IoT, Shadow IT and the real-world consequences of it all

The problem

It has been many years since the initial discussions around Internet-of-Things (IoT) devices and in general “the stuff people forget to patch” such as smart fridges, IP webcams, CCTV cameras, development/test systems, door access systems, smart factory equipment, printers, point-of-sale systems and smart wearables such as watches.

The main points raised by many prominent cybersecurity figures is that organizations simply forget that these devices need to have security updates applied or are even completely unaware of their existence from an asset tracking perspective.

Due to this, many of these devices go years between any form of update or never receive them whatsoever.

The impact

Looking back at the Mirai botnet of 2016 and the enormous Distributed Denial of Service (DDoS) attacks that were produced from this botnet, things have not really changed.

The Mirai malware was initially utilized to attack Minecraft servers and eventually went on to targeting DDoS protection providers which shows that these are not sophisticated nation state or APT group-based attacks, this is low hanging fruit that is being dangled in front of the attackers for free.

We see record breaking DDoS attacks occurring on a semi-regular basis because these attackers are being handed a platform to launch their attacks from in the form of vulnerability ridden and forgotten about internet connected devices.

In addition to DDoS botnet malware, other types of malware could be installed on these devices such as Remote Access Trojans (RAT) or even ransomware and can operate as a platform for an attacker to persist within your organization’s internal network.

If these hosts have been forgotten about or never declared by the individual deploying it, there is little to no chance that these devices are being monitored meaning that it is likely you would not know if an attacker had compromised the host.

The solution

Discovering all devices connected to your network is absolutely key to capturing them into patch management processes and also ensuring you can implement the appropriate level of monitoring such as integrating them into SIEM technologies where possible.

How can Zepko help?

Zepko are partnered with Qualys to provide our customers with regular asset discovery scanning to ensure all hosts within their networks are captured and then included in regular vulnerability scanning.

This means that if there are rogue devices within the network, they will know about them and also know the risk presented by the device by way of vulnerability.

We also offer penetration testing, social engineering testing and phishing testing services so you can go above and beyond the question of “Are my servers up to date on patches?” and really test the combination of people, process and technology that protect your infrastructure.