Industrial sector is revolutionized by IoT devices in terms of automation, increased connectivity, and decreased downtime. This digital revolution brings new cyber threats, especially IoT specific attacks. These attacks take advantage of vulnerabilities within IoT devices to carry out data breach, financial loss, operational interference, etc. In fact, they can conduct a massive distributed denial of service (DDoS) attack to compromise the whole network. Consequently, IoT networks and devices are becoming a lucrative target for attackers. Some of the popular IoT based malware attacks are explained below:
IoT based malware attacks:
- Ransomware attacks: Ransomware attacks typically encrypt information, lock devices, halt operations and request ransom for reverting the original configurations. This attack is especially disastrous in the case of IoT devices because IoT devices are being used in a number of critical applications. In case of Industrial IoT, even a minimal downtime incurs enormous economic loss for the industry.
- Botnet attacks: IoT devices are vulnerable to botnet attacks because of their inherent vulnerability in the security aspect. This attack involves several IoT devices in the network to transform them into bots (zombies) and initiate Distributed Denial of Service (DDoS) attacks. Mirai botnet is one of the most well-known botnets that took leverage of weak credentials to attack IoT devices, initiating DDoS attack.
- Data privacy violations: Data privacy violations take advantage of poor passwords, default passwords, and weak communication protocols to collect sensitive personal or business-specific information from IoT devices. This attack can disrupt the standard functioning of an organization and lead to huge amount of losses in terms of data, finance and reputation.
- Firmware exploitation: It utilizes unpatched known vulnerabilities, delayed patches in firmware or old software installed on IoT devices to carry out cyber-attacks. The attacker aims at gaining unauthorized access to such devices and launches attacks through different advanced mechanisms. It may involve advanced attacking techniques such as polymorphism, code obfuscation, remote code execution, run-time code loading, etc to trick the IoT devices.
- Man-in-the-middle attacks: Attackers tend to take advantage of weaknesses in network communication protocols, encryption standard, etc to gain unauthorized access to data sent from IoT devices to server or vice-versa. Attackers utilize this information to gain access to sensitive data, alter data as per benefits or inject malicious code to manipulate the system to function in a certain manner.
Potential defences against IoT-based malware attacks:
- Regular Updating of Firmware and Software: Organizations release updates/patches from time to time for firmware/ software or operating systems to patch the newly discovered vulnerabilities. It is highly important to patch these vulnerabilities and update the firmware/software or operating system on immediate basis to prevent these attacks. Attackers often take advantage of these vulnerabilities and find devices on which patch/update is not applied. To handle this in a seamless manner, it is crucial to enable automatic updates wherever possible. This process limits the exploitation of known vulnerabilities by the attackers.
- Strong authentication systems: It is essential to enforce strong authentication mechanisms to restrict unauthorized access to IoT devices. Strong passwords, restricted access and 2 factor authentication with the help of biometric or one-time passcode permits only authorized individuals to access sensitive devices. In addition to this, isolation of IoT devices from critial systems also limits attackers from making such attempts and restricts attacks to a larger extent.
- Least privilege access: Organizations should practice least privilege access for IoT devices and users. This practice enables them to perform their desired function and limits the attack surface, unauthorized access and exploitation. Furthermore, Zero-trust architecture should be explored as it always performs authentication for all the users and devices before granting access to any of the resources. These practices can enhance the resilience of devices against ransomware, trojan or any other type of cyber threats.
- AI based threat prevention: Application of artificial intelligence and machine learning methods have transformed the conventional malware detection methods to AI-driven automated malware detection mechanisms. Hence, implementation of sophisticated and curated artificial intelligence and machine learning methods can be very useful in identifying known as well as unknown attacks in IoT devices.
- Strong network security: Feasibility of firewall, anti-virus, anti-malware solutions must be explored within IoT devices. Further, implementation of intrusion detection system (IDS), intrusion prevention system (IPS), network analyser can assist in monitoring and analysing the traffic. These methods can detect malicious packets within network traffic and prevent these attacks.
IoT devices possess immense potential and numerous opportunities in today’s world. Integration of IoT devices with 5G, edge computing can result in endless possibilities. However, it is crucial to understand the security concerns associated with IoT devices so that suitable defence mechanisms can be adopted to prevent ever emerging cyber threats. Hence, strong authentication mechanisms, regular and continuous updates/patch management of firmware/software, network security mechanisms, least access privilege, zero-trust architecture and AI based threat prevention techniques should be widely adopted by organizations.
Author
Dr. Prachi
Professor
Department of CSE
The NorthCap University