Here are a few innovative solutions to help stem the tide of threats to IoT devices.
Cybersecurity is a challenge across all echelons of the global economy and deciding how to approach the growing capabilities of hackers is a feat that companies are ardently trying to tackle with major investments in products, solutions, and services. Most have been focused on software security and until recently hardware connected devices were not a priority focus.
Threat actors, including state-sponsored, and criminal enterprises are becoming more sophisticated by searching for vulnerabilities to exploit machine learning, and artificial intelligence tools. And they are targeting both software and hardware gaps.
A big target for hackers is the Internet of Things (IoT). The Internet of Things (IoT) broadly refers to devices and equipment that are readable, recognizable, locatable, addressable, and/or controllable via the internet. By 2025, it is expected that there will be more than 30 billion IoT connections, almost 4 IoT devices per person on average and that also amounts to trillions of sensors connecting and interacting on these devices. According to the McKinsey Global Institute, 127 new devices connect to the internet every second. What’s new with the Internet of Things? | McKinsey
Unfortunately, many of these devices are not manufactured in the West, lack standards, and users often rely on the weak security of default settings. They make an enticing collection of targets for criminal hackers. Digital connectivity of our phones, computers and other devices allows for greater convenience, but also greater risk– every point of connection to a system is a potential portal of attack.
To address the issues of cyber-securing everything we may be connected to, companies are developing innovative approaches to cybersecurity. Their solutions combine physical and software security to lock and enhance the safety of every point of connection within an organization’s technology.
As many of the government agencies and corporations which experienced breaches can attest, endpoint methods like firewalls, containers, virtualization, and antivirus software cannot fully assure protection against malware. There are hardware components to protect too.
Protecting Hardware Components of the Network
One specific area of concern is USB devices. Recently, the FBI warned that cybercriminals have been mailing out USB drives that are unknowingly used by their target victims that spread ransomware and launch cyber-attacks. It is much like a social engineering attack but not online. The infected USB drives are sent via the US Postal Service and UPS, impersonating the Department of Health and Human Services in some cases, and Amazon in others. According to the FBI, some packages are designed to resemble Amazon gifts—containing a fake thank you letter, counterfeit gift card, and a USB—and in other cases, the USB drive is accompanied by letters referencing COVID-19 guidelines. FBI: Cyber criminals are mailing out USB drives that install ransomware – Cyber Security Review (cybersecurity-review.com)
In addition to USB drives, cybercriminals often hack into HDMI ports. HDMI ports are everywhere, and many configurations are vulnerable. A hack can be exponential in impact. Via a single HDMI connection malware can be spread to every device connected through HDMI ports.
According to FIU Professor Selcuk Uluagac, director of the College of Engineering and Computing’s Cyber-Physical Systems Security Lab (CSL) A. Selcuk Uluagac – People – ECE – Florida International University – FIU) has noted that if a hacker can access an unsecured HDMI-device, they could inject malicious commands to make the device do things it’s not supposed to do. They could bombard the device with repeated code and shut it down, turn it on and off, and more. With this, there are dangers for individuals and businesses.
The growing reality is that hackers are seeking out unsecured ports and systems on companies and especially industrial systems connected to the Internet. But there are several immediate potential remedies to those threats.
Finding hidden Devices In the Network
Another company, Sepio (sepiocyber.com) has specialized in asset visibility by finding devices that companies and organizations may not be aware of that exist in their networks. Sepio’s hardware fingerprinting technology discovers all managed, unmanaged, and hidden devices that are otherwise invisible to all other security tools. Sepio HAC-1 is a hardware access control platform that provides visibility, control, and mitigation to zero trust, insider threat, BYOD, IT, OT and IoT security programs. Their platform is further augmented by a threat intelligence database, ensuring a lower risk to hardware infrastructure.