By Jon Taylor
Director and Principal of Security, Versa Networks
January 5, 2023
Most people have heard of the Internet of things (IoT), but it is surprising that many people do not really understand what it is or how it fits into our everyday life. As a result, IoT security is one of the most overlooked use cases in environments today even as IoT is quickly becoming one of the largest growing segments in IT.
Let’s break down what IoT really is with an example of how it can used for malicious intent, and how Versa Networks can help to implement various best practices to safeguard you from the growing threat of IoT incidents.
So, what is IoT? IoT is providing network connectivity to any device that doesn’t have a sophisticated and usable operating system like Windows or MacOS (basically just having an on/off switch) Examples include a programable logic controller (PLC) controlling the Heating, Ventilation and Air-conditioning (HVAC) system in a building; Amazon’s Echo devices; a Point of Sale (PoS) terminal; cameras; robotic arms in a manufacturing plant; MRI machines; dialysis machines, and more. Most of the time these devices run a very limited operating system (normally something that is Linux based) and are designed and programmed to perform a singular task. So, what makes these devices so dangerous if they are only performing one task? For starters, because of how these systems are designed, normally an administrator can’t apply traditional protections to the IoT device such as Anti-Virus/Anti Malware, software firewalls, etc. They also can’t enable traditional Role Based Access Control (RBAC) permissions as the device is not recognized or managed by any Identity and Access Management (IAM) software deployed. And lastly, the device can’t be updated regularly as the system is so highly modified that updates could cause either the system to not perform as designed or perhaps the physical hardware does not have enough memory to support an upgraded system; or the software running on the system can’t support updated code.
The fundamental challenge here is that enterprise security policy cannot be easily and uniformly applied and so ultimately, the consumer of the service that this device provides is 100% reliant on the organization that developed the device software to keep it secure. This increased risk and potential liability might not be acceptable to the organization.
One of the most well-known examples of an IoT based attack was launched in October of 2016. This attack was known as the Mirai Botnet attack was and still is one of the largest DDOS (Distributed Denial of Service) attacks to ever take place. This attack used the Mirai malware source code and was turned into a botnet to with a specific set of tasks that included infecting other vulnerable IoT devices. Once the device was infected, the code altered the parameters of the device so that it would replicate itself by automatically searching both the private network as well as the internet for other devices discoverable devices that it could replicate itself to. When the device found a vulnerable device, the malware used a default username and password to login into that device, replicated itself by using built in installer, and then repeated the process over again. What made it worse was that the IoT devices that were becoming infected were of all types of makes and models. This meant that the botnet was not vendor specific, but the source code that was used to originally program the IoT device was an open-source base image that multiple different companies used as a template for their custom application. Another task that the botnet was programmed to do was to launch a DDOS attack against the DNS service DynDNS from the multiple different IoT devices that had been infected across the different organizations globally due to little no IoT security being employed within their IT infrastructure. This DDoS attack had a dramatic effect as it not only hindered DynDNS’ services but it also had a major impact on some of their larger customers Twitter, CNN, Reddit, and Netflix due to the collateral damage it caused.
Now from a risk and legal perspective, who is the responsible party for the DDOS attack? Most people would assume that it would be the maker of the botnet, and they would not be wrong. But in all reality the blame could be placed on the individual organizations with the infected IoT devices that launched the DDOS attack due to those devices not having proper security controls in place to prevent such an incident from occurring.
As most IoT based incidents originate from the device connected to the internet, Versa Networks is uniquely positioned to be able to help organizations implement multiple controls and best practices to secure IoT devices. Some of those controls start with the Versa Networks Secure SD-WAN solution where we offer the ability to apply granular security policies to limit not just the device but the app running on the device from being able to communicate across the SD-WAN fabric.
The power of Versa is our ability to integrate networking and security into a single operating system. Therefore, when you deploy the integrated capability of our full Secure Access Service Edge) solution, another level of security is introduced. Versa can see and decrypt the malicious internet bound traffic if necessary and block it within our cloud fabric using advanced security features such as NGFW, IPS/IDS, and URL Filtering. Our customers who implement the full Versa SASE platform take advantage of multiple different best practices being implemented via a single unified SASE vendor for the most complete and most granular control possible. With the Versa Networks SASE platform and using the Mirai Botnet attack as an example, Versa Networks would detect and block the replication attempts both laterally across the SD-WAN fabric at the local gateway as well as the DDOS attack that is destined to the intended target via the internet at the cloud gateway utilizing a singular uniform configuration deployed at multiple Points of Presences (POPs). In short, Versa customers would have been protected from the impact of the Mirai Botnet attack. This helps organizations to reduce risk and liability for incidents involving IoT based devices while giving them the granular controls needed to grant access to applications and resources for these devices as needed.
If you are interested in what Versa Networks can do with IoT security solutions and beyond to potentially reinforce current security controls, and/or needing to meet evolving compliance standards, please check us out. Hit the Contact Us and drop us a line. We will get you in touch with a security expert to help identify the right security architecture from Versa Networks to fit your security needs.
