It is estimated that by 2020 the Internet of Things will connect 30 billion gadgets into our digital infrastructure, according to predictions by IDC.com.
Cameras, kettles, fridges, coffee machines and audio visual using Internet of Things technology are already finding their way into our lives. The purpose of using these products is tempting to use to become more efficient in our daily activities, the problem is their issues in relation to cyber security which is reducing consumer confidence. Known as the Kill Chain Attack, technology leaders are now offering strategic methods to reduce cyber-crime when using objects linked with Internet of Things technology.
To understand how to prevent a Kill Chain Attack, we first must recognise what a Kill Chain attack is and how it can create flaws within products which connect to the technology.
Originally used by the military the term ‘Kill Chain’ was adopted and used by computers scientists in 2011 to describe the stages of a cyber security breach from early ‘reconnaissance’ through to the completion of an attack with a view to access and steel data and / or create more attacks.
Ofer Amitai, CEO and co-founder of Portnox explains the stages of Kill Chain Attack:
- Reconnaissance – The intruder selects its target device, researches it, and searches for vulnerabilities.
- Weaponization – Intruder uses a remote access malware weapon, such as a virus or worm, addressing a vulnerability.
- Delivery – Intruder transmits weapon to the target device, whether through e-mail attachments, websites, USB drives, etc.
- Exploitation – Malware weapons program code to trigger the attack. This then takes action on target network to exploit vulnerability.
- Installation – Malware weapon installs access points for the intruder to use.
- Command and Control – Malware then enables intruder to have “hands on the keyboard” persistent access to the target network, also enabling future attacks.
Combating a Kill Chain Attack
By understanding the stages of a Kill Chain attack, we can singularly one by one begin to implement preventative measures, in order to minimise future attacks and ‘lock down’ our gadgets from potential cyber security breaches.
To combat the above explanations of each stage of the Kill Chain, Ofer Amitai recommends the following preventative measures:
- Assessment: Start with a network discovery process of all the existing IoT devices, including managed and partially managed devices. Understand what each type of device is, what operating system it is running on and which application and processes are installed on it.
- Segmentation: IoT devices should not be in the same network segment as other devices, or within reach of the organisation’s mission critical systems and data. Deploy firewalls between these segments to prevent “things” from reaching the “crown jewels” of your network.
- Detection: Regularly analyse your network behaviour to detect every IoT device which joins the network, and carefully examine if it behaves similarly to other typical devices. A compromised device or a fake device might look the same but behave differently.
- Response: Because manual alerts can take hours or even days to process, the best practice should involve some type of backup plan that will block or limit the access of a specific device within seconds.
With several years’ experience within the industry we work closely with clients to risk assess cyber-crime potential vulnerabilities within their business / organisation and seek to implement methods to protect them. If you are concerned about a Kill Chain attack or any of the stages described within this blog article then please do not hesitate to contact our cyber security insurance team for further information or find out more at our Internet of Things page.
Blogs used to write this article:Tweet