Hello !
Trace: Instruction Set Procedures and Functions Call Standards Overall View on Computer Architecture: Processor, Memory, IO, Buses Processor Taxonomies, SISD, SIMD, MIMD Addressing Modes IoT Attack Vectors Didalab CAN HomeLab kit

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
en:iot-reloaded:cybersecurity_issues_and_threats_in_iot_systems [2024/12/04 21:31] – [Strategies to defend against well-known IoT attack vector exploits] ktokarzen:iot-reloaded:cybersecurity_issues_and_threats_in_iot_systems [2024/12/10 21:50] (current) pczekalski
Line 14: Line 14:
 To eliminate IoT attack vectors, it is essential to understand the nature of some of them and their sources and then develop comprehensive security strategies to deal with them. This section will discuss IoT attack vectors from the perception layer to the application layer. Some of the IoT attack vectors or ways in which cybercriminals can gain illegal access to IoT networks and systems (to compromise data security or launch further attacks) include the following: To eliminate IoT attack vectors, it is essential to understand the nature of some of them and their sources and then develop comprehensive security strategies to deal with them. This section will discuss IoT attack vectors from the perception layer to the application layer. Some of the IoT attack vectors or ways in which cybercriminals can gain illegal access to IoT networks and systems (to compromise data security or launch further attacks) include the following:
   * **Compromised user or device credentials**: Password compromise is one of the most common ways cybercriminals can gain unauthorised access to IoT systems. This is partly because some IoT device manufacturers ship devices with hardcoded passwords and sometimes with default passwords that are rarely changed. This gives cybercriminals easy access to IoT devices, which they use to conduct sophisticated attacks such as DDoS attacks. Password credentials to log in to IoT mobile and web applications can also be compromised by cybercriminals through data leaks, phishing scams, malware, and brute-force attacks.    * **Compromised user or device credentials**: Password compromise is one of the most common ways cybercriminals can gain unauthorised access to IoT systems. This is partly because some IoT device manufacturers ship devices with hardcoded passwords and sometimes with default passwords that are rarely changed. This gives cybercriminals easy access to IoT devices, which they use to conduct sophisticated attacks such as DDoS attacks. Password credentials to log in to IoT mobile and web applications can also be compromised by cybercriminals through data leaks, phishing scams, malware, and brute-force attacks. 
-  * **Weak cryptographic algorithms**: Implementing strong cryptographic algorithms in IoT devices is very challenging due to hardware constraints, making it easy for cybercriminals to access IoT data transported over wireless communication channels. Also, the confidentiality of sensitive data stored on IoT devices can easily be compromised. Hence, weak cryptographic algorithms (and data encryption algorithms not implemented) make it attractive for cybercriminals to try to access IoT data through man-in-the-middle attacks.  +  * **Weak cryptographic algorithms**: Implementing strong cryptographic algorithms in IoT devices is very challenging due to hardware constraints. This makes it easy for cybercriminals to access IoT data transported over wireless communication channels. Also, the confidentiality of sensitive data stored on IoT devices can easily be compromised. Hence, weak cryptographic algorithms (and data encryption algorithms not implemented) make it attractive for cybercriminals to try to access IoT data through man-in-the-middle attacks.  
   * **Open communication ports**: Cybercriminals can exploit unsecured and unnecessarily open ports (virtual entry points into a device that associates network traffic with a given application or process) to gain access to the device. Every necessarily open and unsecured port is a threat vector that cybercriminals can exploit to attack IoT devices, servers, and applications.    * **Open communication ports**: Cybercriminals can exploit unsecured and unnecessarily open ports (virtual entry points into a device that associates network traffic with a given application or process) to gain access to the device. Every necessarily open and unsecured port is a threat vector that cybercriminals can exploit to attack IoT devices, servers, and applications. 
-  * **Misconfigurations**: Poorly configured IoT devices, network devices, servers, computing nodes, and applications can serve as weak points that cybercriminals can exploit to attack the IoT network and systems. Thus, exploitation of vulnerabilities created by misconfiguration is one way in which attackers can gain unauthorised access to IoT networks and systems.   +  * **Misconfigurations**: Poorly configured IoT devices, network devices, servers, computing nodes, and applications can serve as weak points that cybercriminals can exploit to attack the IoT network and systems. Thus, exploiting vulnerabilities created by misconfiguration is one-way attackers can gain unauthorised access to IoT networks and systems.   
