Tim Hartman, Head of Solution Architecture, Infoblox A/NZ on how the surge in smart devices that prioritise plug-and-play over robust security systems are exposing A/NZ businesses to cyber threats.
Air conditioning that automatically calibrates to the perfect temperature, smart helmets that can assess carbon monoxide levels for miners, a collar for cattle that predicts pasture intake based on movement patterns. The future of work across industries in Australia and New Zealand is changing, where new technology such as AI, IoT and automations are revolutionising innovation and connectivity.
However, Smart IoT devices, if not well managed and secured, can become gateways for cybercriminals to attack your network.
Growing dependency on IoT devices
In A/NZ, the number of IoT devices is set to reach 405 million by 2030, nearly doubling the current 213 million. This is changing the way our cities function.
In Adelaide, devices such as smart lighting poles are providing both light and Wi-Fi access points, while solar-powered bins are using sensors to provide real-time data on when they need to be emptied.
Critical infrastructure and industries are impacted too – in healthcare alone, the IoT market in Australia is expected to reach $1.61 billion by 2028. Data collected by these devices can be crucial for delivering critical services and improving health services.
This surge is driven by the transformational benefits IoT can provide, but with that, as with all digital progress, comes risk.
Smart devices often prioritise accessibility and a plug and play experience over strong security. Cybercriminals can target these weak security systems. As IoT devices use the Domain Name System (DNS), once a weakness is found, it can be exploited through means such as infiltrating networks, exfiltrating data, probing the network for other vulnerabilities, or even causing physical damage to the devices.
How cybercriminals use IoT devices
Once cybercriminals have infiltrated an IoT device, they are then able to target the operation of the domain name resolution process, which is essential for their ability to function. Attackers try to deny the DNS service through bugs and flaws, and once the resolution service becomes unavailable, most applications can no longer function. Unprotected DNS has limited checks and balances, which makes it easier for hackers to get through, and opens the floodgates to various attacks.
The measure of this threat was shown in 2021 when the 8,000-kilometre U.S. oil system, Colonial Pipeline, was shut down for five days due to a ransomware attack. Hackers accessed the system through vulnerable IoT devices, then used ransomware to encrypt data. They then demanded circa A$6.6 million in Bitcoin to decrypt the system. The event caused local shortages in gasoline, diesel fuel and jet fuel.
There is a real threat that IoT attacks similar to Colonial Pipeline could cause harm to industrial systems here. The security of operational technology (OT) is often overlooked; in a recent survey, 65% of respondents detected at least one OT-related cybersecurity incident.
Preparing for surprise attacks
Although IoT devices can be more vulnerable to attacks, it doesn’t mean the smart television has to go just yet. Instead, people should be turning the DNS into an advantage. By leveraging the DNS for security, users gain valuable insights into their networks and are able to take the right measures to quickly stop the threat.
IoT devices that incorporate security and long-term updates, combined with DNS detection and response (DNSDR), should be a priority.
As part of the Australian Cyber Security Strategy 2023 – 2030, a voluntary cybersecurity labelling scheme for IoT devices will also help guide Australian consumers on the safety of smart devices.
In a response paper to the Australian Cyber Security Strategy, we also recommended the government pursue a protective DNS standard to more comprehensively protect networks from compromised devices.
By inputting certain protective DNS threat feeds or response policy zones, organisations can effectively block compromised devices from contacting their command-and-control servers, while creating an alert system on compromises for network operators.
For any organisation, having a strong DNSDR system with visibility and control over who and what is connecting to your network, should be a priority. This is essential to protect against all kinds of attacks.
Technology continues to revolutionise the way we live and work, but there are two sides to emerging technologies, and with progress comes risk. As businesses and governments continue to increase their IoT use, potential attacks and the exploitation of security vulnerabilities could lead to significant financial losses and erosion of trust.
It’s becoming increasingly important that IT and network teams work together to minimise the risk of security vulnerabilities. Teams can do this by sharing user context and DNS data to ensure there is visibility across IoT devices. Having this visibility will enable teams to identify and stop critical threats earlier.
As our operations, machinery and workplaces become smarter, so too must our approach to security. As exciting as your office’s new smart television is, it’s smart devices like these that could expose your organisation to wayward threats if not managed and secured properly.
Click below to share this article