Are IoT Devices and Automatic Software Updates Prepared to Dodge Ransomware Attacks?
Ransomware attacks are fast-becoming a norm, quickly consuming businesses and robbing them of growth and revenue. Researchers have tried to define ransomware attacks based on their targets and mode of origin in the digital platforms. With a growing number of online consumers sharing their private data on various digital channels (Mobile, Smartwatches, Email, Software portals, social media, mobile wallets, e-commerce, etc), the rise of ransomware seems unstoppable. And, like consumers, IT businesses that ingest and produce tons of data for their operations are equally held ‘ransom’ to phishing attacks.
If 2019 was a banner year for cybercriminals, the new year is expected to be no different. With new challenges and technologies coming to light with their use in ransomware attacks, IT analysts and Security Officers have their work cut out in not just preventing such cybersecurity incidents, but also forecasting their likely occurrence and cost-effective remedies post-attack.
Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi, shared his insights on how ransomware attacks are disrupting the new digital ecosystems for IT businesses and digital-native customers. He has advice for security professionals who are expected to see more ransomware attacks targeting machine identities in the year ahead.
Cybercriminals Use The Cryptographic Keys and Digital Certificates
Cybercriminals understand the power of machine identities and know they are poorly protected, so they target them for exploitation.
According to IoT Threat Intelligence company Pwnie Express, almost 50% of the surveyed 582 cybersecurity professionals acknowledge their non-readiness toward repelling a ransomware attack. The size of the enterprise matters when it comes to thwarting these attacks. SMOs are more vigilant than larger enterprises. Almost half of these companies regularly check what is happening on their mobile devices and IoT-linked connections.
With a number of global certificate outages, malicious software backdoors and major data breaches. In many of the largest incidents, the cryptographic keys and digital certificates that serve as machine identities played a primary role in these breaches.
In 2019, organizations spent over $10 billion protecting human identities, but most are just beginning to safeguard their machine identities. This continues to be true even though the number of humans on enterprise networks remains relatively flat while the number of machines that need identities – including virtual machines, applications, algorithms, APIs and containers – is projected to grow exponentially in 2020. It’s inevitable that machine identity attacks will intensify in the coming year.
Ransomware Targets the Internet of Things (IoT)
Researchers have been detailing security flaws in IoT devices for years. In 2019, there were multiple product-recalls on smart home devices due to critical security issues.
While there hasn’t been a major security incident involving enterprise IoT, 2020 could be the year the pendulum swings the other way. Last year, ransomware attacks targeted individual machines in hospitals and local governments, which led to whole cities being taken offline.
If these tactics expand beyond targeting specific machines to hold data for ransom, it’s reasonable to assume that attackers will expand the ransomware model to target larger groups of IoT devices, such as medical devices – including pacemakers and insulin pumps – or focus on other systems like traffic control. Compromised machine identities make it entirely possible to use code signing certificates to “kidnap” IoT devices using malware or use TLS certificates to create zombies. It seems quite possible that we’ll see an entire IoT network held for ransom in 2020.
49 percent of the leading security professionals in the IT businesses see consumer IoT devices like smartwatches, smart coffeemakers as a target point for cybercrimes. But, only 23 percent can monitor these types of devices.
Compromised Automatic Software Updates
Last year, the ASUS Live Update Utility service was successfully attacked by cybercriminals. The attack allowed these criminals to load malicious code on over one million machines using the pre-installed automatic software update function. Kaspersky Lab counted 57,000 users of its security software who installed the backdoored version of the ASUS Live Update Utility distributed in this campaign.
Attacks like these are likely to escalate in 2020 because many devices have a built-in automatic software update service, and when an update is signed with a legitimate code-signing certificate, these updates are automatically trusted.
Unfortunately, because most organizations don’t tightly control code-signing keys and certificates, it’s easier for attackers to gain access and insert malware into the automatic software update process.
Seize on Artificial Intelligence (AI)
In 2020, algorithmic decision-making AI will become more mainstream.
This will bring both opportunities and challenges, particularly around the transparency of AI algorithms.
If organizations do not understand how some AI models work to reach specific decisions, it’s possible that bad actors will use this confusion to manipulate AI outcomes. Many AI models rely on blindly trusted machine identities. If machine identities are compromised, attackers can send malicious data streams that feed AI models. These types of attacks could have a wide-reaching impact on everything from predictive policing to financial forecasting.
Machine identities are relatively new, and very effective, point of attack because there is a huge gap between the security controls applied to human identities and those applied to machine identities. In 2020, everyone – from CISOs to security architects and security practitioners – will need to prioritize the protection of machine identities in their organizations in order to reduce these very real security risks.
Top Players in the Cyberthreat Intelligence Market
Venafi is a leader in providing solutions for machine identity protection and cyber threat intelligence. Currently, it competes with established players, which include —
- AWS Identity and Access Management (IAM)
- Ping Identity
Today, Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, IoT, code signing, mobile, and SSH. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise—on-premises, mobile, virtual, Cloud, and IoT.
Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.
(To participate in our Cybersecurity stories, please write to us at firstname.lastname@example.org)