Protecting IoT and cloud infrastructure from malware
- By Junaid Islam
In the last year, we have witnessed two major cyberattacks that crippled government computer systems. The Shamoon2 cyber attack on the Saudi Arabian government systems destroyed information on 50,000 servers and devices. In the Ukraine NotPetya wiped out data and disabled government energy management systems. Until countermeasures are taken, cloud infrastructures and the internet of things will suffer similar malware attacks.
Both malware attacks were enabled by the difficulty of updating and patching large numbers of networked computing devices. In both cases, once malware got into the systems, it laterally scanned for unpatched and vulnerable systems. These attacks illustrate the dangers of malware that can autonomously hunt for targets, especially to organizations deploying IoT infrastructure or migrating to the cloud.
Today, with the exploding numbers of devices connecting to enterprise clouds by employees and external entities alike, universal endpoint protection is impossible. Infected devices can infect networks with malware, which can propagate to cloud-based applications and then spread rapidly through host apps.
This malware risk sounds to enterprises, but the risk is far greater to IoT systems. Because there are hundreds of IoT device variations with specialized software modules, it is far more difficult to patch IoT systems than personal computing devices. The real danger lies in these new IoT devices' ability to communicate both locally and globally. Infected IoT devices can spread malware from energy management systems and autonomous vehicles to cloud computers to consumer products -- and then back again. As a result, it would take months, perhaps years, to remediate a malware attack on billons of networked IoT devices.
Fortunately there are proven countermeasures to malware that attacks IoT and cloud infrastructures, including software-defined perimeter (SDP) based-application-layer trusted-access control solutions. Some of these solutions, which have been available for more than two years, were originally developed as a countermeasure against the Office of Personnel Management cyberattack for organizations with high-value intellectual property.
To combat attacks like that against OPM, where stolen credentials and lateral movement were leveraged to find classified information hidden deep in the data center, SDP was used to develop a trusted-access control solution that verified identity (to protect against credential theft) and provisioned an application layer tunnel (to prevent lateral movement).
Today application-layer trusted-access control solutions are available to protect cloud assets by ensuring only authorized devices are connected. Only whitelisted applications on a user’s device are granted access to a specific port on the application server. Unlike what we’ve seen in this year’s major malware attacks, if a hosted app were to become infected, application-layer connectivity ensures malware can’t spread from the cloud to the user’s device.
Similarly, application-layer trusted-access control solutions protect IoT infrastructure from lateral movement malware by granting only authorized process-to-process connectivity. As a result, malware cannot retask back-end cloud infrastructure or IoT devices.
As cyberattackers develop malware to discover vulnerable computing devices, organizations must deploy proven countermeasures to protect IoT and cloud infrastructures. Since it’s impossible to provide total protection for all devices, application-layer trusted-access control can secure resources before disaster strikes.
Junaid Islam is president and CTO of Vidder.