The unique security risk of IoT/OT devices
The increasingly connected world has enabled organizations to benefit from digital transformation, while creating new opportunities for threat actors to forge a multi-billion-dollar cybercrime industry.
What’s the difference between IoT and OT?
The Internet of Things (IoT) is a reference to a growing network of physical objects (“things”) that possess the sensors, software, and other technologies necessary to connect and exchange data with other devices on the internet. These devices can be medical equipment, embedded systems, sensors, printers, or any smart household or handheld device.
On the other hand, operational technology (OT) defines a specific category of hardware and software that were designed to monitor and control performance for physical processes, devices, and infrastructure. In essence, OT is hardware or software that can operate independent of internet connectivity. Examples of these kinds of devices could be industrial machinery, robotic arms, turbines, centrifuges, air conditioning systems, and more.
The convergence between the IT world’s laptops, web applications, and hybrid workspaces, and the OT world’s factory and facility-bound control systems bring significant risks. Through greater connectivity, attackers can now “jump” air gaps between formerly physically isolated systems.
Similarly, IoT devices like cameras and smart conference rooms can become risk catalysts by creating novel entryways into workspaces and other IT systems.
In terms of impact, threat actors infiltrating an IT network can mean gaining access to critical OT. The implications of this are wide-reaching, from hefty financial losses for the organization and the theft of foundational IP, to onsite safety concerns where uncontrolled operational technology can affect human lives.
Attacks against remote management devices are on the rise
The Microsoft Threat Intelligence Center (MSTIC) observed a variety of IoT/OT attack types through its sensor network. The most prevalent attacks were against remote monitoring and management devices, attacks via the web, and attacks on databases (brute forcing or exploits).
If not secured correctly, an exposed IoT device can be used as a pivot point into another layer of the enterprise network as unauthorized users can remotely access the ports.