Arecent study by the consultancy firm Gartner predicts that, by next year, there will be 5.8 billion Internet of things (IoT) devices in the world. This high level of uptake is proof that organizations are increasingly relying on the range of benefits that the IoT can provide.
Organizations make use of industrial IoT devices to improve their business processes. Applications to manage their facilities and machinery; computers to automate processes; and telematics applied to the management of fleets or security devices, such as sensors and cameras. Organizations can also provide their customers with new experiences and features thanks to the IoT, such as in-vehicle connections or smart home or wearable devices.
However, the boom of the IoT has also managed to become one of the preferred attack vectors for cyberattackers in the last few years. Cyberattacks are increasing, in terms of quantity, complexity and scope, to the point that many of them now affect a large number of organizations. A clear example of this are the recent attacks that leveraged the vulnerability in OpenDreamBox.
Cameras and recording systems under attack_
Last month, there were reports that a vulnerability in the WebAdmin Plugin of OpenDreamBox 2.0.0 was causing something of a stir. In this case, this cyberthreat has made waves in the cybersecurity world because of its enormous scope: it has affected 32% of the world’s organizations, in other words, one in every three organizations. What’s more, it was the eighth most exploited vulnerability in July 2019.
This threat, CVE-2017-14135 on MITRE’s Common Vulnerabilities and Exposures (CVE) system, allows cyberattackers to remotely execute system commands in misconfigured Dreambox installations, such as digital video recorders and CCTV systems.
The vulnerability itself isn’t hard to spot: on his blog, the cybersecurity expert Alfie Njeru describes how, by searching for Dreambox on Shodan, the search engine for finding connected devices, it is possible to see if an installed device contains the vulnerability. The indicator of a vulnerable DreamBox installation is the presence of WebAdmin plugin.
This is actually another variant of the botnet Mirai, which is infamous for carrying out massive DDoS attacks against all kinds of connected devices, from industrial sensors to smart home controllers.
In any case, this is proof of the fact that IoT devices now make up part of a new ecosystem that, along with other workplace trends such as telework and BYOD, can be used to get through a company’s perimeter, and make it more vulnerable.
But for organizations, the risks of IoT cyberattacks go beyond the increase in the attack surface. In organizations with highly sensitive IoT systems, such as industrial organizations, critical infrastructures or defense, can be targeted by highly sophisticated cyberattacks using Living-off-the-Land techniques that can get around normal security measures. This is why advanced solutions are needed, with a more proactive approach to cybersecurity, and which take a default zero-trust stance.
Advanced security with Cytomic Patch_
Updating and patching applications usually falls to the IT operations team. Even though they can have serious consequences for an organization’s security, as we have seen with OpenDreamBox. This is why, at Cytomic, we have solutions for our customers’ IT operations teams.
These solutions are based on the premise that, along with a high level of protection that is based on a zero-trust approach, organizations’ security programs must be underpinned with measures to reduce exposure to risks and to minimize vulnerabilities that can expose them to cyberattackers.
To this end, a solution such as Cytomic Patch is needed. It identifies vulnerabilities in applications and operating systems in real time, and also provides centralized patching mechanisms from our cloud console.
Cytomic Patch is one more mechanism within the advanced, adaptive security architecture provided by Cytomic. It covers several cyberdefense goals: it reinforces prevention capacities, and helps drastically reduce the attack surface on endpoints. All of this facilitates a rapid response, isolating compromised computers and applying updates in real time with just one click.