool to protect themselves.
Lights On, Lights Off
One of the most popular smart lighting solutions, the Philips Hue, uses a dedicated bridge device that connects all lights on its own network – but, in order to work with remote systems, the bridge must be connected to a Wi-Fi router. The lights will work just fine without it, as you can just flip the switch on and off, but the added benefit of remote control and energy savings is gone. That bridge provides another potential network entry point for a malicious actor.
The Forescout Research Labs team successfully performed a denial of service (DoS) attack by switching off the lights and conducted an entire platform reconfiguration of the Hue bridge in their test environment. It might sound a little mundane at first, but if someone wants to hide their malicious activity, turning the lights off just might do the trick.
There’s So Much More to IoT
Most smart buildings have their own IoT systems connected to a wide array of devices, ranging from enterprise solutions like VoIP phones and teleconference systems to personal devices, or BYOD, such as wearables and smartphones. Any device that enters this network is subject to multiple protocols, dictating what function it serves in the bigger picture. Many communication and messaging standards are put into place to help ensure proper networking, but what matters most is how secure each of these protocols are.
To illustrate how a protocol could be used as an entry point into an IoT system, the Forescout Research Labs team used the MQTT protocol to infiltrate an IoT network and gather information such as available assets and their location, configuration information and even sensitive information like credentials. They also successfully performed a denial of service (DoS) attack on an entire IoT system by flooding the network with MQTT packets, illustrating the relative ease with which a hacker could infiltrate a network and wreak havoc.
In all these cases, what can save the day is visibility. It’s crucial to not only continuously monitor a network – routine checks in this day and age are highly inefficient – but also to know what devices are connected to it. Any of the threats mentioned above could be quickly detected as an anomaly in the network, traced back to the device where it was coming from, and knocked out of the system.
Network monitoring and visibility are a first step to creating a strong cybersecurity strategy based on data and experience. However, the strategy must go beyond just observing – security teams must be able to automate and orchestrate appropriate responses and prevent future issues by using this data to strengthen their remediation strategies. Since many organizations have dozens of security solutions at their disposal, effective and efficient security orchestration, automation, and response (SOAR) depend on sharing contextual insight into devices, automating security workflows, and empowering responders.
As the scale of IoT devices grows, so does the need to have them in check. A skilled security officer with high-quality visibility and network monitoring technology could be the only thing standing between you and a world of risk.
This blog post is a simplified summary of an in-depth research report detailing the growth of IoT, possible business risks stemming from this growth, and transforming cybersecurity strategy to mitigate these new threats. Download the “Rise of the Machines: Transforming Cybersecurity Strategy for the Age of IoT” report from Forescout Labs to learn more.