Q& A: Ryan Flores, Trend Mi­cro

Ryan Flores, Se­nior Man­ager, For­ward-Look­ing Threat Re­search, Trend Mi­cro, Asia Pacic

HWM (Singapore) - - Contents - By Koh Wanzi

What are your thoughts on the state of the IoT in­dus­try to­day?

IoT de­vices com­prise a very fast-mov­ing and emerg­ing mar­ket. By fast, I mean that a lot of play­ers are con­stantly en­ter­ing the mar­ket, and you end up with a very crowded space where ideas just keep com­ing and peo­ple try to bring their prod­uct to mar­ket as quickly as pos­si­ble.

But be­cause of this rapid prod­uct cy­cle and the per­ceived need to keep up, a large part of the de­sign process for IoT de­vices ends up be­ing fo­cused more on func­tion rather than se­cu­rity, so we end up with a lot of un­se­cured de­vices be­ing shipped.

What sorts of threats does the grow­ing web of un­se­cured IoT de­vices pose?

Last year, we saw how tens of thou­sands of IoT de­vices could be har­nessed in the form of mas­sive bot­nets to per­form DDoS at­tacks. While this is not a di­rect threat to con­sumers as it is pri­mar­ily large or­ga­ni­za­tions that are tar­geted, it is con­sumer-owned de­vices that are be­ing used.

One of the more prom­i­nent tar­gets was a stock trad­ing com­pany, and just be­cause the web­site was down for about 45 min­utes to an hour, they lost sev­eral mil­lion US dol­lars.

On the con­sumer side of things, there is the po­ten­tial loss of pri­vacy. A lot of we­b­cams don’t have proper lo­gin verication mech­a­nisms, and there are a lot of ex­posed we­b­cams out there. With the ad­vent of big data pro­cess­ing, ma­chine learn­ing, and ad­vanced im­age recog­ni­tion tech­nol­ogy, some­one with enough com­put­ing ca­pac­ity could the­o­ret­i­cally look at all the ex­posed cam­eras and pick the more in­ter­est­ing ones to ex­ploit, such as to in­cite scan­dal or for black­mail. Why are IoT de­vices so vul­ner­a­ble? Their very mode of op­er­a­tion makes IoT de­vices more vul­ner­a­ble. They are by de­sign al­ways on, and if you have a de­vice that is run­ning 24/7, it is a tempt­ing tar­get for an at­tacker as it will then be avail­able to them around the clock. It’s ac­tu­ally quite a clever idea to use these de­vices to per­form DDoS at­tacks, be­cause at any given point in time you are as­sured that they are on­line to carry out the at­tack.

Many de­vices also come in­stalled with old or un­patched op­er­at­ing sys­tems, or old mod­ules that have ex­ist­ing vul­ner­a­bil­i­ties.

Users are some­times at fault as well. For ex­am­ple, many con­sumers of­ten don’t bother to change the de­fault user­name and pass­word com­bi­na­tions on their home de­vices, and it was this vul­ner­a­bil­ity that en­abled the Mi­rai worm to hi­jack so many de­vices with around 60 user­name and pass­word com­bi­na­tions.

How can or­ga­ni­za­tions de­fend against such threats?

In the se­cu­rity in­dus­try, ma­chine learn­ing is of­ten used to de­tect anom­alies. For in­stance, if your de­vice usu­ally only has ac­tiv­ity like HTTP or P2P trafc, and sud­denly you have a dif­fer­ent kind of trafc that is not rep­re­sen­ta­tive of your usual ac­tiv­ity, ma­chine learn­ing can help ag this.

Trend Mi­cro’s in­fra­struc­ture en­com­passes over 150 mil­lion end­points. When­ever a new oc­cur­rence hap­pens, it gets cor­re­lated au­to­mat­i­cally with other in­for­ma­tion. This all hap­pens very quickly and if there is an in­ci­dent, we ex­pect to know about it in less than 15 min­utes.

Newspapers in English

Newspapers from Singapore

© PressReader. All rights reserved.