The ITAM Review

News, reviews and resources for worldwide ITAM, SAM and Licensing professionals.

Internet connected cameras used in cyber attack – are IoT assets on your radar yet?

IoT asset weakness: Internet connected cameras are said to have brought down a big chunk of the internet via a denial of service attack

IoT asset weakness: Internet connected cameras are said to have brought down a big chunk of the internet via a denial of service attack

The BBC reports that hackers used Internet connected devices last week to perform a denial of service attack that brought down Internet brands Twitter, Spotify and Reddit.

Forbes suggests that the main culprit appears to be unsecured cameras. Security blogger Brian Krebs suggests that some vulnerabilities in smart devices, such as default passwords, are not able to be edited by the owner:

“As I noted earlier this month in Europe to Push New Security Rules Amid IoT Mess, many of these products from XiongMai and other makers of inexpensive, mass-produced IoT devices are essentially unfixable, and will remain a danger to others unless and until they are completely unplugged from the Internet.”Brian Krebs

When devices are Internet connected, they can be overridden by hackers and coordinated as a Botnet to perform a specific task.

 

Asset Managers need to be aware of new smart devices on their network. Whilst plenty of the hype around Internet of Things and internet connected devices has focused on consumer devices and the fridge that knows to restock it’s own beer, there is enormous potential for IoT in the enterprise space. With Manufacturing, Healthcare providers, insurance and banking being key vertical markets:

 

This is a great opportunity for IT Asset Managers to a) bring additional value to their security team and b) extend the reach of their ITAM practice beyond IT department devices. Unchecked devices could present a significant weakness in enterprise defences as Ben Evans eloquently suggests via his newsletter:

“A chunk of the Internet went down this week, effectively, because someone did a massive distributed denial-of-service attack using a botnet of millions of hacked IoT devices – mostly, it seems, IP webcams from one Chinese company that don’t have decent security. This is an interesting structural problem – the devices once sold are either impossible or unlikely to be patched, the users probably don’t even know that their device is hacked, and the manufacturer has no motivation and probably few of the necessary skills to do anything about it. A network designed to withstand nuclear attack, brought down by toasters.”

Not only are more and more devices being internet connected, they are also collecting data and talking to each other:

 

Are IoT devices on your radar yet? Please let me know in the comments section.

If smart devices are connected on your network they are probably already in your discovery data – but are you managing them? As we discussed in a recent podcast, devices are becoming smarter and SNMP might be able to provide a wealth of details in terms of the identity of devices – but are you managing it yet? Please share your views.

Photo credit

About Martin Thompson

Martin is owner and founder of The ITAM Review, an online resource for worldwide ITAM professionals. The ITAM Review is best known for its weekly newsletter of all the latest industry updates, LISA training platform, Excellence Awards and conferences in UK, USA and Australia.

Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.

He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.

Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).

When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.

Connect with Martin on LinkedIn.

Leave a Comment