IoT devices can undermine your security. Here are four ways to boost your defences

engineers-looking-at-computer-systems-in-a-factory

Image: Getty/Morsa Images

Connected Internet of Things (IoT) devices such as printers, cameras and routers are leaving networks vulnerable to cyberattacks because they’re not being properly secured. 

And it isn’t just home and office networks that are being left open to exploitation by malicious hackers targeting the Internet of Things  – critical infrastructure is also vulnerable too because IoT security isn’t being managed correctly, potentially leaving industrial control systems exposed, Microsoft has warned

In monitoring threats against critical infrastructure and utilities, Microsoft said its researchers investigated water utility providers in the UK with exposed IoT devices within their networks. 

Also: Critical infrastructure is under attack from hackers. Securing it needs to be a priority – before it’s too late

Using what it described as “open-source intelligence” and Microsoft Defender Threat Intelligence data, the team searched for exposed IoT devices integrated into the networks of water utility providers and found that such facilities were using Draytek Vigor routers, which are intended for home use. It also spotted exposed Wi-Fi devices and cameras.

Microsoft said its researchers have elsewhere observed attackers using a known remote code execution vulnerability in Draytek Vigor devices (CVE-2020-8515) to deploy the Mirai botnet.

Also: The scary future of the internet: How the tech of tomorrow will pose even bigger cybersecurity threats

“Once attackers establish device access, remote code execution vulnerabilities such as CVE-2020-8515 can then allow attackers to run malicious commands on devices, move laterally within the network, and access other vulnerable devices that were not directly exposed to the internet such as SCADA systems,” Microsoft warned.

While a patch has been available to protect Draytek routers against the vulnerability for over two years, the nature of IoT devices means that network administrators can forget to apply updates – or might be unaware that updates need to be applied at all. 

To help ensure Internet of Things devices, and the networks they’re connected to, are as secure and protected against cyberattacks as possible, Microsoft recommends four actions:

  1. Adopt a comprehensive IoT and OT security solution  By using an IoT-specific cybersecurity solution that provides visibility and monitoring of all IoT and operational technology (OT) devices, along with threat detection and response that enables vulnerabilities to be detected and mitigated, networks can be protected against attacks. 
  2. Enable vulnerability assessments  You can’t secure IoT devices if you don’t know they’re there. Regular vulnerability assessments can help to find unpatched vulnerabilities in IoT devices, so that the updates can be applied to prevent attackers from being able to exploit known issues. 
  3. Reduce the attack surface  IoT devices that have no need to face the open internet shouldn’t be exposed to it – eliminating unnecessary connections to IoT products reduces the number of entry points attackers can exploit. Network segmentation should also be applied, so in the event of an IoT device being breached, it’s not possible to move from there to industrial control systems or other critical systems. 
  4. Increase network security  Enforcing additional security measures, such as enforcing multi-factor authentication, helps to prevent attackers from being able to access systems, even if they have the correct username and password. 

“Given the severity of these attacks and their potential impact on the utility providers’ operations and even the safety of their customers, it becomes crucial to recognize the importance of proper security practices around IoT and OT unmanaged devices to ensure that such attacks do not happen,” said the Microsoft Defender for IoT research team. 

MORE ON CYBERSECURITY

Editorial standards

Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here

Related Posts
China sticks national security probe into America's Micron thumbnail

China sticks national security probe into America’s Micron

The Chinese government has opened an investigation into US memory vendor Micron citing national security risks. The investigation, announced in a brief statement by Cyberspace Administration of China (CAC), offers little in terms of detail. Translated from Chinese, the agency cites potential “security risks caused by hidden product problems,” in chips sold by Micron in
Read More
How Quantum Physicists ‘Flipped Time’ (and Didn’t) thumbnail

How Quantum Physicists ‘Flipped Time’ (and Didn’t)

Physicists have coaxed particles of light into undergoing opposite transformations simultaneously, like a human turning into a werewolf as the werewolf turns into a human. In carefully engineered circuits, the photons act as if time were flowing in a quantum combination of forward and backward.“For the first time ever, we kind of have a time-traveling
Read More
And the 2022 Oscar Winners Are... thumbnail

And the 2022 Oscar Winners Are…

Lots of these guys were given out Sunday night.Photo: DEAN TREML/AFP via Getty Images) (Getty Images)After a very long, very weird lead up which included fan votes, important categories cut and so much more, it’s no surprise that the 94th Annual Academy Awards celebrating them were equally weird with a few examples being an alt…
Read More
Index Of News
Total
0
Share