The Internet of Things is poised to be an influential force in the world of cybersecurity, according to a prominent technology strategist at Symantec.
While other trends such as proliferation of the cloud ransomware, rogue nation states, file-less malware, SSL abuse and criminal drone usage could have a big impact in 2017, IoT represented a more immediate threat, according to Symantec’s technology strategist for the Pacific region, Mark Shaw.
In particular, Shaw identified connected cars being taken for ransom, the increase of IoT device penetration within enterprise, and the growing threat of IoT DDoS attacks as being key threats.
“It’s been a really interesting time as far as connected cars are concerned, [with] recalls over the last little while around the potential for cars to be hacked,” he said.
“More recently, Keen Security Labs – a white hat hacking organisation out of China – showed how they were able to remotely take control of a Tesla, move the seats around, move the sunroof back, and access and manipulate some of the core controls, such as braking.”
Shaw said that the growing proliferation of connected cars on our roads means that the threat of attack will correspondingly increase, but in the case of Tesla, he praised the company’s subsequent actions following the discovery of the most recent vulnerabilities.
“Telsa did the right thing by not only fixing the vulnerabilities, they also addressed a much bigger potential problem by introducing code signing for all of their future updates,” he explained.
“When we think about ransomware and the opportunistic approach that it will take, we’ll certainly see that as cars become more connected, it won’t be surprising to see individual vehicles or a fleet of vehicles being held to ransom until an arbitrary amount is paid.
“It’s really an extension of what we’ve already seen with mobile devices, files on PCs and laptops, and even things like smart TVs that have been shown to being vulnerable on that front.”
The challenge of IoT growth in enterprise
Shaw said two factors will accelerate the adoption of IoT devices in enterprises that has long been predicted but has yet to manifest itself, particularly in Australia.
“The first is coverage and capacity of the networks. Now that 4G is nearly ubiquitous, and we’ve had trials with 5G in Australia, paving the way for new high-speed mobile networks, we’re really expecting IoT to take off next year,” he said.
“Secondly, the amount of data that these devices generate and the need to process that data to use it in some way will have an effect.
“With cloud being very much a common go-to technology for a lot of organisations of all sizes, small and medium-sized businesses now have access to that processing capability to make use of the data coming out of their IoT devices.”
Shaw acknowledged that the increased proliferation of IoT devices in businesses will pose new challenges, particularly by increasing the number of incursion points and attack vectors available to hackers.
He said that companies will need to take these devices into consideration when discussing their cybersecurity plans.
“When you think about incident response, when you think about how you respond to a breach in a particular organisation, these kinds of devices will now need to be incorporated as part of that plan, and a good understanding is required for exactly what is out there,” he added.
More IoT, more DDoS
Shaw saw the recent DDoS attacks perpetrated through IoT devices as just the tip of the iceberg, and expected these types of incidents to increase in 2017.
“We’ve already seen what these attacks are capable of, with the Mirai botnet attack on Dyn and also with Liberia losing their Internet connectivity for a period of time due to the significance and the size of the attack that was launched effectively by smart home IoT devices,” he said.
He said that mitigating these attacks will prove challenging, as there is no easy fix, and connected devices do not yet receive the same security scrutiny or protection as PCs or other traditional IT infrastructure.
“If you think about a connected security camera, for example, it has a typical shelf life of about five to ten years, and as the owner of that camera, do I plug in a cable to update the firmware, how do I change the default credentials, and do I have to worry about the vendor leaving its own credentials or backdoor into the device?”
He said that having different devices from different vendors, each with their own methods of security (or non-security), could prove too difficult for an average consumer to manage, or worse, not be managed at all, leaving such devices open to exploit.