Containment can protect IoT and cloud infrastructure from malware
- By Junaid Islam
- Jul 27, 2017
We have already seen two major cyberattacks in the last year where malware was has crippled government computer systems. Anyone familiar with this space needs no reminder of the Shamoon2 cyber attack on the government systems in Saudi Arabia; that attack wiped out information on 50,000 servers and devices. Then just last month, NotPetya wiped out data and disabled energy management systems of the Ukrainian government. History tells us the internet of things and cloud infrastructures will continue to see similar malware attacks unless countermeasures are taken.
Both malware attacks were highly destructive and were enabled by the complexity of patching large numbers of computing devices. In each instance, attackers were innovative in leveraging their malware to laterally scan for unpatched and vulnerable systems. These attacks should serve as a warning of the danger of malware that can autonomously hunt for targets, especially for those organizations deploying IoT infrastructure or migrating to the cloud.
Today, universal endpoint protection is impossible with the exploding numbers of devices connecting to enterprise clouds by employees and external entities alike. Infected devices can introduce malware, which can propagate to cloud-based applications and then spread rapidly through host apps.
And as bad as this malware risk sounds to enterprises, the risk is far greater to IoT systems. Since there are hundreds of IoT device variations with specialized software modules, it is far more difficult to patch IoT systems than personal computing devices. The real danger lies in these new IoT devices' ability to communicate both locally and globally. Infected IoT devices can spread malware from energy management systems and autonomous vehicles to cloud computers to consumer products -- and then back again. As a result, it would take months, perhaps years, to remediate a malware attack on billons of networked IoT devices.
Fortunately there are proven countermeasures to malware that attacks IoT and cloud infrastructures, including software-defined perimeter (SDP) based-application-layer trusted-access control solutions. Some of these solutions, which have been available for more than two years, were originally developed as a countermeasure against the Office of Personnel Management cyberattack for organizations with high-value intellectual property.
To combat attacks like that against OPM, where stolen credentials and lateral movement were leveraged to find classified information hidden deep in the data center, SDP was used to develop a trusted-access control solution that verified identity (to protect against credential theft) and provisioned an application layer tunnel (to prevent lateral movement).
Today application-layer trusted-access control solutions are available to protect cloud assets by ensuring only authorized devices are connected. Only whitelisted applications on a user’s device are granted access to a specific port on the application server. Unlike what we’ve seen in this year’s major malware attacks, if a hosted app were to become infected, application-layer connectivity ensures malware can’t spread from the cloud to the user’s device.
Similarly, application-layer trusted-access control solutions protect IoT infrastructure from lateral movement malware by granting only authorized process-to-process connectivity. As a result, malware cannot retask back-end cloud infrastructure or IoT devices.
As cyberattackers develop malware to discover vulnerable computing devices, organizations must deploy proven countermeasures to protect IoT and cloud infrastructures. Since it’s impossible to provide total protection for all devices, application-layer trusted-access control can secure resources before disaster strikes.
Junaid Islam is president and CTO of Vidder.