   * **Firmware vulnerabilities**: Since IoT firmware and software are not regularly updated to patch security holes and to protect IoT devices from newly discovered security vulnerabilities, cybercriminals can exploit unresolved firmware and software vulnerabilities to gain unauthorised access to IoT devices and data. Thus, exploiting firmware and software vulnerabilities is one of the ways cybercriminals can easily compromise the security of IoT networks and systems.    * **Firmware vulnerabilities**: Since IoT firmware and software are not regularly updated to patch security holes and to protect IoT devices from newly discovered security vulnerabilities, cybercriminals can exploit unresolved firmware and software vulnerabilities to gain unauthorised access to IoT devices and data. Thus, exploiting firmware and software vulnerabilities is one of the ways cybercriminals can easily compromise the security of IoT networks and systems. 
-  * **Zero-day vulnerabilities**: Several security vulnerabilities (flaws in hardware or software) are regularly being discovered on a daily, weekly, monthly, or annual basis. Suppose there are security vulnerabilities for which the developer has not released a security patch or the user has not installed/applied the update. In that case, attackers will likely exploit such vulnerabilities to gain unauthorised access to IoT networks and systems. A zero-day attack is exploiting unknown vulnerabilities or software flaws before a security patch is released. Therefore, exploiting unresolved known vulnerabilities is one of the attack vectors that cybercriminals use to compromise the security of IoT networks and systems. +  * **Zero-day vulnerabilities**: Several security vulnerabilities (flaws in hardware or software) are regularly being discovered on a daily, weekly, monthly, or annual basis. Suppose there are security vulnerabilities for which the developer has not released a security patchor the user has not installed/applied the update. In that case, attackers will likely exploit such vulnerabilities to gain unauthorised access to IoT networks and systems. A zero-day attack exploits unknown vulnerabilities or software flaws before a security patch is released. Therefore, exploiting unresolved known vulnerabilities is one of the attack vectors that cybercriminals use to compromise the security of IoT networks and systems. 
-  * **Cross-site scripting (XSS)**: A browser-based attack vector can inject or insert malicious code within a browser-based application designed for users to access IoT services. For many IoT applications, the end-users access the IoT services hosted on cloud computing platforms through web and mobile applications using their browsers. Cybercriminals can inject malicious code into IoT web applications, redirect users to fake websites and trick the browser into executing malicious code that downloads malware that infects user devices. The inserted malicious code can launch into an infected script that could infect the user's device and steal information. Hence, since IoT services are provided to users through web-based applications, this kind of attack vector will be targeted by cybercriminals. +  * **Cross-site scripting (XSS)**: A browser-based attack vector can inject or insert malicious code within a browser-based application designed for users to access IoT services. For many IoT applications, the end-users access the IoT services hosted on cloud computing platforms through web and mobile applications using their browsers. Cybercriminals can inject malicious code into IoT web applications, redirect users to fake websites and trick the browser into executing malicious code that downloads malware that infects user devices. The inserted malicious code can launch into an infected script, infecting the user's device and stealing information. Hence, since IoT services are provided to users through web-based applications, this kind of attack vector will be targeted by cybercriminals. 
   * **SQL injection**: Many IoT data is stored in structured databases and then accessed through web and mobile applications by users and other applications. The data stored in structured databases is often managed using SQL (structured Querry Language), a programming language used to administer or interact with the database to store, access, and manipulate the data. An SQL injection attack vector is one in which an attacker leverages known vulnerabilities to inject malicious SQL statements into an application to trick the server into allowing the attacker to illegally extract, alter or delete information. In the case of IoT applications in which sensor data is collected and stored in structured databases, this type of attack vector will likely be targeted.   * **SQL injection**: Many IoT data is stored in structured databases and then accessed through web and mobile applications by users and other applications. The data stored in structured databases is often managed using SQL (structured Querry Language), a programming language used to administer or interact with the database to store, access, and manipulate the data. An SQL injection attack vector is one in which an attacker leverages known vulnerabilities to inject malicious SQL statements into an application to trick the server into allowing the attacker to illegally extract, alter or delete information. In the case of IoT applications in which sensor data is collected and stored in structured databases, this type of attack vector will likely be targeted.
