Recent announcements from the FBI and DHS shed light on evolving security threats from IoT devices.
There has been plenty of discussion about the Internet of Things (IoT) and related security issues. Some people think about security in terms of protecting IoT devices from attacks. But what may be a bigger problem is malicious parties using IoT devices as a proxy to attack systems and endpoints outside of IoT, essentially using the IoT devices as the traffic generation points.
The FBI issued a public service announcement concerning this very kind of IoT attack. The announcement provides examples of IoT devices that may be compromised, such as industrial sensors, meters, routers, wireless radio links, time clocks, audio/video streaming devices, IP cameras, DVRs, satellite antenna equipment, smart garage door openers, and network-attached storage devices. The risks are not only to your devices, but also to greater Internet connections that may be attacked through your IoT devices.
IoT proxy servers are attractive to attackers because they offer anonymity by transmitting all requests through the victim’s (your enterprise) IP address. The FBI points out that developed nations are very attractive targets because they allow access to a wide range of business websites. Attackers can use compromised IP addresses to facilitate their intrusion activities. This makes it difficult to distinguish between regular traffic and malicious traffic. You will have to monitor your environment for changed behaviors. The FBI recommends:
- Watch for significant changes in monthly Internet traffic that you did not expect
- If your Internet bill is based on data traffic, watch for an increased bill
- Look for those devices and endpoints that either become slow in operation or are inoperable
- Watch for unanticipated outgoing domain name service queries
- Monitor how fast your interconnect connections are operating; if they are slow, this is an indicator of malicious traffic
DHS Security Tip
Security issues and resilience risks have existed for decades. The scale of interconnectedness created by the IoT has increased these risks and created new ones. Today’s attackers can now scale by infecting large numbers of devices, allowing them access to the data on those devices and the ability to attack other computers or devices for malicious behavior.
The U.S. Department of Homeland Security (DHS) issued a Security Tip concerning IoT, with insight from the U.S. Computer Emergency Response Team (US-CERT) and the National Cybersecurity and Communications Integration Center’s (NCCIC). NCCIS’s mission is to reduce the risk of systemic cybersecurity and communications challenges in cyber defense, incident response, and operational integration center.