Enterprise Connected Devices – a cyber security challenge – Part 1
What are Enterprise Connected Devices?
Enterprise Connected Devices (ECDs) are devices that interact with, hold, or process an organisation’s data and can include such device classes as:
- End user devices (EUD) – laptops and smartphones including BYOD (private devices used also for work purposes)
- Internet of Things (IoT) – physical devices (such as cameras) connected to the internet can collect and share data. Connecting these devices to the internet and adding sensors and mechanisms to interact with their surrounding environment adds a level of digital intelligence to them and enables them to communicate real-time data without the necessity to involve a human being.
- Distinct ECDs – devices primarily designed for use in an enterprise setting, usually with limited use to the public.
Enterprise IoT takes advantage of the combination of technologies ranging from embedded devices with sensors and actuators to internet-based communication and cloud platforms. They are the technologically advanced ‘physical’ things that participate in business processes reducing manual work and increasing overall business efficiency. Enterprise IoT applications can automate these processes that depend on contextual information provided by programmed devices such as machines, vehicles, and other equipment.
Why target Enterprise Connected Devices?
ECDs present a desirable target for various rouge actors as ECDs can hold and process valuable, sensitive, or personal data. Particularly IoT devices present an easy target to compromise due to often limited security efforts by vendors, a large attack surface (multiple endpoints for access to wider networks) and an attack base for lateral movement.
In recent years ECD usage has boosted operational efficiency, as seen in the retail industry where some ECDs are used to monitor entire supply chains, from manufacturing to the store improving production quality and manageability.
Along with ECDs providing new opportunities, through the increased number of connected services globally, they also create new opportunities for rouge actors, exposing these services to threats such as DDoS attacks or potentially causing nationwide failures for critical infrastructure enterprises.
Insufficient security on even one exposed ECD makes it a possible gateway for a malicious actor to access an enterprise’s corporate network. Such a device can be then used as a stepping stone in the lateral movement to compromise another system on a network.
‘Something fishy’ – a case study
Not so long ago, in 2018, an American casino fell victim to data exfiltration because of a compromised internet-connected fish tank. The fish tank was connected to a computer, which monitored the temperature, food dispensation, and cleanliness of the fish tank.
A malicious actor compromised the fish tank and gained access to other areas of the network through lateral movement. The result was the exfiltration of some of the casino’s confidential data.
An ECD can store, process, or stream an abundance of information that can be critical, private, or sensitive, depending on the environment or industry. Security systems such as cameras and doorbells are increasingly a part of small business networks and can quickly create major issues if compromised by a cyber actor. Similarly, office equipment, such as printers, are also potential access points – a compromised printer could easily mean that the attacker can view everything that is printed or scanned in an office.
A vulnerable ECD can be an entry point for ransomware attacks against the victim’s network, enabling the rouge actor to demand payment in return for the release of compromised assets.
Attack base / positioning
Cyber actors can weaponise ECDs so attacks can be spread outwards or deeper into the main infrastructure. ECDs are also ideal targets to turn into bots for use in further campaigns.
Next week we will share with you who targets ECDs and how they do it.