Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

10:00 AM
Aamir Lakhani
Aamir Lakhani
Connect Directly
E-Mail vvv

IoT Security During COVID-19: What We've Learned & Where We're Going

Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.

When the pandemic began, organizations worldwide rapidly transitioned to a remote work model. In their rush to ensure business continuity, however, many left their networks exposed to cybercriminals. Furthermore, the potential attack surface of these organizations continues to expand because of digital innovation and business growth, further increasing risk. At the same time, the speed and sophistication of cyberattacks continues to make defending the network more challenging.

With IT teams on constant alert, it can be difficult for organizations to see the big picture. The move to remote work exacerbated the current situation by adding hundreds or thousands of potential attack vectors overnight as remote workers, their devices, and sometimes their home networks were brought onto the network. Consequently, according to data from our FortiGuard Labs threat research team, there has been a significant increase in cyberattacks.

In many cases, vulnerable Internet of Things (IoT) devices — whether deployed in home or branch offices, or internal devices now being accessed by remote users — have played a significant role in this uptick. So, while IoT devices have been instrumental in helping organizations worldwide, the networks these devices are connected to must be properly secured.

IoT Devices, Security, and Remote Work
Now that time has passed since the pandemic began, most organizations have had time to work out many of the kinks associated with their pivot to remote work. From an IoT security perspective, one issue that has had serious repercussions is that not all organizations could obtain the number of laptops they needed for all the employees who had to work remotely.

As a result, many remote workers had to use — and some still are using — a variety of personal devices to connect into the corporate network, ranging from smartphones and tablets to laptops and PCs. The challenge is that those devices aren't only being used for work but also for activities including social media, shopping, and streaming entertainment. They're also typically far less protected by desktop security and endpoint protection solutions, rendering them more vulnerable to the malware associated with phishing attacks.

Attackers don't need to attack these personal devices directly to achieve their goals. Since these devices are connected to a home network, attackers have multiple avenues of attack at their disposal — including spreading malware through other computers, tablets, gaming, and entertainment systems connected to the home network. This also includes online IoT devices, such as digital cameras, smart appliances, and smart home tools like doorbells and thermostats.

In fact, the top three searches on Shodan are related to remote camera access. Granted, some remote cameras are intentionally open to the Internet. However, there is still a large number of cameras connected to the Internet with default credentials. Attackers can easily take advantage of this low-hanging fruit and potentially access systems that were never intended for the public.

What's important to keep in mind is that this may be only the first step for an attacker in attempting to exploit an organization. The ultimate goal is to find a way into a corporate or school network and its valuable digital resources, and attackers know that the easiest way in is often by exploiting a vulnerable device no one expects to be an issue.

Rise in IoT Adoption
One of the major things we're seeing during the pandemic is an uptick in IoT adoption. Juniper Research predicts that IoT platform revenues, for instance, will reach $66 billion in 2020 — a 20% increase over last year. And while medical and healthcare use of IoT is one of the biggest growth areas, it's not the only factor here. For example, as businesses start to reopen safely, touchless and contactless devices have become more appealing. This includes devices such as touchless building access, touchless point-of-sale devices, and body temperature cameras.

Lessons Learned and Key Takeaways
This is no time to stop being vigilant. Cybercriminals are committed to taking advantage of any opportunity to attack, and the IoT provides an enticing avenue for them to get in. Examples of this activity include:

  • Attacks against medical device suppliers. In one attack recently uncovered by our FortiGuard Labs threat research team, attackers sent an email pretending to request multiple medical devices and also containing a malicious Word attachment. If a recipient opened the attachment, it downloaded several files that could exfiltrate files from the user's computer.
  • Phishing attempts tied to COVID-19. Scammers have used the pandemic to send malicious emails, including those appearing to be reports from trusted sources such as governmental agencies and news outlets. It got so bad that the World Health Organization had to issue a statement, and the UN released an advisory to warn people to be on their guard against such phishing scams.

The importance of due diligence cannot be stressed enough. Cybersecurity user awareness training continues to be crucial. Cyber hygiene isn't just the domain of IT and security teams — everyone in your company needs to be given regular training and instruction on best practices for keeping individual employees and the organization as a whole safe and secure. Effective security technology is also essential. Organizations should look at their secure email gateways and access control solutions to ensure they're able to provide the level of protections today's threat landscape requires, and deploy proximity controls such as intrusion-prevention systems to protect IoT devices that can't be directly secured.

Adapt and Fight
Malicious actors never let a crisis go to waste. Even during a worldwide tragedy that affects them as well, cybercriminals have been hard at work, and their attacks are coming with surprising speed and sophistication, leaving already taxed IT teams scrambling to defend their networks. This has become trickier as the adoption of IoT devices has increased to accommodate new remote workers and the requirements of physical security for those returning to the office. Vigilance and ongoing cybersecurity training combined with an integrated security framework — including the deployment of desktop solutions such as Secure SD-WAN for key remote workers — are key aspects of a successful cybersecurity strategy in the fight against the latest crop of pandemic opportunists.

Related Content:



Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Aamir Lakhani formulates security strategy with more than 15 years of cybersecurity experience, his goal to make a positive impact toward the global war on cybercrime and information security. Lakhani provides thought leadership to industry and has presented research and ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.