adimas - Fotolia


Tackle the growing number of IoT ransomware threats

IoT devices give hackers more doorways into networks, and organizations must take steps -- such as backing up data -- to secure them before hackers come knocking with ransomware.

As more organizations rely on the data collection and freedom of IoT devices, the technology entices more ransomware attacks on corporate networks.

With the variety of manufacturers and apps created for each IoT device, hackers can enter a network and wreak havoc in multiple ways. Ransomware attacks have increased 20% worldwide in the first half of the year and 105% in the U.S., according to SonicWall's latest cyberthreat report.

Some of the growth can be attributed to the increase in remote workers and the number of unsecured devices connecting to corporate networks, but it's also a sign of things to come.

If organizations decide to enjoy the advantages of IoT devices, they must protect the hardware and networks against increasingly sophisticated ransomware attacks.

Why IoT is a security risk

Every connected device is a potential doorway for hackers to install IoT ransomware and demand payment. Hackers use malware to infect IoT devices and turn them into botnets, which hackers can use to probe and explore onboarding processes to find the best way to gain network access.

Other hackers search for valid credentials present in IoT device firmware that isn't disabled, removed or updated. Attackers then use the infected device as the entry point into the corporate network. This was the case when hackers breached a Las Vegas casino through a smart thermostat in one of its large aquariums.

The hackers entered the network through the thermostat, gained access to their high roller database and moved the data back into the cloud. Attackers can also turn IoT devices into a bot and infect other connected devices.

Stages of ransomware attacks

As organizations continue to adopt connected devices globally, they create more weak spots in corporate cybersecurity. An organization's security perimeter may be inadequate to protect all of the devices, and IT professionals struggle to keep pace.

Hackers gain access through IoT

Hackers typically gain access to corporate networks through IoT devices left open to the internet. They scan corporate networks remotely to find devices, scan networks for known vulnerabilities -- in particular, devices or software run by the devices -- or use malware to attack particular institutions like hospitals, research facilities and logistics organizations.

Hackers use IoT devices to gain access to corporate networks because they do not typically store data. Access through a trusted device means they're able to remain inside the network longer, giving them more time to circumvent even the most refined detection tools. Hackers might use fileless malware that operates in device or software memory.

Criminals increasingly use nonstandard ports to gain access to IoT devices. The ports are not typically covered by proxy-based firewalls and can get IoT devices online. Many IT professionals don't have the time, resources or expertise to secure IoT devices adequately. With the rate at which organizations produce devices, IT professionals can't catch up.

IoT devices continue to be an easy entryway into networks until organizations retire legacy firewalls, attempt to protect nonstandard ports or provide IT staff with adequate training and resources to secure them.

Paying off criminals often isn't the end of the hack

The stakes of ransomware attacks increase with each attack. Even when organizations pay attackers off, it often isn't enough to retrieve data or unlock a network. Some ransomware, such as the GermanWiper hack, deletes files, even if victims pay.

Organizations have too many IoT devices that extend the corporate network beyond the traditional security perimeter to leave security unaddressed.

Lake City, Fla., paid 42 bitcoins -- worth $500,000 -- to have their networks unlocked and still did not recover all of their ransomed data, which included nearly 100 years' worth of city records. South Korean web provider Nayana paid $1 million after a ransomware attack and lost some of its customer data because it attempted to negotiate with the hackers.

Why IoT attacks will increase

As external forces put pressure on the global economy to adapt and recover through advanced digital transformation projects, hackers' opportunities to cause trouble will increase. This is especially true for industries or institutions that are out of the public eye, such as logistics and supply chain firms, as well as health-related research facilities.

Depending on their size, budget and geographic location, organizations may lack the cybersecurity tools and resources of larger companies to protect them.

Criminal attacks on these organizations also affect vital services, including government services, informational websites, phone services and food supplies.

Steps in a ransomware incident response plan

Steps to secure IoT devices

Rapidly evolving malware and IoT technologies make it hard to stay up to date with the latest cybersecurity tools and methods. Organizations that wish to take advantage of the benefits of IoT devices must invest more in security protocols and tools.

To keep their IoT devices secure and prevent ransomware attacks on their networks, IT pros can:

  • Assess a device's exposure to hacks via the internet before deployment.
  • Disable unnecessary or unused services on devices.
  • Ensure regular and proper backups of all data.
  • Create and implement adequate disaster recovery procedures that include ransomware processes.
  • Segment data and critical networks from access by IoT devices.
  • Invest in the latest firewalls and other network monitoring tools to detect and stop newer intrusions.

Previously, ransomware operators would encrypt files and demand ransom payments. Today, they also exfiltrate data and threaten to leak it publicly to apply more pressure on victims. Organizations have too many IoT devices that extend the corporate network beyond the traditional security perimeter to leave security unaddressed.

Dig Deeper on Internet of things security

Data Center
Data Management