Keeping tabs on IoT security

Debasish Mukherjee ,Vice President, Regional Sales, APAC talks about SonicWall’s Boundless Cybersecurity.

EITN: Please briefly share what SonicWall does.

Debasish: At SonicWall, we deliver Boundless Cybersecurity for the hyper-distributed era in a work reality where everyone is remote, mobile and unsecure. SonicWall safeguards organizations mobilizing for their new business normal with seamless protection that stops the most evasive cyberattacks across boundless exposure points and increasingly remote, mobile and cloud-enabled workforces. By knowing the unknown, providing real-time visibility and enabling breakthrough economics, SonicWall closes the cybersecurity business gap for enterprises, governments and SMBs worldwide.

EITN: How many times has SonicWall generated its Annual Cyber Threat Report?

Debasish: SonicWall has produced the annual threat report since 2015. The first few reports were as “Dell Security”.

EITN: What are the top APAC insights contained within 2021 report?

Debashish: The 2021 APAC report recorded the following insights:

  • 53% decrease in malware attempts.
  • Asia saw year-over-year totals increased to 151% in encrypted attacks.
  • Ransomware volume spiked 455% in Asia.
  • Ryuk onaRampage
  • Last year,Asia had 35.7 million crypto jacking hits, while NorthAmerica had 19.4 million. But in 2020, the tables turned, as crypto jacking fell 87% in Asia and rose 260% in North America.
  • IoT attacks rose in every region in 2020, but it wasn’t an even rise. Asia saw an increase of 18%, slightly edging out Africa, Australia and South America, where IoT malware attacks increased 17%.

EITN: Where did the 56.9 million IoT Malware attempts come from?  You mentioned that 66% increase was due to shift in tactics –what method/vector did cyberattackers shift from?

Debasish: Even though total IoT threats were up 66%, IoT infections on wireless networks were actually up 100%, as more people have wireless connected devices.

The primary shift in tactics specific to IoT is due to the fact that, with so many people working remotely, there is a treasure trove of corporate information now behind IoT devices that are directly accessible via the internet, like consumer-grade routers and switches. Many of these have static IP addresses, meaning that they can be under attack constantly.

But at least those have SOME basic security – many IoT devices have little or no security at all. Additionally, when vulnerabilities are discovered, in many cases there is no way to effectively patch IoT devices, leaving them vulnerable for the entire product lifetime.-There is still no standard for securing IoT devices.

While SonicWall doesn’t see any PII, we can tell which types of IoT devices are subject to attack, and from what we’ve seen –pretty much everything.-In 2020, we blocked attacks on connected cameras, door locks, refrigerators, light bulbs, light switches smart plugs, digital assistants,thermostats, speakers, scales, watches and fitness trackers, not to mention socks, cookware and toilets.

According to Security Today, from 2018 through 2020, the number of IoT devices online jumped from 7 billion to 31 billion –an average of 127 new devices coming online every second.

Increasingly more IoT devices are made using Linux, so we’re seeing more attacks targeted at Linux.

IoT attacks aren’t necessarily ransomware attacks-think of what an army of millions of connected lightbulbs all with the same default IP address and password could do in a distributed denial of service attack.

EITN: What is Directory Traversal tactics and Remote Code Execution tactics?What should organisations be aware of when it comes to these two tactics for intrusion?

Debasish: Also known as a path traversal attack, a directory traversal attack is an exploit that aims to access files and directories that are not located under the root directory. This is done by manipulating file variables, so that characters representing “traverse to parent directory” are passed through to the operating system’s file system API. This allows attackers to obtain sensitive files.A Remote Code Execution (RCE) attack takes place when a cybercriminal actor uses a vulnerability to run malicious programming code, usually in an unexpected path and with system-level privileges. The Bluekeep vulnerability is an example of this.

EITN: Can you please further explain about “in-house researchers working collectively with industry experts, over 50 industry collaboration groups, research teams and freelance security researchers”. Can you share what exactly happens and exactly who, for example, are the 50 industry collaboration groups -is it like the financial services information sharing and analysis center (FSISAC), for example?

Debasish: As a best practice and to protect the integrity of our threat intelligence, SonicWall does not share the details of its research protocols, processes and collaboration.

EITN: Why exactly does SonicWall say that a cyberarms race is at tipping point? What will happen after the tipping point is crossed?

Debasish: The COVID-19 pandemic drove the effectiveness and volume of cyberattacks to historic highs. Remote workforces, a charged political climate, record prices of cryptocurrency, and threat actors weaponizing cloud storage and tools created new and numerous attack vectors on targets.

Threats that were once thought to be two or three years away are now a reality with do-it-yourself, cloud-based tools creating an army of cybercriminals armed with the same devastating force and impact of a nation-state or larger criminal enterprise. It’s imperative the IT industry stay ahead of these mounting threats, strengthen relationships between private and government sectors, and formulate more coordinated efforts to swiftly share threat intelligence and act upon it.

EITN: Please explain further about real-time deep memory inspection.

Debasish: Released to the public in 2016, the SonicWall Capture Advanced Threat Protection (ATP) sandbox service was designed to mitigate millions of new forms of malware that attempt to circumvent traditional network defenses via evasion tactics. It was built as a multi-engine architecture in order to present the malicious code different environments to detonate within. In 2018, this technology found nearly 400,000 brand new forms of malware, much of which came from customer submissions.

SonicWall’s newly patented Real-Time Deep Memory Inspection™ (RTDMI), a component of the company’s Capture Advanced Threat Protection (ATP) sandbox service, discovered 268,362 ‘never-before-seen’ malware variants in 2020, a 84% year-over-year increase. RTDMI™ is proven to proactively detect and block unknown mass-market malware, including malicious Office, and PDF file types.Using proprietary machine learning capabilities, RTDMI has become more and more efficient at identifying and mitigating cyberattacks never seen by anyone in the cybersecurity industry. With only one side-channel attack reported in the wild and years ahead of schedule, RTDMI is primed for the fight.This layer of defense is ready to identify and block side-channel attacks against processor vulnerabilities.