Saturday, October 29, 2016

The new normal... IoT, Complexity in Networking, Interconnectedness, Point and Click


Several months ago, after installing a Nest thermostat in my home.. my first venture into the world of Internet of Things, I decided to play a joke on my daughter.  

Knowing she was home alone, I remoted into the thermostat from the app my phone and cycled the heat from 50 degrees to nearly 80. She of course had no idea what was going on... well, I thought it was funny.

But this is only one example of how the IoT is going to affect our life. In a recent discussion with a university CISO, it was reported that a foreign student was utilizing a laboratory research microscope to communicate back to his home country.  This utilization of the IoT comms channel was discovered and shut down by the security team, but this example exposes a stark reminder that IoT cyber avenues create serious vulnerabilities to the health of the international network.

Last week it was Dyn. I won't rehash; the story is still pretty fresh on our minds, but this isn't going away folks. You've heard me talk about the 'new normal'. It goes like this:

  • Ransomeware is a normal part of business... and a cost of doing business. The VP of a North American Business unit (in a 325,000 person company) reported to me that he'd been hit personally with ransomware. In another example, it was the CEO of a 300 person aluminum extrusion company.  If you don't have protections in place, be ready to pay. 
  • APT isn't as Advanced as it used to be.  The computing footprint has expanded into cloud offerings, mobiles, and virtualized. At the same time, many of the tools that used be new are now point and click. Uses of previously identified APT infrastructures are showing up in places beyond the defense industrial base, and have become largely pervasive.
  • DDoS is being demonstrated on a regular basis, and can be done through a service provider for hire.  As an example, we reported recently (in Red Sky Alliance) on a Bulgarian company that provides DDoS services for state actors in Nigeria.  It was reported in a Russian forum (yes, we read Russian language forums) that the company, during a sales call demonstrated its DDoS capabilities to the Russian government contractor "Rostec" by attacking and downing the Ukrainian Ministry of Defense sites and the Russian edition of Slan.ru. It is not clear what role Rostec plays with the Russian government, only that there is an effort to coordinate DDoS efforts in Russia, and that an external company was being looked at to provide those services. 
  • And last, the introduction of insecure Internet of Things devices is going to multiple all of these issues exponentially. Heck, it already has. 

Protection of the networks is only going to get harder folks.  I sat on a plane to Nashville with a guy who used to be an executive and engineer at one of the early, large DNS providers.  He knows tech.  He's since started a company and builds networks for real estate management companies --and he's thrown his hands in the air and given up.  In his words, "SSL doesn't protect sh*t, authentication doesn't work, and the costs of continuously layering expensive technologies on top of expensive technologies is getting out of hand." He chooses to encrypt nothing and leave the networks wide open. When a user wants something encrypted, they PGP.  Is this approach best? Who am I to say? It's one way to skin the cat, but it won't protect from Ransomware or DDoS, only confidentiality of data --and will the Realtors know how to use PGP? Probably not. This guy is totally frustrated --and in my opinion, lost; because the landscape has become so complex.

The point is this... there's an exponential increase in technologies required to protect your networks and data; the threat landscape is maturing, growing, and focused on more than just being a nuisance; and the complexity in our computing footprint is offering bad guys an enormous target with millions of ways to access the networks.

The sheer number of IoT devices targeting Dyn last week is only the tip of the iceberg. And the idea that an IoT DDoS taking down Kreb's website are two examples of how toasters and thermostats and refrigerators can and will be used. What happens when these devices aren't just used for DDoS, but proxies and attack relay points, dump points for hiding data, covert communication channels, command and control, and more.  

I'm not here to tell you that the sky's falling. It's not. I'm here to tell you that we need to figure out how to talk, share intelligence and share analytics.... Red Sky Alliance is one of those great places to do this, and it's fed by intelligence from Wapack Labs. Give me a shout or look for me in St. Louis this week. I'll be in town for the NDTA conference. I'd be happy to give you a walkthrough. 

OK folks.. I'm off.

Until next time,
Have a great weekend!
Jeff