IOT Cybersecurity in the age of ransomware

In Latin America, the region saw the largest increase in attacks, with 1 in 23 organizations impacted on a weekly basis, an increase of 43% year-over-year, compared to 1 in 33 in the second quarter of 2021, followed by the Asia region, which experienced an increase of 33% year over year, reaching 1 in 17 companies impacted weekly.

A recent Kaspersky survey claims that only eight ransomware groups can be blamed for attacks on more than 500 companies worldwide. Not only that, but the attacks followed an identical method, showing a “standardization” of ransomware as a service. According to Kaspersky, attacks between different groups are becoming similar due to the rise of the ransomware-as-a-service (RaaS) concept, in which these groups do not carry out their attacks directly, but offer the malware to a third party. contracting their services.

The prospect of quickly bringing the situation under control looks bleak for a variety of reasons, so more attacks can be anticipated in the coming months and years.

In simple terms, ransomware is a low and slow attack that is a fast-acting poison once executed. Cybercriminals have mastered the techniques for crafting advanced malware, delivering the “poison” payload by evading the network perimeter, and endpoint detection and prevention methods. Cybercriminals know how to exploit user psychology and the lack of protective controls in information technology, Internet of Things (IoT) and industrial IoT devices.

“Inside threats (malicious/disgruntled employees) are real. Without role-based access controls, dynamic separation of duties, and multi-person authorization ceremonies for oversight, the challenges for network and security operators are complicated. Cryptography is the Achilles’ heel of cybersecurity, and malware writers know how to weaponize encryption methods,” said Srinivas Kumar, Vice President of IOT Solutions at DigiCert.

While regular and meticulous system and data backups are crucial to recovery, the damage from a ransomware attack can go far beyond a restore operation. The integrity of affected devices will require extensive and costly forensics at scale in operations technology environments. While executive orders and guidance from government agencies are timely and well-intentioned, the cybersecurity industry lacks the resolve to tackle the root cause head-on without a monetarily justified return on investment.

And the supply chain?

Detection, prevention, and forensics is a multi-billion dollar industry today, but device manufacturers still (wrongly) perceive device hardening and supply chain protection as a cost center, and there is no regulation that motivates innovation. Cyber protection must start in the factory and persist in the field throughout the device’s operational lifecycle. Cyber attacks target data, not users.

Breaches occur because CISOs are willing to take risks with outdated checklists and entry-centric controls for multi-layered defense that attackers are well-versed in. Attackers possess the will and resources to evade detection, persist, spread laterally, and take control of systems.

“If you’re really protecting your devices, what are you trying to detect on your network? If you’re wearing a raincoat, why do you need an umbrella? You cannot fix a problem on the device with a patch on the network,” added Srinivas Kumar. It’s convenient, but the wrong solution, which only makes the cyber can fade.

DigiCert reviews a few hot spots, which hackers are always on the lookout for:

• ● Cracked passwords of a gullible contractor or employee.
• ● Dark and insecure servers on the network with unprotected domain user or service accounts.
• ● Remote access via VPN through a compromised supply chain provider’s network or system.
• ● Inadequate firewall capabilities to block encrypted commands and control beacons (harmless dial messages). It is abundantly clear that zero-day threat intelligence is inadequate and achieving the goal of a zero-trust architecture, slogans notwithstanding, requires investment and commitment.

Device manufacturers and their duty

What does this mean for the cybersecurity industry? Connecting unprotected devices aggravates the problem. The cyber crime cottage industry has evolved over the years into strategic cyber warfare by nation-state actors and a cyber crime syndicate that has mastered the art of taking cyber hostages for ransoms and large profits. Software developer kits and help desks on the dark web are empowering operatives around the world, without track-and-trace or punitive actions as a deterrent. This is a call to action for device manufacturers and managed security service providers to be the first to respond and protect cyberspace.

Although digital transformation has been a buzzword for several years, CISOs and product security architects have been woefully ineffective in championing the cause of device transformation that will usher in the move to digital transformation. While silicon chipset vendors have stepped up security innovations, the chain of trust has failed to effectively expand the stack to the device platform, line-of-business applications, and supply chain ecosystem. of cyber-vulnerable services.

“Protecting the cyber fabric of software-defined edge gateways and the plurality of connected brownfield and greenfield devices will require a collaborative and enthusiastic effort with strategic partnerships between innovators and thought leaders in the device industry,” concludes the vice president of IOT solutions at DigiCert.