Up on the NEWS: Addressing the Escalation of Malware Incidents in India

Internet of Things (IoT) malware attacks have surged globally by 400% in the first half of this year compared to 2022, according to a report by The Economic Times, referencing data from Zscaler. The report highlights that India is among the most heavily impacted countries and ranks high among targets for malware attacks. This alarming increase in attacks can be attributed to the law enforcement of security standards among IoT device manufacturers and the widespread adoption of shadow IoT devices within enterprises. Deepen Desai, Global CISO and Head of Security Research, suggests addressing this challenge by implementing zero trust principles and adopting continuous discovery and monitoring processes to segment these devices and mitigate the risk of lateral movement.

After an attacker acquires a username and password, what hinders them from infiltrating the network? What prevents direct access to your resources? – Conditional access policies do!

Conditional policies act as access gatekeepers. Essentially, they are “conditions” (if-then statements) that must be met before obtaining access. These conditions may involve MFA requirements, location verification, device checks, and more. 

How do attackers navigate through these obstacles?

Utilizing Tokens for MFA Bypass: 

To circumvent the MFA restrictions, attackers employ a potent technique known as “Token Replay.” Tokens, received by users after MFA verification to authenticate their identity, already encapsulate information verifying user identity, source IP address, MFA claims, and more. By pilfering and replaying these tokens, attackers fulfill the conditional policies, gaining access to resources. Token theft is executed through infostealers, commodity credential theft malware, and similar methods.

Using Compromised Devices for IP Location Bypass in Corporate IP Location Policies: 

Within the Compromised Devices for IP Location Bypass policy, access is restricted solely to specific IP addresses, typically those within corporate IP ranges. However, attackers employ tactics to circumvent this policy by infiltrating the network and subsequently utilizing a compromised device for unauthorized access. This is achieved through tactics such as malicious email attachments, drive-by downloads, and other similar methods. Even if the policy explicitly blocks specific countries, attackers can overcome this limitation by utilizing a VPN service.

Utilizing New Device Registrations for Device Bypass in Corporate Device Registration Policies: 

Under the New Device Registrations for Device Bypass policy, access is exclusively granted to registered devices. Even if an attacker successfully compromises a user’s identity, their access is thwarted since their device is unrecognized. To overcome this obstacle, attackers, post compromising a user, enlist new devices under the victim’s account, employing tools such as AAD Internals. Once the attacker-owned device is registered successfully, it is subsequently used for further unauthorized access.

Now that we are aware of the different kinds of access possibilities, it’s time to put forward the necessary actions to prohibit any showcase of vulnerability. It is imperative to raise awareness and take concrete actions to eliminate vulnerabilities in IoT devices. 

Here’s how we can overcome such attacks:

Prioritize Security in Design and Development:

Manufacturers and developers must prioritize security in the design and development phases of IoT devices. This involves implementing secure coding practices, conducting regular security assessments, and adhering to industry standards. Regular software updates should be a standard practice to patch vulnerabilities.

Controlled Access:

The term “ACCESS” plays a pivotal role. Segregate IoT devices from critical network segments to limit potential damage in case of a breach. Implement strict access controls for IoT devices, allowing only authorized users and devices to access the network. Enforce strong, unique passwords and utilize multi-factor authentication (MFA) for an added layer of security.

Firewalls and Intrusion Detection Systems:

Deploy firewalls and intrusion detection systems to monitor and filter incoming and outgoing traffic for IoT devices. It is crucial to encourage manufacturers to comply with established security standards for IoT devices, such as ISO/IEC 27001, to ensure a baseline level of security.

Planning, Collaboration, and Education:

Develop an incident response plan specifically tailored to address IoT malware attacks. This plan should include isolating affected devices, cleaning and restoring affected systems, and conducting post-incident analysis. To enhance effectiveness, awareness and education are key. Educate both consumers and organizations about the security risks associated with IoT devices. This involves promoting safe usage practices and imparting knowledge on recognizing phishing attempts.

Safeguarding IoT devices from malware attacks is an ongoing challenge that demands proactive measures and collective efforts. By prioritizing security in the design phase, enforcing access controls, deploying advanced monitoring systems, adhering to cybersecurity standards, and fostering awareness through education, we can fortify our defenses against evolving threats. The rapidly expanding IoT landscape requires continuous vigilance, adaptability, and collaboration across industries to ensure a secure and resilient digital future. Remember, the key lies not just in addressing current vulnerabilities but in staying ahead of emerging threats to protect the interconnected world we are building. Stay secure, stay informed, and let’s collectively fortify the foundation of our digital evolution.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top