With attacks against IoT devices on the rise, threat researchers are warning businesses to make sure they know their devices and have processes in place to maintain and defend them.
In a blog post on January 25, threat intelligence firm Intel 471 stated that a wave of attacks on IoT devices in 2020 and 2021 led to the theft of sensitive information and the creation of massive botnets to launch distributed denial of attack attacks. service (DDoS). The company also saw the major Mirai and Gafgyt malware code bases being used to compromise connected devices, with Mirai variants being the most popular way to sell illicit access to target companies on underground forums.
The threat will only grow this year as attackers shift to more profit-focused motives, says Michael DeBolt, director of intelligence for Intel 471.
“As IoT devices become increasingly common, and industries increase their reliance on these devices for their uptime and operations…we expect to see the shift toward targeted ransomware and IoT botnet operators working with merchants of access to identify potential targets,” he said. he says she.
Two trends in the IoT market are converging to create a significant security problem. Manufacturers of a large number of devices are adding connected functionality for management and updates, as well as offering additional services, leading to a larger attack surface area in most organizations. However, the management of these devices has not kept pace, leaving many of them vulnerable to attack.
In the medical space, for example, 53% of connected medical devices and other IoT devices in healthcare settings have critical vulnerabilities, according to a Jan. 20 report from Cynerio. IV pumps and patient monitors are the most common connected devices in hospitals, accounting for 57% of IoT devices in the average medical environment.
According to the report, the level of vulnerability in the medical industry means that hospitals and healthcare organizations have to go beyond the visibility of their current attack surface. They must also be able to respond effectively.
“Hospitals don’t need more data, they need to be able to act decisively when attacked,” according to cynerio report. “Identifying and addressing risk vectors that are already being exploited in nature is a good first step toward implementing healthcare IoT security that will make a hospital’s connected device footprint more resilient.”
The codebase of the Mirai botnet remains a staple of online attackers, says Intel 471’s DeBolt. Mirai is most widely recognized as the malware used to compromise digital video recorders (DVRs) and Internet-connected routers in 2016 and make that attack websites and network providers. Six years later, malware developers continue to extend the functionality of Mirai’s code base, using compromised systems as a way to anonymize traffic and send floods of packets to targeted networks. Intel 471 stated in his blog post.
“The bottom line is that Mirai is still alive,” says DeBolt. “She’s not going anywhere and just keeps kicking.”
Vulnerabilities in IoT devices extend far beyond home routers and consumer products. Because many of these connected devices are based on the same operating systems, such as Wind River System’s Linux or VxWorks, a variety of medical devices, manufacturing controllers, and monitoring systems, to name a few, also routinely have vulnerabilities.
“While people hear IoT and automatically think of smart devices, think of internet-connected appliances, that’s not really where the big main threat is,” says DeBolt. “The vulnerabilities are in the software development kits, operating systems and/or firmware that power the hardware that makes all these smart devices connect to the Internet.”
Due to the sensitive nature of many of these connected devices, Intel 471 argues that IoT ransomware is likely to be the next stop for attackers. An attack on IoT controllers or monitoring devices could easily bring operations to a halt in utilities, hospitals, or within smart buildings and city infrastructure, giving any ransom demands far more weight.
Currently, the company hasn’t seen much conversation among underground actors indicating that ransomware functionality is being integrated into current code bases, but given the severity of the problem, advocates should think about it now, says DeBolt.
“We’re not seeing underground actors going entirely to IoT as a ransomware target,” he adds, “but if you’re into IoT security, you should be worried about ransomware.”