As companies around the world look at returning to the office, they must also have eyes on their IoT devices says, Max Heinemeyer, director of threat hunting at Darktrace.
It’s not just offices our cities are becoming smarter, and our homes too. Despite this proliferation of IoT, which will only accelerate after the pandemic, cyber-attacks like the recent breach of Verkada security cameras continue to show us that too many organisations are still blind to the risk that their suppliers and IoT devices introduce to their livelihood.
The reality is these seemingly insignificant IoT devices are now entry points for vast network intrusion, and can be used to conduct espionage, create botnets, or mine cryptocurrency.
At Darktrace we are in a privileged position for AI to cyber security has enabled us to uncover some of the most weird and unthinkable attacks on these devices. In recent years, our AI has caught all kinds of shocking IoT threats, such as a compromised smart locker at a European amusement park.
In one case we caught hackers trying to infiltrate internet-connected CCTV systems to conduct corporate espionage and gain highly classified information at a major global consultancy firm. Forget the traditional goal of direct financial gain, video footage is extremely valuable in the era of deepfakes and targeted social engineering.
But why are we so consistently shown that IoT is a blindspot?
Firstly, IoT continues to have notorious security issues because most IoT is rushed to market with profitability in mind. Security is too often an afterthought in the manufacturing process. For attackers, this makes hacking these devices too easy abusing simple misconfigurations, brute forcing login credentials and generally exploiting insecurity by design.
What is more, IoT communication can be extremely complex as it is often between machines or devices. Understanding the ‘normal’ flow of IoT data is not possible for humans to pre-define.
Legacy technologies such as firewalls can only protect against ‘known’ attacks on these devices, and vulnerability scanners can detect known exploits and misconfigurations, but attackers are growing increasingly innovative and novel when it comes to launching IoT attacks. The Verkada hack serves as the latest case in point.
With IoT set to become more pervasive than ever in the post-pandemic world, it is crucial that we make it cyber safe. This will require a multi-layered approach governments need to make it harder to bring insecure IoT to the market and it must be easier for consumers to recognise when an IoT device is cyber-insecure. At the same time, organisations must adopt a zero trust policy with IoT and be empowered to stop the earliest signs of IoT compromise.
The complexity of IoT communication is such that no human security team can now manually track and secure these new digital environments. The risk is inherent and must be managed by continuous monitoring and real-time response.
That’s why we’re seeing organisations on the edge of innovation turning to artificial intelligence to not only detect but autonomously respond to emerging attacks across these dynamic environments.
One example is McLaren Racing, the Formula 1 giant, which uses AI to monitor and auto-defend data travelling from the IoT sensors on its race cars to its HQ in less than 100 milliseconds. The breadth of this complexity and speed would take around 60 security analysts to track manually. Another example is the City of Las Vegas, a prototypical smart city powered by IoT, which has deployed AI across its operations to constantly monitor its diverse digital world and respond to attacks wherever they may strike.
Based on a ‘normal’ understanding of behaviours across a digital environment, AI is crucial for detecting the unknown and never-before-seen attacks against IoT and is undoubtedly the key to uncovering the IoT blindspot that persists.
The author is Max Heinemeyer, director of threat hunting at Darktrace.