This is a summary of a byline written by Fortinet’s Anthony Giandomenico that was published on the IoT Agenda website on December 12, 2019.
Botnets comprised of IoT devices can not only launch denial of service attacks and drop malicious payloads, including ransomware and crypto mining, but another of their hallmarks is their persistence.
IoT Botnet Persistence
Fortinet’s Threat Landscape Report for Q3 of 2019 showed that the list of top botnets, unlike other forms of malware, tends to remain the same over time. This is even in spite of huge efforts to get organizations to inoculate themselves from high-profile attacks through patching and updating critical devices and systems. Mirai, for example, still sits in the top five of the most prevalent botnets in spite of it being over three years old and responsible for one of the widest takedowns of the Internet.
This suggests a few things:
- First, traffic to and from IoT devices is not being identified or tracked, allowing communications between compromised IoT devices and criminal control systems to continue uninterrupted.
- Second, despite calls from the security community, most IoT devices remain unpatchable, which also means they are exploitable.
- And finally, the continued prevalence of botnets indicates that far too many organizations either do not know how to identify botnets, don’t know how to fix the problem if they do, or worse, simply don’t understand the risk that compromised IoT devices represent.
Six Things You Can Do to Secure Your IoT Devices
Since IoT devices can’t be patched, the best place to start is to assume that every IoT device on your network, including all of their communications, has already been compromised. The best security response to such a reality is to establish a zero trust network strategy. This includes:
Multi-factor authentication (MFA): Every user, including systems administrators, needs to be validated using MFA before they can access, deploy, manage, or configure any device.
Network Access Control (NAC): NAC ensures that devices are identified and authenticated based on policy and then assigned to predetermined network segments.
Intent-Based Segmentation: Dividing the network limits the damage that can be caused by malware or a rogue user. But static segments aren’t enough. Next-generation firewalls need to dynamically create network segments based on the business objectives of devices.
Active Inventory Management: Organizations need detailed visibility into what devices are connected to their network, where they are located, or what other devices they can communicate with at any given moment.
Threat Intelligence: Threat intelligence about active compromises and vulnerable systems need to be dynamically mapped to existing IoT inventory, enabling network administrators to prioritize patching, proximity controls, and segmentation rules.
Behavioral Analytics: IoT behavior needs to be baselined so alerts can be issued on anything out of the ordinary. Responses to unauthorized behavior should include increased monitoring, quarantining a device, and enforced remediation.
A Security-First Networking Strategy is the Best Place to Start
IoT devices are essential for organizations competing in today’s digital marketplace. However, those devices are also attractive targets because once they have been compromised they tend to remain compromised.
Organizations that rely on IoT devices need an effective strategy to identify, monitor, control, and alert on unusual behavior. That begins with zero trust network access followed by an integrated, systemic approach that ties critical security and networking systems together into a integrated security-driven network.
Find out how Fortinet’s Endpoint and Device Protection Solutions protect every user and device, on and off the network.