Mobile and IoT threats during the holiday season
As the holiday season approaches and more and more consumers begin shopping, comparing prices, and researching gifts online, cybercriminal efforts are expected to accelerate. Retailers and others offering connectivity to their customers need to pay particular heed to their wireless access points, which can easily and quickly be exploited by malicious criminals. These threat vectors are especially concerning, not only because of the risk that a compromised access point can pose to customers, but also because they can become a gateway for exploiting your corporate network.
As cybercriminals successfully expand their attack vectors, trying to keep up by expanding your security technologies is a proven losing strategy. Too many devices and protocols can often be just as bad as not having enough security in place. And yet, organizations need to be hyper-vigilant about security or they will forfeit their ability to compete in today’s digital marketplace — especially if they become victims of the increasingly effective and ruthless cybercriminal community.
What to watch for
Fortinet’s “Threat Landscape Report Q3 2018” revealed important trends in mobile and IoT threats. Forewarned is forearmed, so these insights will help retailers be prepared for what’s ahead.
Mobile malware was on the move in Q3, with Android variants ranking in the top five of Fortinet’s Weekly Threat Briefs several times. The Agent family in the Android panel sits higher on the volume scale than any other family of malware and for any other platform. And according to the FortiGuard Labs team, that has never happened before.
There was also a decidedly IoT theme to last quarter’s report — more so than any previous quarter. The scale of attacks recorded against IoT and consumer devices is huge. More than 1 billion attacks against routers were reported. DVRs and NVRs suffered more than 10 million attacks in Q3, and exploits against IP cameras, network-attached storage, telephony and printers all numbered in the millions.
- IoT botnets rose to notoriety in September 2016 with the advent of Mirai and the 600,000 infected IoT devices under its control. Mirai’s main method of propagation was finding IoT devices and then brute forcing the target’s login credentials. Over time, this approach evolved into vulnerability exploitation of IoT devices, resulting in current IoT botnets commonly containing multiple exploits.
- The variant OMG turns infected devices into proxy servers that can be rented to individuals who want to be inconspicuous through the use of multiple proxies. IoT botnets have also begun to implant cryptojacking malware in infected IoT devices. Another risk posed by IoT botnets is the potential for infected devices to be rendered useless, including everything from laptops and medical devices to smart TVs and coffee machines.
Protection for the holidays
As devices multiply, so does the need for stronger security. The total number of company-owned mobile devices in use increased 2.5% from 2017 to 2018. This doesn’t include the expanding volume of personally owned mobile devices connected to networks as a result of the 72% of organizations that have a BYOD-friendly policy.
Because cybercriminals understand that mobile is an easy target for infiltrating a network, security leaders need to ensure they have the appropriate controls in place to protect those devices, especially at their wireless access points. This requires that wireless access points and mobile security services be fully integrated into next-generation firewalls. You can further enhance establishing visibility and controlling access to your network using a third-generation network access control system.
Those who offer omnichannel retail experiences can protect themselves from trending threats ahead of the holiday season with these additional steps:
- One in four firms reported mobile malware last quarter. Unfortunately, such devices often don’t have the level of control, visibility and protection that traditional systems receive. Effective mobile security strategies must deal with this reality through mobile application controls and malware protections built into the network to cover any device, anywhere.
- To defend against IoT botnets, organizations should pursue options such as the offsite storage of system backups, deploying redundant systems, keeping devices updated, baselining and monitoring traffic — especially between network segments, and using real-time threat intelligence.
- Several exploits targeting IoT devices topped Fortinet’s charts this past quarter. The “learn, segment and protect” approach can help quell this cybersecurity storm. It starts with learning more about devices connected to networks, how they’re configured and how they authenticate. Once complete visibility is achieved, organizations then need to dynamically segment IoT devices into secured network zones using customized policies. Segments can then be linked together across the network — especially at access points, cross-segment network traffic locations and even into multi-cloud environments — where security tools are able to monitor, inspect and secure cross-network traffic.
In addition to remaining vigilant for new threats and vulnerabilities, don’t lose sight of what’s happening within your own environment. Basic cyber hygiene is perhaps the most neglected element of security today. Continually removing unnecessary services, stamping out vulnerabilities through patch and replace strategies, and maintaining good order isn’t the most fun or interesting part of security, but it is critically important nevertheless.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.