-  * **Distributed Denial of Service (DDoS) attacks**: This type of attack vector involves the use of bots to infect IoT devices and then create a botnet (network of bots) that can be controlled to overwhelm IoT gateways, services, data centres, and web applications with a massive amount of traffic or requests. This attack aims to cause the IoT gateways, services, data centres, and web applications to crash, depriving the users of accessing IoT services. The attacker takes over a large number of IoT devices, creates a botnet, and redirects traffic from their devices to IoT gateways, services, data centres, and web applications to disrupt IoT services. +  * **Distributed Denial of Service (DDoS) attacks**: This type of attack vector involves the use of bots to infect IoT devices and then create a botnet (network of bots) that can be controlled to overwhelm IoT gateways, services, data centres, and web applications with a massive amount of traffic or requests. This attack aims to cause the IoT gateways, services, data centres, and web applications to crash, depriving the users of accessing IoT services. The attacker takes over many IoT devices, creates a botnet, and redirects traffic from their devices to IoT gateways, services, data centres, and web applications to disrupt IoT services. 
-  * **Session hijacking**: Cybercriminals can gain unauthorised access to sensitive IoT data through session hijacking. When IoT users log in to access IoT services, they are provided with a session key or cookie, so they don't need to log in again. This cookie can be hijacked by an attacker who uses it to gain access to sensitive IoT information ((Abi  Tyas Tunggal, What is an Attack Vector? 16 Critical Examples, https://www.upguard.com/blog/attack-vector, 2024)). +  * **Session hijacking**: Cybercriminals can gain unauthorised access to sensitive IoT data through session hijacking. When IoT users login to access IoT services, they are provided with a session key or cookie, so they don't need to log in again. This cookie can be hijacked by an attacker who uses it to gain access to sensitive IoT information ((Abi  Tyas Tunggal, What is an Attack Vector? 16 Critical Examples, https://www.upguard.com/blog/attack-vector, 2024)). 
   * **Malware infection**: This attack vector involves using malicious software (malware) designed to take control of an IoT network or system. Malware may corrupt and steal data and can also be used to carry out malicious attacks on multiple IoT devices and other systems. Some examples of malware that can be used to target IoT networks and systems include ransomware (malware that can encrypt valuable IoT data or data of IoT users to deprive legitimate access to the data until a ransom is paid) and trojan (malware that can be used to create a backdoor that gives attackers unauthorised access to IoT networks and systems).   * **Malware infection**: This attack vector involves using malicious software (malware) designed to take control of an IoT network or system. Malware may corrupt and steal data and can also be used to carry out malicious attacks on multiple IoT devices and other systems. Some examples of malware that can be used to target IoT networks and systems include ransomware (malware that can encrypt valuable IoT data or data of IoT users to deprive legitimate access to the data until a ransom is paid) and trojan (malware that can be used to create a backdoor that gives attackers unauthorised access to IoT networks and systems).
-  * **Phishing**: This type of attack vector could be targeted at employees of IoT organisations or users to compromise their login credentials. It involves using social engineering strategies where the target is contacted by email, telephone, or text message by someone posing to be a legitimate colleague or institution to trick them into providing sensitive data, credentials, or personally identifiable information (PII). It is one of the most commonly used attack vectors to gain unauthorised access to sensitive information, and it is also the starting point for many forms of attacks like ransomware attacks (which often start with phishing campaigns against their targets) and spyware (malware that can share sensitive IoT data to attacks).+  * **Phishing**: This type of attack vector could be targeted at employees of IoT organisations or users to compromise their login credentials. It involves using social engineering strategies where the target is contacted by email, telephone, or text message by someone posing as a legitimate colleague or institution to trick them into providing sensitive data, credentials, or personally identifiable information (PII). It is one of the most commonly used attack vectors to gain unauthorised access to sensitive information, and it is also the starting point for many forms of attacks like ransomware attacks (which often start with phishing campaigns against their targets) and spyware (malware that can share sensitive IoT data to attacks).
