Page 78 - Cyber Warnings
P. 78
How to protect IoT systems from ransomware
Although there is no universal solution, many experts believe that the observance of certain
guidelines and methodologies can help organizations and manufacturers better protect their IoT
systems from ransomware. One of the important points is the ability to remotely upgrade the
firmware of smart devices. Safety is a journey, not a destination, and there are no connected
devices that can stay safe forever. Therefore, a firmware update should be a very simple,
effective and safe process. The latter is particularly important since insecure update channels
can become portals for the infection to come in. There are time-tested measures to eliminate
this malware entry point, such as blocking the processor and firmware, as well as encrypting
communication channels between devices.
A reliable authentication mechanism poses another important protection measure. You may
encounter situations these days when devices are connected to the Internet without any
authentication at all. This paves the way for spoofing. If lack of authentication becomes a mass
phenomenon, it will be possible to disable millions of devices. Spoofing is particularly dangerous
when a server with millions of connected machines is infected.
To make intruders’ life much harder it is necessary to introduce reliable security certificate life-
cycle management and standardize the code base of security systems. This will help reduce the
number of attack vectors.
Of course, securing the Internet of Things remains an arduous task as the industry is only
groping its way. Currently, online criminals are only beginning to weigh the risks and assess the
opportunities and potential profitability of the new market. Meanwhile, manufacturers and users
are not too concerned about the possible threat. Perhaps this will change quickly after the first
successful incidents of rogue monetization of IoT vulnerabilities. Hopefully, we will have time to
prepare.
About the Author
David Balaban is a computer security researcher with over 15 years of
experience in malware analysis and antivirus software evaluation. David
runs the Privacy-PC.com project which presents expert opinions on the
contemporary information security matters, including social engineering,
penetration testing, threat intelligence, online privacy and white hat
hacking. As part of his work at Privacy-PC, Mr. Balaban has interviewed
such security celebrities as Dave Kennedy, Jay Jacobs and Robert David
Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware
troubleshooting background, with the recent focus on ransomware countermeasures.
78 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
