The Internet of things is starting to invade organizations in new ways, bringing with it more opportunities for attackers to penetrate corporate networks. Many enterprises have struggled with two distinct problems: bring your own device (BYOD) which enables employees to not only connect personal devices to the company's networks, but also use them to process corporate data. Secondly, industrial control systems are connected to networks for everything from office climate control to management of integrated manufacturing processes. The next wave of cyberthreats will combine these two trends in new ways, says Johannes B. Ullrich, CTO and director of the Internet Storm Center, SANS Technology Institute.
Networks are only going to become more complex, increasing the attack surface and moving large parts of the network outside of corporate control. Attackers will learn to take advantage of these new exposures. Employees may start asking for access to home automation systems from work or fitness trackers to encourage healthy office behavior. A device an insurance company hands out to customers to monitor driving behavior may not only be tampered with to report a more favorable profile, but the APIs exposed to collect data from these devices may be used to penetrate the network, leaking personal data or allowing the attacker to manipulate data wholesale.
Cybercriminals are also perfecting crypto ransomware. Last year, crypto ransomware was primarily targeting consumers and small businesses, which often don’t have sufficient backups and are at the mercy of the attacker. The next generation of crypto ransomware will operate more stealthily and target enterprise servers, maintaining business continuity for months after the initial infection takes place. This will ensure that not only current data, but also recent backups are encrypted once the attacker decides to remove the key to ask for the ransom.
In this video, Ullrich discusses the evolving threats associated with the Internet of things devices and enterprise crypto ransomware and offers advice on countermeasures. Some security best practices are based on existing controls that many enterprises already have implemented in their networks.