According to industry research, more than 95% of all enterprises today have at least one system on the cloud, with 71% of these companies having some of their assets running on a hybrid cloud. Because of this, tech firm Fortinet is predicting that the IoT (Internet of Things) will become the weakest link for attacking the cloud in 2017.
That threat can come in many forms, as IoT devices have been shown to be more likely to contain easily exploitable vulnerabilities, making then a growing target for cybercriminals seeking, for example, to expand their botnets and weaponize them.
IoT-based DDoS attacks have already shown their power to disrupt business, said Fortinet. The attack that recently hit the DYN infrastructure, for example, was so massive that it reached the 1Tb/s mark, with all traffic being sent from IoT devices.
Fortinet said not only are IoT devices an attractive target because of their inherent insecurity, but also for the role they play in some organizations such as CCTV cameras, which can provide real-time information about everything that is happening at a given location.
But vulnerabilties are not the only issue, it added. IoT devices are increasingly being managed by cloud solutions that require a communications channel between the IoT device and its master controller in the cloud.
“We expect to see attacks leverage this trust model in order to poison the cloud, and then use that beachhead to start to spread laterally. These end devices can then be exploited to misuse their trusted relationship to upload malware to, and distribute it from the cloud,” the company said.
“As we have seen from our global sensor network, attacks directed against IoT devices are growing exponentially and show no signs of stopping. They often come in waves, which show an attack that targeted widely deployed routers last summer and fall,” it added.
Since October, Fortinet said it has seen a rise in attempts to exploit the hardcoded backdoor vulnerability exposed on a wide array of CCTV-DVR products, yielding an exploit that can be used against a plethora of devices. The number of affected CCTV models is close to 80, it revealed.
Another recent threat was the attempted expansion of the Mirai botnet that targeted German telco broadband routers. In this case, however, rather than taking these devices over, a coding error in the malware made the routers crash, leading to a massive outage on the broadband services of the carrier, the company said.
Other than the coding error, the malware was very sophisticated, and included features to cleanse the infected routers of other infections such as Anime, Qbot, and LizardSquad Botnet.
The security firm said most cloud providers and IoT solutions lack the integrated security fabric, strict controls, and trusted authority necessary to provide ubiquitous security to this expanding business model.
But cloud poisoning and DDoS attacks are just the beginning, it pointed out. One of the most potentially damaging threats that can affect an IaaS service is a local privilege escalations exploit, like the Dirty Cow, where any user with access to a remote shell on a cloud server can leverage vulnerabilities to gain root level access on the VM box.
In this exploit, the vulnerability lies on the filesystem code on the Linux kernel. It enables a non-privileged user to write to any file on the system, enabling the attacker to do such things as inject code into the Linux kernel. Spotting such file modifications requires closely monitoring the integrity of crucial files, Fortinet said.