IoT devices tend to be somewhat forgotten, which means IT typically does not have them on the schedule for pushing updates. Any device with an outdated operating system is inherently more vulnerable than one kept up to date and patched. Device management systems can push firmware updates to all devices automatically, which is excellent for known devices. However, you can’t secure what you don’t know, making unmanaged IoT and unmanaged medical devices especially vulnerable to IoT ransomware.
Even new devices can be vulnerable to zero-day exploits that need to be rapidly patched. On the same note, it can be hard to push patches to unmanaged devices. Medical device security can be a challenge since FDA regulations restrict updates and other software changes. Additionally, most IoT devices are not designed to run third-party security software. In some cases, the software is designed without support for dynamic patching at all. For example, many hospitals lease machines with restrictions on what the user can change or update, such as admin passwords or other default services. These restrictions can wreak havoc, including IoT ransomware attacks, as we saw in the 2017 WannaCry ransomware [MP5]attack, which still is affecting just under half of healthcare organizations today.
Another problem with many IoT devices is that they don’t have authentication mechanisms. No authentication means they can be spoofed easily and used to mass-disable devices, such as security cameras. Unmanaged devices don’t have any means to ensure trust, which forces the network to accept untrusted connections. Unknown devices on your network put your organization at significant risk for IoT ransomware.
Without proper management, many devices end up with their default passwords still set. Attackers can easily get ahold of these passwords and use them to access your networks and connected devices. Ideally, it would be best if you changed default usernames and passwords as soon as possible, ideally before deployment, to avoid IoT ransomware.
We mentioned the possibility of spoofing above, which is especially problematic for IoT networks that include a large number of connected devices. For example, a building that uses smart bulbs may have 100 or more “nodes” on the network. It’s easy for an attacker to slip in an additional one without anyone noticing and then use the spoofed device to access the network and take it over with malicious intent. The same can happen with HVAC and entry-control systems, which are common ghosts in the healthcare machine.
IoT ransomware can be harder to deal with than ransomware aimed at hard drives and storage devices. A first step in protecting your organization from IoT ransomware is knowing what devices are on your network.
Securolytics makes it easy to manage your IoT network with less time and less overhead – starting with the Securolytics IoT Mini, which is available free of charge for a limited time.
You can request your free IoT Mini here. Once approved and you receive your device, it’s easy to get started:
You can test the results at home, with a virtual network, or directly on your corporate network with zero impact on performance, availability, or bandwidth.
To start profiling IoT devices on your network, request your Securolytics IoT Mini today.
Request Your FREE IoTmini
Share This Blog