Upload
surfwatch-labs
View
109
Download
0
Embed Size (px)
Citation preview
Today’s Speakers
Adam MeyerChief Security StrategistSurfWatch Labs
2
Kristi HortonChief Security StrategistGate 15 & Real Estate ISAC
Understanding the IoT Security Challenge
3
• Network-enabled or "smart" IOT devices are commonplace
• The potential of having numerous devices per building potentially translates into the largest digital footprint that is NOT under proper security management
Classes of IoT DevicesOperational Technology• Home and Building Automation: Remote
management, smart appliances• Smart Energy: Climate control, smart meters,
smart plugs, smart light bulbs• Security and Safety: Cameras, doors, etc.• Multimedia: Smart TVs, DVRs, voice
automation (i.e. Alexa, Echo, Siri), etc.• Industrial Infrastructure
Information Technology• Mobile Devices: iPads, iPhones, Android phones
and tablets• Wearables: Activity trackers, heart rate, breathing
rate, Smart watches
4
The Age of the “Smart” Building
5
• The more IoT-enabled devices and the greater the interconnectivity between various building systems, the more detailed and sensitive the data that will be captured.
• According to IDC forecasts, 40 percent of the information in the digital universe requires some level of protection, but only half of that data is protected.
Your Expanding Digital Footprint
I.e. LED lighting, HVAC and physical security systems, will take the lead as connectivity is driven into higher-volume, lower cost devices
6
I.e. Smart meters and specific industry devices such as manufacturing field devices, process sensors for electrical generating plants and real-time location devices for healthcare
IoT Threat Examples
8
Chinese Hacking of US Chamber of Commerce includes IoT Devices - Reported in Dec 2011• Chamber of Commerce thermostat was
communicating with a computer in China• Another time, chamber employees were
surprised to see one of their printers printing in Chinese
IoT Threat Examples
9
Rise of the IoT Botnets• Proliferation of devices
• DDoS attacks
• Ease of weaponization – ala Mirai, which weaponizes vulnerable IoT devices
Distribution of Mirai Botnet in October attack
IoT Botnets Driving a Surge in Service Interruption
10
The percent of negative CyberFacts related to “service interruption” surged in the fourth quarter of 2016 due to attacks and concern around Mirai and other IoT-powered botnets.
Latest IoT Threat
11
Imeij IoT Malware Targets AVTech Devices• ELF_IMEIJ.A, aka Imeij leverages the
RFI exploit• Targets Linux-based ARM devices and
gathers info on the infected device, sends it to a remote server and launches DDoS attacks on demand
• Botnet operators can also clean the device and remove the malware
• 130,000+ AVTech devices currently exposed online
What’s Next for IoT Threats?
12
The Security Challenge Will Only Increase as More IoT Devices are Used• Many organizations don’t have a good
handle on their level of presence
- DDoS attacks will continue until they become less successful (Cybercriminals follow the path of least resistance and most money)
- Cybercriminals are always looking for new opportunities
• As-a-service attack capabilities for sale on the Dark Web right now
What You Should Do to Reduce Your Uncontrolled IoT Footprint
13
Designate Clear Ownership and Accountability• Who owns IoT devices?
- Single owner?
- Shared owner via more agile DevOps model?
• Who else should be involved in management of these devices?- IT?
- Security?
- Facilities?
What You Should Do to Reduce Your Uncontrolled IoT Footprint
14
Define and Enforce IoT Management Policies• Treat “smart” devices (i.e. smart light bulb) as
an IT asset that is networked
• Define and enforce what data needs to be kept secure and the devices that interact, use or store that data
• Segment your network to minimize impact of a breach and for resiliency purposes
- Think about the payload delivery of malware (opportunity) – path of least resistance to achieve a level of presence
- Adversaries gain access in a non-vital zone and pivot into a vital zone
What You Should Do to Reduce Your Uncontrolled IoT Footprint
15
Things You Can Do Now … So You’re Not Overwhelmed Later• Take stock of your software and devices
• Leverage security solutions that can:
- Monitor network protocols and Internet traffic for threats
- Proactively detect malware at the endpoint
• Stay current and aware of relevant cyber threats within this technology area and ensure you have visibility of risks within your digital supply chain and your business
• Incorporate IoT security risks into your incident response and legal processes
Q&A and Additional SurfWatch Labs Resources
16
SurfWatch Cyber Advisor:www.surfwatchlabs.com/cyber-advisor
SurfWatch Threat Analyst:www.surfwatchlabs.com/threat-intel
Dark Web Intelligence: www.surfwatchlabs.com/dark-web-intelligence
Personalized SurfWatch Demo:info.surfwatchlabs.com/request-demo
Strategic and Operational Threat Intelligence