Published on January 12th, 2017 | by Joel Roy
I.O.T. Phone Home
The creation of our 2016 Threat Rewind Report, which we released last month, was intended to help educate and better-prepare today’s enterprises about the most sophisticated attack techniques hiding in today’s networks and evading preventative cybersecurity defenses.
Over the past year, SS8 has conducted breach detection risk assessments on live production networks, using the SS8 BreachDetect platform, for companies in key industries including critical infrastructure, retail, and education. What we found was enlightening.
In particular, we found that 70% of company networks analyzed had compromised non-essential devices on the network. What’s a non-essential device? It’s basically an Internet of Things (IoT) device, not a company-issued laptop, desktop or server. Non-essential devices on the network include all “smart” devices with a web interface such as coffee makers, printers, cameras, TVs, etc.
Compromised Devices Not Always Where You’d Think
When SS8 ran a risk assessment of our own environment a number of months ago (yes, we drink our own Kool-Aid), we found an IoT device that was communicating out to China and Russia! When our team drilled down into the threat, it turned out to be a smoke detector in our data center that was there to alert the monitoring company in case of a fire. A simple, fixed-function device, but an Internet-connected device that was wide open to hacking and communicating to multiple places.
That’s one type of IoT device that can create a challenge. Another is the Smart TV. From another Risk Assessment we conducted at a customer site, we were able to uncover unauthorized traffic going to Facebook from inside a security operations center (SOC). This customer thought there was no way we would find anything malicious happening in their SOC, but it turned out they had one of their smart TVs — that happened to be an oversight when the SOC was built — connected to the outside world.
One Leak Can Equal Disaster
These devices are now targets for attackers who want to steal confidential data, personal identifiable information (PII) and valuable intellectual property. Hackers are figuring out ways to get compromising access to these devices through click fraud, spear phishing email attacks, or even because the device was left unprotected to begin with.
Malicious code that lands on an IoT device can beacon home to the mothership for further instruction and, in some cases, cross over to other essential devices on the corporate network, ultimately figuring out a way to exfiltrate the target information back to the malicious actor.
The days of just protecting normal servers and infrastructure are gone. IoT has created an endless sea of new devices being added to an ever-growing environment you are tasked to protect.