Building resilience against IoT vulnerabilities – Technologist

A thermostat that automatically calibrates to the perfect temperature, a wearable device that tracks employees’ health, and self-parking chairs to keep meeting rooms tidy. This is a glimpse into the future of work, where cutting-edge technology such as AI, IoT, and automation are transforming traditional offices into thriving hubs of innovation and connectivity.

However, despite their appeal, smart devices like IoT are potential vectors of attack for cybercriminals. For one, they rely on interconnected devices and networking infrastructure to operate, which can be compromised if not managed properly.

Each IoT device has its IP address and uses the Domain Name System (DNS) to exchange telemetry data with other computers, software systems and the internet. Without proper security defences, IoT devices are akin to an open door for cybercriminals to come through — not knowing who or what is connecting to your network.   

IoT loopholes in plain sight

The number of IoT devices in Southeast Asia is expected to grow more than double by 2027. Leading the way, smart cities like Singapore are expanding IoT applications beyond traditional uses like CCTV for public safety. Now, smart lamp posts monitor weather and traffic conditions, while in healthcare, devices like ECG monitors and pacemakers provide real-time diagnostics. This telemetry data is crucial for delivering critical services and insightful analytics.

However, the transformational benefits of IoT come with a caveat: most of these devices are fundamentally insecure, prioritising plug-and-play accessibility over robust security measures. Without standardised security protocols or practical means to implement traditional security controls, these devices become vulnerable to attacks.

Cybercriminals can easily exploit these weaknesses to infiltrate networks, alter DNS configurations, and redirect legitimate traffic to malicious servers or fraudulent websites, potentially causing data breaches, service disruptions, and financial losses.

IoT as a beachhead for attacks

Cybercriminals could participate in DNS amplification or reflection attacks, which could lead to a denial-of-service situation. This played out in 2016 when a Singapore-based telecommunication company was hit by two waves of cyberattacks that brought down the Internet across its entire network.

The outage was caused by bug-infested machines owned by the telecommunication’s customers. These so-called “zombie machines” would repeatedly send queries to the company’s DNS, which in turn overwhelms the system.

Cybercriminals can also launch ransomware attacks on IoT devices, encrypting data or manipulating device functions and demanding ransom for their release. A notable instance occurred with Colonial Pipeline, a major American oil pipeline system.

Hackers accessed the pipeline’s systems through vulnerable IoT devices, then used ransomware to encrypt data, demanding 75 Bitcoin (approximately US$4.4 million) for decryption. Colonial Pipeline was forced to shut down operations, resulting in significant disruptions to fuel supplies across the region.

Prepare for an ambush

As convenient as IoT technology is, some devices have traded connectivity with security — jeopardising not only their safety but also compromising the security of other applications, users, and devices they are connected to. Hackers are adapting their strategies to capitalise on such vulnerabilities in DNS; thus businesses need to rethink their approaches to safeguard against IoT threats.

Organisations can start by investing in IoT devices that prioritise security and long-term updates, such as those certified by Singapore’s Cybersecurity Labelling Scheme, which rates smart devices according to their levels of cybersecurity provisions.

This will enable consumers to identify products with better cybersecurity provisions and make more informed purchase decisions. Furthermore, when purchasing IoT devices, do so only with trusted retailers that guarantee regulatory compliance and warranty support.

Naturally, a robust DNS detection and response system with real-time visibility and control over who and what connects to your network must be the focal point for any organisation. This is essential to protect the network against attacks that leverage IoT devices as a conduit for infiltrating the network and helping companies build resilient networks.

Protection from stray arrows

There are two sides to any technology. While it can revolutionise how we live and work, it can also serve as a potential attack vector. In the workplace, such vulnerabilities could lead to significant financial losses and erosion of trust.

IT and network teams need to work together to maintain constant vigilance and minimise the odds of such attacks. They can do so by sharing real-time visibility, user context, and DNS data, to ensure unparalleled visibility across devices that are connected to the network and the type of content that is being exchanged. This allows teams to see and stop critical threats earlier.

As our workflows and offices become smarter, so too must our approach to security. Instead of exposing these smart devices to stray arrows, expand and prioritise visibility into your network, which will protect your Achilles’ Heel.