Q& A: Ryan Flores, Trend Micro
Ryan Flores, Senior Manager, Forward-Looking Threat Research, Trend Micro, Asia Pacic
What are your thoughts on the state of the IoT industry today?
IoT devices comprise a very fast-moving and emerging market. By fast, I mean that a lot of players are constantly entering the market, and you end up with a very crowded space where ideas just keep coming and people try to bring their product to market as quickly as possible.
But because of this rapid product cycle and the perceived need to keep up, a large part of the design process for IoT devices ends up being focused more on function rather than security, so we end up with a lot of unsecured devices being shipped.
What sorts of threats does the growing web of unsecured IoT devices pose?
Last year, we saw how tens of thousands of IoT devices could be harnessed in the form of massive botnets to perform DDoS attacks. While this is not a direct threat to consumers as it is primarily large organizations that are targeted, it is consumer-owned devices that are being used.
One of the more prominent targets was a stock trading company, and just because the website was down for about 45 minutes to an hour, they lost several million US dollars.
On the consumer side of things, there is the potential loss of privacy. A lot of webcams don’t have proper login verication mechanisms, and there are a lot of exposed webcams out there. With the advent of big data processing, machine learning, and advanced image recognition technology, someone with enough computing capacity could theoretically look at all the exposed cameras and pick the more interesting ones to exploit, such as to incite scandal or for blackmail. Why are IoT devices so vulnerable? Their very mode of operation makes IoT devices more vulnerable. They are by design always on, and if you have a device that is running 24/7, it is a tempting target for an attacker as it will then be available to them around the clock. It’s actually quite a clever idea to use these devices to perform DDoS attacks, because at any given point in time you are assured that they are online to carry out the attack.
Many devices also come installed with old or unpatched operating systems, or old modules that have existing vulnerabilities.
Users are sometimes at fault as well. For example, many consumers often don’t bother to change the default username and password combinations on their home devices, and it was this vulnerability that enabled the Mirai worm to hijack so many devices with around 60 username and password combinations.
How can organizations defend against such threats?
In the security industry, machine learning is often used to detect anomalies. For instance, if your device usually only has activity like HTTP or P2P trafc, and suddenly you have a different kind of trafc that is not representative of your usual activity, machine learning can help ag this.
Trend Micro’s infrastructure encompasses over 150 million endpoints. Whenever a new occurrence happens, it gets correlated automatically with other information. This all happens very quickly and if there is an incident, we expect to know about it in less than 15 minutes.