The state of IoT security
Year after year, the continued emergence of IoT vulnerabilities coming to light has rightly caused concern for IT security administrators responsible for monitoring networks for businesses and the public.
This concern is reflected by Cisco's September 25th release of numerous patches for its IOS and IOS XE operating systems, commonly found in enterprise-grade routers and switches. The release was part of a package of 28 security advisories concerning various IOS family bugs – 13 of which were rated as having high severity.
Around the same time, the Independent Security Evaluators (ISE) group released the results of their SOHOpelessly Broken 2.0 research project, which critically examined the security of 13 home and enterprise routers and NAS devices selected from reputable manufacturers. ISE collected an enormous number of CVEs, 125 in fact, from their research due to discovered vulnerabilities such as buffer overflow, command injection, cross-site request forgery, and SQL injection. Twelve of the devices were able to be compromised with root-level access.
On top of the vulnerability problem, routers have also been challenged in their role as the conduits of traffic throughout network infrastructures. The challenge has been to balance reliability with security. In 2019, the MANRS (Mutually Agreed Norms for Routing Security) group identified approximately 7500 internet routing incidents caused by problems such as bogons, routing mis-originations and routing leaks.
Targeted attacks on IoT devices
Realizing the potential for monetary gains via unsecured IoT devices, threat actors have been quick to mobilize. Since 2016 when the source code for the Mirai botnet was released to the public, numerous Mirai variants have inundated the Internet probing for poorly configured IoT devices to enslave. The success of Mirai and its variants has been in large part due to the simple failure of changing the default username and password shipped with these devices.
Another current danger that is threatening IoT is Magecart 5 (MG5). MG5 is a threat group notorious for online credit card skimming. Recently, MG5 has been seen targeting commercial-grade routers – those typically found in airports, hotels, and public transportation – as a means of targeting the vast numbers of the wider public who connect to free Wi-Fi on the go. Security researchers suppose that MG5 is utilizing Javascript injection to infect routers. This would allow the attackers to redirect webpage visits and insert malicious ads aimed at stealing the credit card data of users of these compromised networks.
Recommendations for securing corporate networks
The number of devices managed by a business can be enormous, ranging from endpoint devices to servers, a production line with a proprietary operating system, as well as smart devices and routers.
Detecting botnet activity, exploits, or router infections that are active in a network demands a higher grade of tools and expertise to prevent, detect, and respond.
The first step for large companies to secure their network is to ensure that all endpoints are protected with a robust security solution, no matter the platform – whether that’s Windows, Mac, Linux, Android, or iOS. ESET’s Endpoint Security is packaged with technology such as Ransomware Shield, Exploit Blocker, Network Attack Protection, and Botnet Protection – all crucial components for your endpoint defenses.
A next step would be to leverage enterprise solutions like ESET Dynamic Threat Defense, which adds an enterprise-grade machine learning and scanning engine layer on the network level that can process potentially malicious samples in a cloud-based sandbox and detect never-before-seen threats. This prevents endpoints from ever needing to encounter a malicious sample by blocking it preemptively before it enters a network.
If malware should worm its way past network defenses, that’s when IT administrators need the ability to get deeper insight into the mechanisms and pathways of that threat. It is not unusual for malware to lie dormant in a network to avoid detection and move ever so slowly without raising suspicions. Leveraging an endpoint detection and response (EDR) tool like ESET Enterprise Inspector (EEI) enables the admin to monitor all data in the corporate network collected by ESET Endpoint Security to better investigate such advanced targeted threats.
ESET Enterprise Inspector is part of a special corporate protection package called ESET Targeted Attack Protection, which is designed to protect organizations from targeted attacks and persistent threats.
Take a look at ESET’s Targeted Attack Protection enterprise package for more details.