   * **Brute-force attack**: This is another attack vector aimed at compromising the authentication credentials and encryption keys to gain unauthorised access to IoT data. It could be done using a trial-and-error method to guess the password or encryption key to gain unauthorised access to IoT networks, systems, and data. If the password and the encryption key are not strong enough, the attacker can illegally gain access to IoT devices. Using default passwords and weak encryption schemes in IoT devices makes them susceptible to these attacks.   * **Brute-force attack**: This is another attack vector aimed at compromising the authentication credentials and encryption keys to gain unauthorised access to IoT data. It could be done using a trial-and-error method to guess the password or encryption key to gain unauthorised access to IoT networks, systems, and data. If the password and the encryption key are not strong enough, the attacker can illegally gain access to IoT devices. Using default passwords and weak encryption schemes in IoT devices makes them susceptible to these attacks.
-  * **Physical attacks**: This type of attack vector involves the adversary's physical access to the IoT device. If an attacker can physically access deployed IoT devices, it is possible to steal sensitive data, compromise the devices, and later use them to conduct attacks on IoT networks and other systems. +  * **Physical attacks**: This type of attack vector involves the adversary's physical access to the IoT device. Suppose an attacker can physically access deployed IoT devices. In that case, it is possible to steal sensitive data, compromise the devices, and later use them to conduct attacks on IoT networks and other systems. 
   * **Insider attack**: It is also essential to consider the fact that legitimate users or employees could decide to leak sensitive IoT data to external entities, compromising the confidentiality of the data. An insider may also delete sensitive data intentionally or unintentionally. This attack vector should be considered when designing a cybersecurity strategy for IoT networks and systems.   * **Insider attack**: It is also essential to consider the fact that legitimate users or employees could decide to leak sensitive IoT data to external entities, compromising the confidentiality of the data. An insider may also delete sensitive data intentionally or unintentionally. This attack vector should be considered when designing a cybersecurity strategy for IoT networks and systems.
-  * **Exploitation of supply chain vulnerability**: This kind of attack vector involves the exploitation of vulnerabilities present in third-party hardware and software systems. Attacks could target vulnerabilities that the supplier of the hardware or software system may not have discovered. Therefore, vulnerabilities present in third-party products may become entry points for attackers to gain unauthorised access to IoT networks and systems.   +  * **Exploitation of supply chain vulnerability**: This kind of attack vector involves the exploitation of vulnerabilities present in third-party hardware and software systems. Attacks could target vulnerabilities that the hardware or software system supplier may not have discovered. Therefore, vulnerabilities present in third-party products may become entry points for attackers to gain unauthorised access to IoT networks and systems.   
    
-The attack vectors discussed above could be grouped into two categories: passive and active. Passive attack vector exploits allow attackers to gain unauthorised access to IoT networks and systems without intruding or interfering with their operation. Examples of these attack vectors include phishing and other types of social engineering-based attack vectors. On the other hand, active attack vector exploits interfere with the operation of the IoT network and system. Examples of this category of attack vector include DDoD attacks, brute-force attacks, malware attacks, etc.  +The attack vectors discussed above could be grouped into two categories: passive and active. Passive attack vector exploits allow attackers to gain unauthorised access to IoT networks and systems without intruding or interfering with their operation. Examples of these attack vectors include phishing and other social engineering-based attack vectors. On the other hand, active attack vector exploits interfere with the operation of the IoT network and system. Examples of this category of attack vector include DDoD attacks, brute-force attacks, malware attacks, etc.  
  
  
Line 36: Line 36:
 To address common attack vectors, it is vital to understand the nature of the attack vector exploits, including passive and active ones. Most attack vector exploits share some common characteristics, which include the following: To address common attack vectors, it is vital to understand the nature of the attack vector exploits, including passive and active ones. Most attack vector exploits share some common characteristics, which include the following:
   * The attackers first identify targets that they intend to go after.   * The attackers first identify targets that they intend to go after.
-  * The attackers use social engineering strategies, malware, phishing, and vulnerability scanning tools to scan the targeted victim's IoT network and other information systems to identify vulnerabilities that they intend to exploit.  +  * The attackers use social engineering strategies, malware, phishing, and vulnerability scanning tools to scan the targeted victim's IoT network and other information systems to identify vulnerabilities they intend to exploit.  
