TECH TALK


COVID19 SPURS CYBER ATTACKS ON IOT DEVICES


BY JOHN PAWLICKI | OPM RESEARCH


WITH A SUBSTANTIAL INCREASE IN THE NUMBER OF PEOPLE WORKING FROM HOME DUE TO THE GLOBAL PANDEMIC AND ACCESSING THE INTERNET VIA THEIR HOME NETWORKS, CYBERSECURITY ISSUES ARE INCREASING. CYBERCRIMINALS ARE NOT ONLY INVADING PEOPLE’S PERSONAL COMPUTERS BUT CAN PENETRATE BUSINESSES WHEN EMPLOYEES ACCESS THEIR NETWORKS REMOTELY — USUALLY DUE TO MORE LAX SECURITY OF THESE HOME NETWORKS. THIS INCLUDES NOT ONLY SERVERS, DATABASES AND COMPUTERS, BUT ALSO SMART DEVICES (ALSO REFERRED TO AS BEING THE INTERNET OF THINGS — IOT).


These smart devices in homes (such as doorbell cameras, thermostats, baby/pet monitoring cameras, lights, etc.) and in business settings (such as security cameras, lighting systems, security mechanisms such as badge swiping and keypads, inventory and stock control mechanisms (RFID and barcode scanners), connected tracking devices used to track shipping, and many other connected devices) may be a higher risk to such attacks. Recent research from a security


firm named Palo Alto Networks indicates that ~57% of IoT devices are vulnerable to medium- or high- severity attacks. In their study, they assessed the current state of the IoT threat landscape by examining security incidents throughout 2018 and 2019 with one of their products. This study covered 1.2 million IoT


22 DOMmagazine.com | july 2020


devices in thousands of physical locations across enterprise IT and healthcare organizations in the United States. They reported that the general security posture of IoT devices overall seems to be declining, which means that organizations are susceptible to IoT-targeted malware and other attacks. One of the key findings was that ~98 percent of all IoT device traffic is not encrypted, thereby exposing confidential information on associated networks to attacks.


Another security firm, F-Secure,


published a report entitled “Attack Landscape H1 2019” that provides the results of their use of honeypots (basically security traps set up to either ensnare or monitor attackers) on their global network. They report that the sheer number of attack events


from January through June 2019 was twelve times greater when compared with the same period in 2018, due principally by IoT-related traffic. The Telnet protocol, which is still used in various legacy industrial and scientific devices as well as in many IoT devices, had the largest share of attack traffic, 760 million events (compared to 611 million events previously). This was followed by other communication protocols, all of which showed an increase in attacks.


WHY ARE THESE ATTACKS


INCREASING? Quite simply, smart devices are easy targets, as are most home networks. For example, in the Palo Alto report noted earlier, they revealed that 83% of medical imaging devices are running on unsupported operating


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52