Security News

Organizations around the world are observing this Shadow IoT phenomenon, where employees are bringing unauthorized devices into the enterprise. Key findings Unauthorized IoT devices on the rise: The top unauthorized IoT devices include digital home assistants, TV set-top boxes, IP cameras, smart home devices, smart TVs, smart watches, and even automotive multimedia systems.

Purdue University innovators have unveiled technology that is 100 times more resilient to electromagnetic and power attacks, to stop side-channel attacks against IoT devices. Recent attacks have shown that such side-channel attacks can happen in just a few minutes from a short distance away.

CyberMDX, a leading provider of medical cyber security solution, delivering asset visibility and threat prevention for medical devices and clinical assets, announced that it has completed integration certification for the Microsoft Azure Security Center for IoT. Integrating CyberMDX visibility and detection capabilities with Microsoft Azure Security Center for IoT, healthcare organizations are equipped with cross-cloud and devices visibility, classification and incident response capabilities. Azure Security Center for IoT provides adaptive threat prevention, and intelligent threat detection and response across workloads running on on-premises, on edge, in Azure.

The introduction of IoT devices into the enterprise can improve the work experience and productivity of staff, but often comes with increased security risk. IoT devices notoriously bring additional vulnerabilities to the new edge without being adequately protected by the organization's network security.

Cynerio announced the addition of the virtual segmentation capability to their platform. The Cynerio platform's new virtual segmentation capability automatically delivers safe and effective policies in a matter of weeks by customizing segmentation policy for every device type, limiting the attack surface, and ensuring clinical services remain intact.

"Because it's all embedded devices, it's up to the manufacturer to go ahead and distribute patches or firmware updates in order to secure the device. That's a problem because these are inherently security flawed devices," said Jonathan Langer, CEO of IoT security company Medigate. "The first basic thing I'd do as an enterprise is get visibility. I need to understand what IoT devices are connected to my network. IoT devices are perceived as something the IT department is in charge of, but employees can bring in connected refrigerators or security cameras and plug it into the network," Langer said, adding that those kinds of devices "Introduce risk into the network."

Three of the world's largest manufacturers had some IoT devices running Windows 7 infected with a piece of malware in what experts believe to be a supply chain attack. TrapX Security reported this week that it had identified a cryptocurrency miner on several IoT devices at some major manufacturers, including automatic guided vehicles, a printer and a smart TV. Ori Bach, the CEO of TrapX, told SecurityWeek that the attacks appeared to be part of the same campaign.

In the 7 years since, threats have become exponentially more advanced, launched by well-funded cyber-criminal groups and nation-state proxies and leveraging automation and AI. And yet the people hacking into Ring cameras weren't highly-technical or using AI. They were Script Kiddies using credentials found and traded on the Dark Web to access devices that did not use 2FA or other additional security mechanisms. As a threat analyst, I have helped companies identify hundreds of IoT devices, from insecure smart refrigerators and CCTV cameras, to compromised video conferencing systems and biometric scanners.

In 2019, security teams made progress in the adoption of perimeter-less security while hackers increased the use of fileless malware and IoT malware. The 2020 SonicWall Cyber Threat Report highlights tactics hackers are using to get unauthorized access to data as well as what security teams are doing to protect it.

Two researchers have created a solution that could help security researchers and IoT manufacturers with detecting zero-day exploits targeting internet-connected devices more speedily than ever before. It's called honware, and it's a virtual honeypot framework that can emulate Linux-based Customer Premise Equipment and IoT devices by using devices' firmware image.