Tech | Visa | Scholarship/School | Info Place

Defending against IoT ransomware attacks in a zero-trust world

Join us in Atlanta on April 10 to explore the future of a safe workforce. We’ll explore the vision, benefits, and use cases of artificial intelligence for security teams. Request an invitation here.


IoT sensors and their connected smart devices are one of the fastest growing attack vectors in 2024, with opportunistic attackers increasingly offering tools and services on the dark web to compromise them.

Opponents become more opportunistic. They hope to profit from the rapidly growing market for IoT devices and technology. IoT Analytics predicts that the global added value of IoT technology will grow from US$280 billion in 2024 to US$721 billion in 2030.

“The potential for IoT innovation by 2024 will be revolutionary. But with opportunity comes risk. Each individual connected device provides a potential access point for malicious actors.” Keyfactor IoT Strategy and writes Ellen Boehm, senior vice president of operations. Keyfactor found in its first global IoT security report, Digital Trust in a Connected World: Exploring the State of IoT Security, that 93% of organizations face challenges protecting their IoT and connected products.

IoT sensors are magnets for cyberattacks

Last year, IoT and OT malware attacks increased by 400%. Manufacturing is the top target industry, accounting for 54.5% of all attacks, with an average of 6,000 attacks per week across all monitored devices. The Mirai and Gafgyt botnets dominated all activity, accounting for 66% of the attack load. Mirai and Gafgyt infections can use IoT devices to launch distributed denial-of-service (DDoS) attacks, causing billions of dollars in economic losses.

VB event

Artificial Intelligence Impact Tour – Atlanta

Continuing our tour, we will head to Atlanta for the AI ​​Impact Tour stop on April 10th. This exclusive, invitation-only event in partnership with Microsoft will discuss how generative AI is transforming the security workforce. Space is limited, please request an invitation now.

request an invitation

Attacks against IoT and ICS networks have become so common that the Cybersecurity and Infrastructure Security Agency (CISA) frequently issues cybersecurity advisories. The most recent involved four, three of them from Rockwell Automation.

“We are connecting all these IoT devices, and all of these connections create vulnerabilities and risks. I think for OT cybersecurity, I think the risk value and overall risk is probably higher than IT cybersecurity. When you think about what we are protecting When it comes to infrastructure and asset types, you find that the risk is quite high.” Kevin Dehoff, president and CEO of Honeywell Connected Enterprise, said in an interview with VentureBeat last year. Dehoff emphasized the need for customers to better understand risks and vulnerabilities.

Selling IoT ransomware Tradecraft is a booming underground business

The service of orchestrated DDoS attacks through IoT botnets is the best-selling service on the dark web. In the first half of last year alone, analysts discovered more than 700 DDoS attack service advertisements on various dark web forums. Costs depend on victim CAPTCHA, DDoS protection and JavaScript verification, starting at $20 per day and going up to $10,000 per month. According to ads promoting DDoS services on the dark web, the average price is $63.50 per day and $1,350 per month.

Attackers often create, sell, and use ransomware to attack IoT devices. Of the many that exist, the following eight are the most famous. DeadBolt exploits CVE-2022-27593 to encrypt user files and demand ransom for the decryption key, targeting QNAP NAS devices. WannaCry variants target IoT devices and exploit vulnerabilities in the Microsoft SMB protocol. Others include Mirai, Linux.Encoder.1, Gafgyt, Reaper, Hajime, BrickerBot and BASHLITE.

According to the Wall Street Journal, ransomware attacks against manufacturers, utilities and other industrial companies increased by 50% last year. Dragos CEO Rob Lee said that among industrial companies, manufacturers are the most targeted. “It’s not that they are OT experts; it’s that they are OT experts. It’s just that they know they are impacting the revenue-generating part of these companies,” Lee said, “so these companies are willing to pay, and pay faster. “

Prevent IoT Ransomware Attacks with Zero Trust

The challenges of securing IoT sensors and the ICS platforms they support highlight the many benefits of zero trust in hardening these systems against cyberattacks. Here is a brief introduction to the core attributes of Zero Trust that can protect IoT devices:

Monitor and scan all network traffic. Every security and information event management (SIEM) and cloud security posture management (CSPM) vendor is committed to detecting breach attempts in real time. A surge in innovation in the SIEM and CPSM space makes it easier for companies to analyze their networks and detect insecure settings or risk of breaches. Popular SIEM providers include Cisco (Splunk), CrowdStrike Falcon, Fortinet, LogPoint, LogRhythm, ManageEngine, QRadar, and Trellix.

Enforce least privilege access to each endpoint and IoT device, then audit and cleanse (Identity Access Management) and Privileged Access Management (PAM) roles. Most breaches occur because attackers use various techniques to obtain privileged access credentials so that they can infiltrate networks and install ransomware payloads. Auditing and enforcing least privilege access to endpoints and IP-addressable IoT devices is the first step. It is also critical to clean up IAM and PAM privileged access credentials and remove any credentials that have been active by the contractor for years.

Get back to the basics of security hygiene by adopting multi-factor authentication (MFA) in your IT infrastructure. CISOs told VentureBeat that MFA was a quick win. MFA metrics are relatively easy to obtain, and CISOs told VentureBeat they use them to demonstrate their progress toward a zero-trust strategy to their boards. MFA is key to protecting IoT infrastructure because many IoT devices and sensors are pre-configured without preset authentication and factory passwords.

Apply micro-segmentation to endpoints, especially IoT sensors, including those with programmable logic controllers (PLCs). 60% of enterprises know less than 75% of the endpoint devices on their network. Only 58% of enterprises are able to identify all compromised or vulnerable assets on their network within 24 hours of an attack or exploit. 86% of manufacturers have little to no understanding of their OCS. Micro-segmentation is designed to isolate and isolate specific network segments to reduce the number of attack surfaces and limit lateral movement. It is one of the core elements of zero trust as defined by the NIST SP 800-27 Zero Trust Framework. Leading vendors include Akamai, Aqua Security, Cisco, CrowdStrike, ColorTokens, Illumio, Palo Alto Networks, TrueFort, vArmour, VMware and Zscaler.

Deploy risk-based conditional access across all endpoints and assets. Risk-based access needs to be enabled in least-privileged access sessions to applications, endpoints, or systems based on device type, device settings, location, and observed anomalous behavior, among other relevant attributes. Leading cybersecurity vendors have been using machine learning (ML) algorithms for years to calculate and recommend actions based on risk scores. Leading vendors with deep expertise in ML to enable this include Broadcom, CrowdStrike, CyberArk, Cybereason, Delinea, SentinelOne, Microsoft, McAfee, Sophos and VMWare Carbon Black.

Get patch management back on track and consider automating it using artificial intelligence and machine learning. Vulnerabilities are likely to occur with a non-data-driven approach to patch management. Attackers are weaponizing years-old CVEs, while security teams wait until a breach occurs before prioritizing patch management. Patching is considered a task that every IT team puts off. 71% of IT and security teams say it is too complex, cumbersome and time-consuming. AI-driven patch management shows potential to overcome these challenges.

#Defending #IoT #ransomware #attacks #zerotrust #world

Leave a Reply

Your email address will not be published. Required fields are marked *

Index