With the Internet of Things coming to every business in one way or another, 组织必须做好准备,应对昼夜不停地交换数据的设备网络带来的风险. 别搞错了:风险是很多的,而且这个清单一直在变长.
不管你喜不喜欢, 物联网是一个诱人的新目标,也是一个推出新方法的平台,可以实施久经考验的攻击策略.
更重要的是, the nature of the IoT — embedded devices, 收敛, 基于云计算的控制, 以及各种各样的通信协议——给IT安全团队的待办事项清单增加了一些严峻的挑战. 艾德·斯库迪斯报道, faculty fellow and penetration testing curriculum lead at the SANS Institute, 今年2月在旧金山举行的RSA大会上,他在一个主题小组讨论会上提出了这一观点, "This stuff gets complicated really, 非常快."
换句话说, IT安全团队需要使用新工具来保护这个快速增长的领域, 新鲜的观点, 以及一些严肃的风险分析. In a previous post (LINK TO FIRST POST), 我们建立了物联网的推动和拉动——它代表了重要的商业机会,而不仅仅是平衡了这种不断扩大的威胁. 现在,让我们深入研究这种日益增长的威胁概况,以便更好地了解组织应该面临的威胁.
Ransomware
Ransomware has evolved into a favorite method for attackers, 但物联网正在让这一类别演变成更加邪恶的东西. 在物联网之前的“旧时代”," ransomware attacks were very specific: The bad guy gets access to some data, 把它锁起来, and asks for ransom to get it back. 但攻击者已经发现,物联网可以让他们以许多新的方式达到同样的效果.
例如,攻击者可以使用物联网来关闭部分业务. 我们去年就看到了这一点,当时攻击者控制了奥地利一家酒店的房间钥匙系统. There's potential for attackers to take over manufacturing equipment, 交通灯控制, or even police and fire dispatch systems. The possibilities are downright dizzying.
Even seemingly mundane IoT assets could help bad guys achieve their objectives. 斯库迪斯在RSA大会上表示,最近对旧金山交通管理局(San Francisco Transit Authority)的攻击使其无法接受付款, but had no affect on the ability to operate its MUNI trains. SFTA只是允许乘客免费乘坐,直到它弥补了这一漏洞, in this case without paying the ransom. The next time, the SFTA may not be so fortunate.
当攻击者开始使用物联网时,事情会变得更加深奥 seem 好像有直接的威胁.
"If I can make somebody believe I have control over something, this is really using psychology to extract money,“吉尔·索雷博, chief cybersecurity strategist at government and healthcare consultancy Leidos, said during a panel discussion at the RSA Conference.
随着攻击者越来越肆无忌惮地提出要求,这种心理将变得更加强大. So don't expect future attacks to ask for the mere $1,800 ransom attackers sought from the Austrian hotel. Eventually, the bad guys will figure out their targets' optimum pain threshold.
“他们正在制定定价策略,”索雷博在RSA大会上打趣道.
DDoS攻击
物联网DDoS攻击可能造成的潜在损害是彻头彻尾的伤脑筋. 去年秋天,利用安全监控摄像头瘫痪了全球1200多个网站的基于物联网的攻击,与安全社区所设想的可能场景相比,似乎是微不足道的.
以所谓的智慧城市为例. 圣地亚哥, 哪家公司在通过物联网连接其一系列服务方面已经跃居前列, could be crippled in many ways by well-thought-out attacks.
“想象一下,一名黑客通过入侵IP摄像头来攻击一座城市,让警察和消防部门对这座城市的监控系统瘫痪,——查德·巴彻, 安全公司Webroot的产品战略和技术联盟高级副总裁, said during an RSA Conference presentation. "It's exponentially more risky than a traditional IT environment."
端点扩散
多亏了物联网, 可能的入口点和需要保护的设备的绝对数量正在稳步增长,超出了大多数IT团队的能力. Continuing with the Smart City example, Bacher noted just how expanded of an attack vector landscape the IoT presents, 带远程IP摄像头, 交通信号, 连接汽车, sewer and water delivery systems, electrical grids…the list goes on and on. And all of these endpoints are talking to each other, 在管理和保护所有这些数据流方面带来了巨大的挑战.
Ed Fok, 他是联邦公路管理局的交通技术专家, 在RSA大会上,他提出了一个黑客切断自动驾驶汽车预警系统的场景,引起了与会者的深思, thereby preventing alerts from warning drivers of pending accidents. 抑制警报可能会对许多启用物联网的设置产生影响, raising concerns of hackers being able to actually "weaponize" IoT devices.
结论是,负责锁定物联网设备和网络的安全团队必须在此过程中竭尽全力.
"We're seeing entry points that we've never seen before,霍启刚说。, declining to offer detailed examples lest they tip off the bad guys. "Let's just say we're looking and leave it at that."
内部威胁
心怀不满的员工或承包商利用物联网设备和系统对其雇主发动攻击的可能性代表着肥沃的土壤. 鉴于英特尔最近发布的内部威胁领域指南提供了60多种攻击媒介的矩阵, there's a lot of possibilities IT security teams must consider.
改变风险概况
所有这些攻击类别的演变都提醒我们,物联网提高了风险概况变化的速度和范围. The implications for network infrastructure are wide ranging, as scanning and monitoring activities need to be ramped up, as do network intelligence capabilities. In essence, organizations need to work harder on preparing to be prepared.
"We're already trying to think 10-15 years down the road, what kinds of resilient networks do we need to put in?", Gary Hayslip, CISO for the City of 圣地亚哥, told RSA Conference attendees. "I'm very paranoid about these new things we're bringing in."
他理应如此. 但这种偏执不应该阻止组织充分利用物联网所提供的一切. 也就是说, 他们必须采取一切必要措施,确保他们已经充分武装自己,以防止物联网的固有漏洞失控.
Addressing the dark side needs to start with your network infrastructure. 了解更多 关于物联网,它对您组织的网络的影响以及ALE如何帮助您解决这个问题.
托尼Kontzer
Having spent the dot-com boom and bust years in Silicon Valley, 从客户端/服务器计算的发展来看,他对技术的发展有着第一手的了解,这些技术一直是it驱动型业务的基础, through the birth of the commercial Internet, to the emergence of cloud computing, 社交媒体和大数据. 他一直是《火狐体育手机官网》等出版物的定期撰稿人, Baseline, Network Computing and TechTarget, as well as numerous technology community sites.
A 1988 graduate of the University of Missouri-Columbia School of Journalism, Tony spends his non-work hours chasing his two little boys around, handing money to his teenage son, and desperately trying to get his wife to answer her cell phone.
作者简介最新的博客
What to know for your digital transformation journey
Undergoing a digital transformation by yourself can be a scary task
