IoT devices have long been an integral part of the technological and production processes of many modern companies. They’re used in industrial facilities, in smart buildings, and in everyday office life. However, their security has always raised concerns; especially considering that many devices require access to remote systems via the internet — for firmware updates, monitoring, or management. In fact, the introduction of IoT devices into corporate infrastructure greatly increases the attack surface, abut there’s no way to equip every device with protective technologies.
What should IoT devices be protected from?
In general, an unprotected network device can become a foothold for further attacks on corporate infrastructure. There are some search engines that can scan ranges of IP addresses according to given parameters (analogues of the Shodan system). In theory, these are tools for researchers, but in fact they are often used by cybercriminals too, who can search for vulnerable or simply outdated IoT devices connected to the internet. Then everything depends on the intentions of the attackers and the specific weaknesses of the given IoT device — sometimes criminals try to seize control through the web interface, sometimes slip in a fake firmware update, or sometimes they simply disable the device. IoT botnets are doing something similar: infecting many IoT devices and then using them for DDoS attacks.
Another possible malicious use of IoT devices is spying. Last year, a group of hackers gained access to 150,000 IP cameras in companies, hospitals, schools, police stations and even prisons, and went on to release some of the video footage they had accessed therefrom. This incident shows well how easy it is to look into the premises of sensitive organizations. But espionage is not limited solely to cameras — attackers can try intercept data streams from a variety of devices (for example sensors of one kind or another).
Industrial Internet of Things (IIoT) devices present an even more severe problem. The potential interference in the production processes of a critical infrastructure facility could lead to catastrophic consequences for both the given company and the environment.
How to protect IoT devices
In order to secure the entire fleet of IoT or IIoT devices used in your company from cyberthreats, it’s not at all necessary to fully isolate yourself from the internet. Instead, those devices’ communication with cloud services can be organized through a specialized security gateway. Recently, we presented to the world such a solution — the Kaspersky IoT Secure Gateway 1000.
Our gateway is able to protect IoT devices from network attacks, DDoS, MitM attacks, and other malicious activity. Kaspersky IoT Secure Gateway 1000 is built as part of our cyber immunity strategy based on our own secure operating system — KasperskyOS — thanks to which it is itself reliably protected from outside interference.
You can learn more about the principle of cyber immunity and using KasperskyOS in our Best Practice Cyber Immunity 2022 whitepaper. There you can also find several real-world cases of Kaspersky IoT Secure Gateway 1000’s usage for protection of critical infrastructure.
Kaspersky IoT Secure Gateway 1000 is managed through the Kaspersky Security Center console, which allows network administrators to view all security events and provides specialists with information about running IoT devices. It supports the Syslog and MQTT protocols to send events to external monitoring systems and cloud platforms — including Microsoft Azure, Siemens MindSphere, AWS, IBM Bluemix and others. Detailed information about the device itself, as well as about other Kaspersky cyber-immune developments, can be found on the Kaspersky IoT Infrastructure Security page.