IOT Devices Expanding Your Level of Presence (and Your

Digital Risk Footprint)

Today’s Speakers

Adam MeyerChief Security StrategistSurfWatch Labs

2

Kristi HortonChief Security StrategistGate 15 & Real Estate ISAC

Understanding the IoT Security Challenge

3

• Network-enabled or "smart" IOT devices are commonplace

• The potential of having numerous devices per building potentially translates into the largest digital footprint that is NOT under proper security management

Classes of IoT DevicesOperational Technology• Home and Building Automation: Remote

management, smart appliances• Smart Energy: Climate control, smart meters,

smart plugs, smart light bulbs• Security and Safety: Cameras, doors, etc.• Multimedia: Smart TVs, DVRs, voice

automation (i.e. Alexa, Echo, Siri), etc.• Industrial Infrastructure

Information Technology• Mobile Devices: iPads, iPhones, Android phones

and tablets• Wearables: Activity trackers, heart rate, breathing

rate, Smart watches

4

The Age of the “Smart” Building

5

• The more IoT-enabled devices and the greater the interconnectivity between various building systems, the more detailed and sensitive the data that will be captured.

• According to IDC forecasts, 40 percent of the information in the digital universe requires some level of protection, but only half of that data is protected.

Your Expanding Digital Footprint

I.e. LED lighting, HVAC and physical security systems, will take the lead as connectivity is driven into higher-volume, lower cost devices

6

I.e. Smart meters and specific industry devices such as manufacturing field devices, process sensors for electrical generating plants and real-time location devices for healthcare

Trending IoT Targets From the Last Year

7

IoT Threat Examples

8

Chinese Hacking of US Chamber of Commerce includes IoT Devices - Reported in Dec 2011• Chamber of Commerce thermostat was

communicating with a computer in China• Another time, chamber employees were

surprised to see one of their printers printing in Chinese

IoT Threat Examples

9

Rise of the IoT Botnets• Proliferation of devices

• DDoS attacks

• Ease of weaponization – ala Mirai, which weaponizes vulnerable IoT devices

Distribution of Mirai Botnet in October attack

IoT Botnets Driving a Surge in Service Interruption

10

The percent of negative CyberFacts related to “service interruption” surged in the fourth quarter of 2016 due to attacks and concern around Mirai and other IoT-powered botnets.

Latest IoT Threat

11

Imeij IoT Malware Targets AVTech Devices• ELF_IMEIJ.A, aka Imeij leverages the

RFI exploit• Targets Linux-based ARM devices and

gathers info on the infected device, sends it to a remote server and launches DDoS attacks on demand

• Botnet operators can also clean the device and remove the malware

• 130,000+ AVTech devices currently exposed online

What’s Next for IoT Threats?

12

The Security Challenge Will Only Increase as More IoT Devices are Used• Many organizations don’t have a good

handle on their level of presence

- DDoS attacks will continue until they become less successful (Cybercriminals follow the path of least resistance and most money)

- Cybercriminals are always looking for new opportunities

• As-a-service attack capabilities for sale on the Dark Web right now

What You Should Do to Reduce Your Uncontrolled IoT Footprint

13

Designate Clear Ownership and Accountability• Who owns IoT devices?

- Single owner?

- Shared owner via more agile DevOps model?

• Who else should be involved in management of these devices?- IT?

- Security?

- Facilities?

What You Should Do to Reduce Your Uncontrolled IoT Footprint

14

Define and Enforce IoT Management Policies• Treat “smart” devices (i.e. smart light bulb) as

an IT asset that is networked

• Define and enforce what data needs to be kept secure and the devices that interact, use or store that data

• Segment your network to minimize impact of a breach and for resiliency purposes

- Think about the payload delivery of malware (opportunity) – path of least resistance to achieve a level of presence

- Adversaries gain access in a non-vital zone and pivot into a vital zone

What You Should Do to Reduce Your Uncontrolled IoT Footprint

15

Things You Can Do Now … So You’re Not Overwhelmed Later• Take stock of your software and devices

• Leverage security solutions that can:

- Monitor network protocols and Internet traffic for threats

- Proactively detect malware at the endpoint

• Stay current and aware of relevant cyber threats within this technology area and ensure you have visibility of risks within your digital supply chain and your business

• Incorporate IoT security risks into your incident response and legal processes

Q&A and Additional SurfWatch Labs Resources

16

SurfWatch Cyber Advisor:www.surfwatchlabs.com/cyber-advisor

SurfWatch Threat Analyst:www.surfwatchlabs.com/threat-intel

Dark Web Intelligence: www.surfwatchlabs.com/dark-web-intelligence

Personalized SurfWatch Demo:info.surfwatchlabs.com/request-demo

Strategic and Operational Threat Intelligence