   * The attackers set out to identical a set of attack vectors that they intend to exploit and then search for the tools required to carry out the attack vector exploits.     * The attackers set out to identical a set of attack vectors that they intend to exploit and then search for the tools required to carry out the attack vector exploits.  
   * Attackers gain unauthorised access to IoT systems, steal sensitive data, install malware, and sometimes escalate the attack by using compromised devices to carry out further attacks to compromise other system resources.    * Attackers gain unauthorised access to IoT systems, steal sensitive data, install malware, and sometimes escalate the attack by using compromised devices to carry out further attacks to compromise other system resources. 
Line 46: Line 46:
   * **Implementation of strong energy-efficient cryptographic schemes**: The IoT data stored in IoT devices, computing devices, network devices, and databases should be encrypted or transformed to a format that is unintelligible to unauthorised entities. Data should be encrypted before being transported over communication networks.   * **Implementation of strong energy-efficient cryptographic schemes**: The IoT data stored in IoT devices, computing devices, network devices, and databases should be encrypted or transformed to a format that is unintelligible to unauthorised entities. Data should be encrypted before being transported over communication networks.
   * **Secure communication ports**: All communication ports should be secured, and unused ports should be closed to prevent exploitation.    * **Secure communication ports**: All communication ports should be secured, and unused ports should be closed to prevent exploitation. 
-  * **Identify and resolve vulnerabilities**: Use security monitoring tools to identify and fix vulnerabilities as quickly as possible to ensure that they are not exploited to compromise the security of the IoT network and systems. Also, install or apply security updates as soon as they are released to patch security vulnerabilities that attackers may target quickly+  * **Identify and resolve vulnerabilities**: Use security monitoring tools to identify and fix vulnerabilities as quickly as possible to ensure that they are not exploited to compromise the security of the IoT network and systems. Also, install or apply security updates as soon as they are released to quickly patch security vulnerabilities that attackers may target. 
-  * **Enforce the policy of least resistance**: Implement the principle of least privilege, in which only necessary permissions are granted to firmware components and processes. Also, at the networking and application layers, users should be granted only the privileges that they need. When a user no longer needs certain privileges, they should be deactivated. +  * **Enforce the policy of least resistance**: Implement the principle of least privilege, in which only necessary permissions are granted to firmware components and processes. Users should also be given only the required privileges at the networking and application layers. When a user no longer needs certain privileges, they should be deactivated. 
   * **All IoT devices in the network should be identifiable**: To avoid unwanted access, every device should have a distinct identity to ensure that it can be effectively monitored and must authenticate before it can access IoT networks and systems.    * **All IoT devices in the network should be identifiable**: To avoid unwanted access, every device should have a distinct identity to ensure that it can be effectively monitored and must authenticate before it can access IoT networks and systems. 
   * **Adoption of secure software development methods**: The code should be well-tested and reviewed to ensure that security vulnerabilities can be identified and resolved. We should also ensure that the libraries used to implement the device firmware are secured and well-tested. When programming IoT devices, copying already-written code from the Internet should be minimised to ensure it does not introduce security vulnerabilities.     * **Adoption of secure software development methods**: The code should be well-tested and reviewed to ensure that security vulnerabilities can be identified and resolved. We should also ensure that the libraries used to implement the device firmware are secured and well-tested. When programming IoT devices, copying already-written code from the Internet should be minimised to ensure it does not introduce security vulnerabilities.  
-  * **Continual monitoring of IoT devices**: Maintaining an up-to-date inventory of all connected devices and monitoring the activities within IoT devices and other systems. Automated tools should be used to discover all connected devices and continuously scan them to identify vulnerabilities and address them+  * **Continual monitoring of IoT devices**: Maintaining an up-to-date inventory of all connected devices and monitoring the activities within IoT devices and other systems. Automated tools should be used to discover all connected devices and continuously scan them to identify and address vulnerabilities
   * **Regular security update and patching**: Although managing and installing security updates and patching security gaps for thousands of devices can be challenging, Remote Management and Monitoring (RMM) tools can perform regular security updates and patching. This will ensure that IoT device firmware and software are always up to date.   * **Regular security update and patching**: Although managing and installing security updates and patching security gaps for thousands of devices can be challenging, Remote Management and Monitoring (RMM) tools can perform regular security updates and patching. This will ensure that IoT device firmware and software are always up to date.
