Cybersecurity for Connected Products: Part 1
Understanding the Threat Landscape
30 April 2021
Proactive cybersecurity measures are a must during the development of connected and IoT products –from design through manufacture to release and updates after products are introduced. Testing and certification can help minimize risks, ensure successful and timely product launches and be a valuable marketing tool.
The first step to protecting products and devices is understanding cyber threats, which can be executed through various points of entry. These threats are increasingly more sophisticated and complex, so it is important to know them to plan accordingly.
Malware
A frequently encountered threat, malware (short for "malicious software") includes executable code, scripts, active content, and other software designed to damage a computer, server, or network. Malware's primary targets are vulnerable software products, devices that have not been secured, and users who inadvertently install the programs. There have been several malware attacks that have targeted specific IoT products and vulnerabilities, causing malicious code to be executed on the devices themselves.
There are several subsets or types of malware which more commonly affect IoT products:
- Botnets: A botnet is a network of devices that have been compromised with malware. Botnets are remotely controlled by an attacker and can be used to target a victim in order to conduct attacks such as distributed denial of service (DDoS). Additionally, botnets can be used to steal data, send spam, or allow attackers to access other devices and/or connections on internal networks.
- Ransomware: Ransomware can hold data, systems, or devices "hostage" unless a ransom is paid. Incidents of ransomware are on the rise, with critical industries like healthcare and infrastructure being especially vulnerable. In extreme cases, ransomware attacks on critical systems could even result in injury or death.
- Worms/Viruses: A worm or virus is malicious software that replicates itself. The replication does not necessarily rely on any human interaction and is typically spread using the network. The impact of a worm or virus can vary from mild inconvenience to significant damage, including system failure, data corruption, wasted virtual resources, increased costs, or data/information theft.
- Spyware: Spyware infiltrates devices to steal data and other sensitive information, sending it back to some other entity. Spyware is one of the most common threats on the internet with individuals, businesses, and organizations vulnerable to attack. In May of 2018, the US Justice Department warned Americans to reboot their routers due to the presence of Russian malware on hundreds of thousands of devices, capable of exfiltrating user information or activate the routers as part of a botnet attack.
Attacks
Cybersecurity attacks are malicious activities targeting systems or users. Attackers often automate the scanning and detection of vulnerable systems to gain access to resources, information, and data. Attacks may come from other systems already infected with malware, individuals or from organized groups.
In some cases, an attacker may scan across a wide range of systems in search of a particular type of vulnerability. In other cases, attacks may target specific systems, organizations, individuals, regions, or industries; trying to uncover any weaknesses that would expose the target's sensitive information or services.
In addition to malware, there are several types of attacks that IoT devices and services should defend against:
- Denial of Services (DoS): A specific attack where the perpetrator seeks to make a device or network unavailable by disrupting services of a connected host. This type of attack is becoming more popular, growing in frequency, size, and duration, with numerous high-profile incidents in the past few years. While a DoS attack against a particular IoT device could disrupt service for an individual, targeting IoT cloud services could knock our service for large groups of users.
- Web-based Attacks: As implied by its name, these incidents are committed via exploiting security holes discovered in websites, applications, and application programming interfaces (APIs). By exploiting vulnerabilities or weak security in network services or IoT ecosystems, applications and APIs can be misused by attackers to gain unauthorized access to sensitive information and services.
- Phishing: While not as common in IoT, phishing accounts for nearly 90 percent of social attacks; phishing is fraudulent outreach designed to trick targets into sharing sensitive information via electronic communication or social media. Phishing attacks can be used to harvest credentials used to access IoT devices and services.
Understanding the risks present in the connected world is an important step, but it is only the first. Assessing products, continued monitoring, and designing with these risks in mind are also important. In our next blog post in this series, we will explore the assessments options available to help ensure cybersecurity in connected products.
Wayne Stewart,
Vice President of Cybersecurity
During more than 17 years with Intertek-EWA Canada, Wayne has become an expert in many areas of the cyber security domain, including intrusion detection, cryptography, vulnerability assessment, penetration testing, static code analysis, payment technologies, and product reviews. Wayne now manages a team of 60+ security specialists and penetration testers focused on securing network infrastructure, mobile and web applications, and connected products.