#NCSAM: Organizations at Higher Risk of Cyber-Attacks Due to IoT Expansion

Organizations are at much higher risk of cyber-attack due to the expansion of IoT devices in their networks over the past year, according to new research by Palo Alto Networks' threat intelligence arm, Unit 42.

The analysis, which looked at the multi-layer threats and weakness impacting current IoT supply chain ecosystems, has been published during National Cybersecurity Awareness Month, which is this year focusing on the role individual users can play in enhancing the security of IoT devices.

The researchers firstly highlighted a recent survey showing that 89% of organizations had seen an increase in the number of IoT devices on their network over the last year, significantly expanding the attack surface area.

They highlighted that supply chain attacks in IoT can both come in two forms: from software installed in a certain device that has been compromised to hide malware, and from a piece of hardware implanted or modified to change a device’s behavior. They added that supply chain vulnerabilities, in which third-party software with vulnerabilities is installed or is part of certain components, such as an app or firmware, should also be considered.

A common malpractice was the incorporation of third-party and hardware components without listing the components that had been added to the device, according to the research. This makes it difficult to know how many products from the same vendor are affected when a vulnerability is discovered on one of these components.

In addition, the authors said that it is hard for users to be aware of which components are operating inside any IoT device, each of which have their own intrinsic security properties that are dependent on other components with their own security properties. This means an entire device can be compromised if just one of these components are vulnerable.

They also noted that users managing networks with IoT devices often do not keep inventories of how many are connected to a corporate network. This makes the tracking of potentially vulnerable devices difficult and increases the chances of a cyber-attack being successful.

Co-authors Anna Chung, principal researcher and Asher Davila, senior security researcher at Palo Alto Networks, advised: “It is critical to maintain a list of devices connected to the network in order to identify devices, and the vendors or manufacturers of those devices, which make use of a vulnerable component so the administrator can patch them, monitor them or disconnect them if needed.”

They added: “Having complete visibility of the devices connected to the network and getting notified when a device is generating anomalous traffic is critical to defending your infrastructure.”

What’s Hot on Infosecurity Magazine?