   * **Decommission unused IoT devices**: Unused IoT devices should be removed from the IoT network. If any IoT device is not being used, it may not be regularly updated or adequately secured, which poses a risk to the IoT network and systems. Thus, any used IoT device and any other hard or software system not being used should be removed from the IoT network.   * **Decommission unused IoT devices**: Unused IoT devices should be removed from the IoT network. If any IoT device is not being used, it may not be regularly updated or adequately secured, which poses a risk to the IoT network and systems. Thus, any used IoT device and any other hard or software system not being used should be removed from the IoT network.
Line 56: Line 56:
   * **Isolate IoT devices from critical system resources and data**: By isolating IoT devices from essential system and data resources, we ensure that even if the IoT network is compromised, the attacker cannot move laterally across the network to compromise critical system resources and networks. Segmenting the network and isolating the IoT devices from some of the organisation's networks gives the organisation more visibility and control of the network.     * **Isolate IoT devices from critical system resources and data**: By isolating IoT devices from essential system and data resources, we ensure that even if the IoT network is compromised, the attacker cannot move laterally across the network to compromise critical system resources and networks. Segmenting the network and isolating the IoT devices from some of the organisation's networks gives the organisation more visibility and control of the network.  
   * **Use updated antimalware software**: Ensure that antimalware software is up to date to guarantee that it can protect against the latest malware.    * **Use updated antimalware software**: Ensure that antimalware software is up to date to guarantee that it can protect against the latest malware. 
-  * **Deploy attack detection and response tools**: Deploy automated attack detection and response tools that can quickly detect and stop cyberattacks as soon as they are launched. AI and machine learning tools should be leveraged to design automated attack prevention, detection and response tools for IoT.  +  * **Deploy attack detection and response tools**: Deploy automated attack detection and response tools that can detect and stop cyberattacks as soon as they are launched. AI and machine learning tools should be leveraged to design automated attack prevention, detection and response tools for IoT.  
   * **Regular and effective employee training**: Employees should be well-trained to handle cybersecurity tools and detect social engineering and phishing attacks designed to trick them into leaking sensitive information.    * **Regular and effective employee training**: Employees should be well-trained to handle cybersecurity tools and detect social engineering and phishing attacks designed to trick them into leaking sensitive information. 
-  * **Ensuring supply chain security**: Third-party hardware and software tools should be well-secured so that they do not introduce security vulnerabilities that attackers can exploit. Also, ensure that third-party software is regularly updated on time.     +  * **Ensuring supply chain security**: Third-party hardware and software tools should be well-secured to prevent the introduction of security vulnerabilities that attackers can exploit. Also, ensure that third-party software is regularly updated on time.     
-  * **Zero-trust security approach**: Apply the Zero Trust (ZT) security framework to ensure that all users, whether in or outside the organization's network, are authenticated, authorised, and continuously validated for security configuration and posture before being granted or keeping access to IoT networks, systems, applications and data.+  * **Zero-trust security approach**: Apply the Zero Trust (ZT) security framework to ensure that all users, whether in or outside the organisation's network, are authenticated, authorised, and continuously validated for security configuration and posture before being granted or keeping access to IoT networks, systems, applications and data.
   * **System-based security approach**: The IoT security landscape is very complex and is constantly changing, requiring the integration of security tools, security policies, people, and diverse types of information and cyber-physical systems. The best way to manage the complex and dynamic interaction of complex components that constitute the IoT infrastructure is to use a system-based approach. Concepts from the growing fields of systems thinking, systems dynamics, and software engineering can be borrowed to model and design robust and secure cybersecurity systems for IoT networks and systems.      * **System-based security approach**: The IoT security landscape is very complex and is constantly changing, requiring the integration of security tools, security policies, people, and diverse types of information and cyber-physical systems. The best way to manage the complex and dynamic interaction of complex components that constitute the IoT infrastructure is to use a system-based approach. Concepts from the growing fields of systems thinking, systems dynamics, and software engineering can be borrowed to model and design robust and secure cybersecurity systems for IoT networks and systems.   
  
  
  
en/iot-reloaded/cybersecurity_issues_and_threats_in_iot_systems.1733347892.txt.gz · Last modified: 2024/12/04 21:31 by ktokarz
CC Attribution-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0