IoT and possible threatening scenarios
Technology and threats
By Laurence Pitt / Tech Economy / 04/05/2017
If we look at the progress made by technology over the last 25 years, it seems thatmalware or data theft is an unavoidable constant, one that follows each technological milestone. Here are some examples:
- the spread of desktop PCs and servers was soon followed by a spread of viruses. Cascade Virus, for example, was one of the first to appear.
- Then came Internet, a real breakthrough for those of us who already back in 1994 had an access available. But even more so for hackers who were now in the position to find and ransack online IDs and company data.
- Nowadays we have the Internet of Things, cloud computing and mobility, followed by botnets, DDoS and social engineering.
Therefore, every hi-tech innovation seems to usher in new business opportunities for hackers too. Botnet sale on the dark web can no longer be considered a novelty, yet soon enough we will begin to see sophisticated IoT attacks, aimed at companies as well as infrastructures. This brings us back to connected devices, as they have always relied heavily on the Internet: users who remotely access home surveillance systems, configure these devices or perform cloud backups; producers who receive diagnostic data as well as energy consumption data or other information useful for defining future developments. Therefore, if we put together the continuous access to the Internet and the rapid development of malware and exploits, it is not difficult to imagine what will soon happen. We will probably see complex worm with integrated ransomware, where the infected code will be widely distributed through cloud management. Sure, people will hardly find amusing a coffee machine that starts asking for money to dispense a hot drink or an office printer that will produce documents only after receiving some bitcoins. Yet, potentially the threats are even more serious. What would happen if an attack strikes an entire business model? This could not only damage the reputation of an organization but also push an entire economic sector to rethink the way it operates.
Let’s consider for example the car rental market. Often, the main rental companies prefer specific manufacturers, which facilitates customer loyalty. The basic supply chain, from placing an order to delivering a vehicle works more or less like this: order, Just-in-Time (JIT) production, delivery and rental. Imagine now that a malware hits the Just-in-time production process. A malware that remains dormant until it recognizes a pre-assigned identification number of a group of rental vehicles and then activates on a specific date. Let's imagine a scenario:
- Date: December 24, Christmas eve;
- Situation: tens of thousands of cars booked by people returning home or visiting parents and relatives during the holidays;
- Midnight, the malware becomes active:
- 40.000 new cars display the writing ‘PWNed by RANSOM’ on the touch-screen,
- The car just won’t start,
- Older “non-smart” vehicles work regularly,
- The operations centre receives a ransom request: “pay to unblock the vehicles”.
- After payment a code is generated and sent via an sms to all the users.
- At this point, the client can digit the code on the touch-screen, the car is unblocked and the driver can set off to his destination.
At this stage the damage is done: 40,000 customers have been delayed due to ransomware, with a vertical drop in satisfaction levels, soaring costs during the attack and to “free” the vehicles with a considerable damage to the brand when the news becomes public.
As far as we know, scenarios such as these are yet to occur, but this could happen sooner than we think. The good news though is that technology could prevent these situations from taking place and protect the production process through the Internet notifying companies well in advance. The instruments are already available and can be used to detect and prevent threats today, tomorrow and beyond.
- Protecting production processes. The manufacturing process consists of multiple physical and virtual interfacing and operates as a different set of services. Several service providers may use the same cloud but should be isolated and managed centrally. For example, this can be done using some Juniper Networks products combining MX routers with SRX and vSRX firewalls, managed with Juniper Contrail Service Orchestrator to automatize up-to-date and consistent policies across the network with a comprehensive suite of security measures to keep ill-disposed people at bay.
- Threat Prevention: The Software Defined Secure Network (SDSN) platform manages policies and detects possible threats that might undermine the system. Moreover, every element of the net can be used to apply policies and include external security feeds, combining them to the characteristic scalability of the cloud. SDSN is centrally managed and has a policy engine that adapts dynamically to risk conditions allowing the automatic application of policies.
If on the one hand we can hardly afford to remain indifferent to security risks, on the other, like Juniper, we think that at this very moment, technology is keeping well ahead of the development of malware. With adequate levels of security, an attack of this nature is unlikely to succeed.