NMSaaS Blog

How Network Monitoring Can Reveal Hacked Business IoT Devices

Posted by John Olson on Nov 29, 2017 12:43:54 PM
Find me on:

Businesses across the country and across the globe are incorporating Internet of Things (IoT) devices like they're going out of style. In many ways, the promise and varied convenient uses of IoT devices like thermostats, lights, security cameras, command hubs, and even smart coffee makers have a great deal of potential for bringing down energy costs, upping work environment quality, and in general making life easier for business owners and employees. While there's no denying the usefulness of IoT devices in the workplace, they are also terribly insecure and they're on your business wifi network.

The Risks Posed by IoT

The primary feature of the many varied IoT devices is that they connect via wifi to your local network and many do so automatically without much in the way of security checks. Of course, they're not just on your network, they're on the internet as well meaning that each and every IoT device is potentially open to attacks by opportunistic hackers and malware that scan the net looking for unsecured devices.

Skimping on Security

What makes them unsecured? After all, you would think that respectable manufacturers would ensure that their devices are safe and secure for consumers, but this simply isn't the case. The world of IoT is notorious for going hard on the glitz and show but skimping on the security measures, sometimes leaving them out altogether and there is not as of yet been any regulation to force the issue. Like many less than ideal mobile apps, if your IoT device has access to or stores information, it may be doing this in an unsecured way either on a loosely guarded local file system or an unencrypted cloud database belonging to the manufacturing company. An unpleasant number use default login credentials for admin access and either don't force the user to change them or don't even give you the option to do so, meaning hackers who locate your IoT devices might be able to gain access simply by knowing what the manufacturing company's details are.

No Unified Management

Next, there's no unified way to monitor and control IoT devices from the hundreds of different manufacturers. Each of them write their own OS software with little to no regard for the poor network admins who will be responsible for keeping track of and securing a varied collection of devices. Currently, there are no unified dashboards, and often no way to access the internal settings to make them more secure even if you're willing to handle them one by one.

Not Even Built to Update

Finally, many IoT devices aren't built to be updated. Their software and infrastructure aren't expected to accept security patches like your business software suite does. This means that when a manufacturing company discovers a security flaw in their program, they may not be able to provide a patch and even if your IT team writes their own patch, they wont' be able to implement it. Unfortunately, this follows the 'not build to last' principle of retail, in which the manufacturers are hoping you'll just buy a new one instead of fixing the one you already have.

How Network Monitoring Can Reveal Hacked Business.jpg

The IoT History of Malware and Hacks

Besides the nightmare IoT potentially poses to your network and security admins simply to manage and secure the variety of devices in any office, then there are hackers to contend with. Ever since IoT devices began to get popular, they have been the ideal target for hackers because they are so often badly secured or secured in very predictable ways. The most popular and wide-spread form of malware attack came with the name Mirai along with a dozen variants and copycats. This particular attack hacks unsecured IoT devices and then uses their wifi capabilities to create a botnet and enact a massive DDoS attack on high-profile internet target.

However, being used in a botnet may be the least of your worries. If you have IoT devices you rely on as monitors like detecting air quality or leaks in your manufacturing equipment, these could potentially be hacked to send either false signals, causing false emergencies, or to fail to deliver alerts when something does go wrong. Back in 2010-2012, an entire line of 'SecurView' IoT security cameras that literally advertised security transmitted un-encrypted login credentials and allowed anyone with the IP address to look and listen through them.

The most recent form of attack, and also the most aggressive, is known as the BrickerBot malware that doesn't misuse your data for anything, it just viciously renders vulnerable IoT devices using exposed telnet completely useless.

What Hacks Look Like with Network Monitoring

There are approximately three types of IoT hacking. First, there's taking advantage of bad features like those web cameras that broadcast without any auth at all. While this does pose a risk to your business, the best way to defend against it is to simply not deal with devices that are that insecure. The second type can only do damage to the devices themselves but does not target your data or network at all. The third, on the other hand, involves accessing IoT devices and then misusing their access to your wifi network, and that's where network monitoring comes in.

Network monitoring has long-since been used by security admins to detect unauthorized activity performed by lurking malware. Just like when malware gets onto one of your workstation computers, in order to do anything malicious with your network connection, it needs to both use of local resources and send and receive packets over the internet. Each IoT device uses a certain amount of predictable bandwidth and packet exchange to perform its expected duties, and malware activity will clearly vary from the norm. If your IoT is being used in a Mirai-style botnet, to send spam emails, or just to transmit the data it naturally collects to a second unauthorized location, network monitoring can spot it.

What to Do If You Do Get Hacked

Let's say you are monitoring a group of five IoT security cameras. Four all show near-identical data collection and transfer activity as they do their job watching and streaming the feed to your business security software, and one is clearly showing an unusual amount of network activity, often in the middle of the night to an unknown IP address or collection of addresses. This camera is undeniably hacked, and you don't need to know by whom or for what purposes unless you have reason to suspect that sensitive data is being transmitted. The simplest solution is to reset the device to factory settings, then submit all five to your security admin for review and improved security protocols. 

The world if IoT is new, exciting, and unfortunately so cutting-edge as to be dangerous to your security. Network monitoring is a fantastic tool for detecting and hunting down malware activity, but you'll also want to thoroughly safeguard any IoT devices used by your business. Never assume that any IoT device is properly secured unless you've seen the code from the inside and do your best not to expose IoT devices to secure data and keep them on the other side of a very secure firewall to ensure that no hacking or malware can find it's way into your network. 

30 day free trial

Topics: Cloud Based Network Monitoring

NMSaaS.  Cloud Based Network Monitoring

NMSaaS provides advanced Network Discovery, Monitoring, Backup and Configuration Management of your IT Assets.

NMSaaS Delivers:

  • An easy to set up and use platform
  • Best of Breed features for small and large organizations
  • No hassle, simple pricing

Subscribe to Email Updates

Recent Posts