Building an IoT Immune System

Building an IoT Immune System
(Image credit: KAUST)

Billions of moving parts constantly talking to one another; a living network open to foreign invaders and viruses, all connected to a supercomputer housing a wealth of information. I’m referring to the human body, although you’d be forgiven for seeing the obvious parallels with the Internet of Things (IoT).

Luckily for us, our bodies house a millennia-old, tried-and-tested immune system to defend us against viruses, identify and destroy malicious intruders and keep us, for the most part, running smoothly. But the same can’t be said for the evolving world of IoT.

About the author

Caleb Fenton, Research and Innovation Lead, SentinelOne.

And it is evolving - rapidly. Gartner predicts that the number of IoT devices is expected to triple from seven billion to 21.5 billion, with 25% of cyber attacks targeting the IoT by the year 2025. 

While these are staggering statistics, they shouldn’t come as a shock; cybercriminals are clever, careful and considered, and as such will identify and target any obvious vulnerabilities before them. In its current state then, the IoT may as well have a target painted on its back.

The IoT blindspot

Currently, many IoT devices are a security blindspot. Cheaper devices aren’t built to withstand attackers nor protect the information they house, yet we’re increasingly owning more of them every day. As every new device joins the network, so too comes another potential vulnerability.

Take IP security cameras for example. Many organisations house these for security, sitting on their corporate network. Because it shares that network, if an employee in a separate department has their machine infected with malware, any criminal intruders will be able to scan the network for connected devices, find the camera, and suddenly have eyes in your organisation - a frightening and potentially damaging prospect.

This is just one example of the vulnerabilities, but with so many IoT devices providing audio and visual feeds, as well as access to sensitive information, it’s not difficult to imagine similar attacks. 

In fact, some of these attacks have already happened. Take the Mirai botnet, which in 2016 targeted smart home devices, in particular IP cameras and basic wireless routers. The botnet was utilised in some of the most disruptive DDoS attacks to date, including an attack on French web host OVH, and the Dyn cyber attack, which resulted in the inaccessibility of numerous high-profile websites, such as Twitter, Netflix and Airbnb. 

Similarly, in 2017, an IoT botnet dubbed ‘Persirai’ threatened to hijack over 120,000 IP cameras, with most at-risk devices found in China, Thailand, and the US. In both cases a large majority of those who owned such basic home consumer devices were unaware of their threat potential. Suddenly, the possible detrimental impact of a seemingly innocent device, such as an IP camera, became startlingly clear.

A necessary evil

Just like our immune systems, cyber security follows a certain pattern. When any new system or device enters the market, hackers always find a way to exploit them. Developers then learn and patch them up, and the cycle would continue, hardening its security each time. Just as we need colds and flus to strengthen us as we grow, hackers are a vital part of evolving and improving security measures.

For further proof, turn your eyes to today’s industrial control systems. Having lived in bubbles with no exposure to the internet and the hackers that come with it, they haven’t had chance to develop an immune system. Now that they’re becoming a part of the network, we’re seeing an onslaught of cyber attacks against them, as they rarely have developed security measures in place.

Think like the enemy

Of course, just as we wouldn’t willingly offer ourselves up to a serious disease for the betterment of our health, we still need to do all we can to deter would-be attackers - as necessary as they may ultimately be. So, what is the answer to bolstering your organisation’s IoT immune system?

Thinking like an attacker is a great place to start. By looking at your network and all its connected components - from printers to cameras and more - and identifying how you would likely attempt a breach, you will begin to see the same vulnerabilities and gaps that criminals would target.

Another route I would strongly recommend is compartmentalising your network, otherwise known as taking a Software Defined Perimeter approach to your endpoint security. Most networks, even those belonging to large organisations with impressive security tools in place, are flat. This means that if an intruder successfully breaches their network, they can see a broad slough of almost everything. With a compartmentalised network, the intruder would only have access to the devices that specific machine is authenticated to talk to, thereby limiting the potential damage outcome.

Beyond this, much better visibility into the network is required. With this type of asset management, organisations will be able to visualise their networks, see what’s happening in real time and stop attacks in their tracks. 

Ultimately security measures need to, and will, improve. We’re currently at the low point of the cycle I mentioned earlier, but with the right procedures, tools and education in place, we can give the IoT the immune system it needs to survive.

Caleb Fenton

Caleb Fenton is the Research and Innovation Lead at SentinelOne where he and his team analyze threats and research new ways to detect malware and anomalies, map networks, find vulnerabilities, and so on. He's been active in security research for over 15 years and maintains several open source malware analysis tools. His current focus of research is using machine learning and other analysis techniques to find attacks and suspicious activity in endpoint and network behavioral data.

Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock
Man using iMessage on an iPhone
Apple will finally enable encrypted RCS messages between iOS and Android, and it's about time
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats