This document discusses the expanding risks associated with the growing number of internet of things (IoT) devices. It notes that buildings now have numerous networked devices that are often not properly secured, expanding organizations' digital footprints. These devices fall into categories like home automation, energy, security, and IT/mobile. The interconnectivity of these devices in smart buildings captures detailed data. While only half of sensitive data is currently protected, the number of unsecured IoT devices provides opportunities for cybercriminals to launch distributed denial of service attacks and create botnets like Mirai. The document recommends that organizations clearly define ownership of IoT devices, establish policies for managing them, inventory all software and devices, use security solutions to monitor for

1. IOT Devices Expanding Your
Level of Presence (and Your
Digital Risk Footprint)

2. Today’s Speakers
Adam Meyer
Chief Security Strategist
SurfWatch Labs
2
Kristi Horton
Chief Security Strategist
Gate 15 & Real Estate ISAC

3. Understanding the
IoT Security Challenge
3
• Network-enabled or "smart"
IOT devices are
commonplace
• The potential of having
numerous devices per
building potentially
translates into the largest
digital footprint that is NOT
under proper security
management

4. Classes of IoT Devices
Operational Technology
• Home and Building Automation: Remote
management, smart appliances
• Smart Energy: Climate control, smart meters,
smart plugs, smart light bulbs
• Security and Safety: Cameras, doors, etc.
• Multimedia: Smart TVs, DVRs, voice
automation (i.e. Alexa, Echo, Siri), etc.
• Industrial Infrastructure
Information Technology
• Mobile Devices: iPads, iPhones, Android phones
and tablets
• Wearables: Activity trackers, heart rate, breathing
rate, Smart watches
4

5. The Age of the “Smart” Building
5
• The more IoT-enabled
devices and the greater
the interconnectivity
between various building
systems, the more
detailed and sensitive the
data that will be captured.
• According to IDC
forecasts, 40 percent of
the information in the
digital universe requires
some level of protection,
but only half of that data
is protected.

6. Your Expanding Digital Footprint
I.e. LED lighting, HVAC and
physical security systems, will
take the lead as connectivity is
driven into higher-volume,
lower cost devices
6
I.e. Smart meters and specific industry
devices such as manufacturing field
devices, process sensors for electrical
generating plants and real-time
location devices for healthcare

7. Trending IoT Targets
From the Last Year
7

8. IoT Threat Examples
8
Chinese Hacking of US Chamber of
Commerce includes IoT Devices
- Reported in Dec 2011
• Chamber of Commerce thermostat was
communicating with a computer in China
• Another time, chamber employees were
surprised to see one of their printers printing in
Chinese

9. IoT Threat Examples
9
Rise of the IoT Botnets
• Proliferation of devices
• DDoS attacks
• Ease of weaponization –
ala Mirai, which
weaponizes vulnerable IoT
devices
Distribution of Mirai Botnet in October attack

10. IoT Botnets Driving a Surge in
Service Interruption
10
The percent of negative CyberFacts related to “service interruption” surged in the fourth
quarter of 2016 due to attacks and concern around Mirai and other IoT-powered botnets.

11. Latest IoT Threat
11
Imeij IoT Malware Targets
AVTech Devices
• ELF_IMEIJ.A, aka Imeij leverages the
RFI exploit
• Targets Linux-based ARM devices and
gathers info on the infected device,
sends it to a remote server and launches
DDoS attacks on demand
• Botnet operators can also clean the
device and remove the malware
• 130,000+ AVTech devices currently
exposed online

12. What’s Next for IoT Threats?
12
The Security Challenge Will
Only Increase as More IoT
Devices are Used
• Many organizations don’t have a good
handle on their level of presence
- DDoS attacks will continue until they
become less successful (Cybercriminals
follow the path of least resistance and
most money)
- Cybercriminals are always looking for new
opportunities
• As-a-service attack capabilities for sale on
the Dark Web right now

13. What You Should Do to Reduce Your
Uncontrolled IoT Footprint
13
Designate Clear Ownership
and Accountability
• Who owns IoT devices?
- Single owner?
- Shared owner via more agile
DevOps model?
• Who else should be involved in
management of these devices?
- IT?
- Security?
- Facilities?

14. What You Should Do to Reduce Your
Uncontrolled IoT Footprint
14
Define and Enforce IoT
Management Policies
• Treat “smart” devices (i.e. smart light bulb) as
an IT asset that is networked
• Define and enforce what data needs to be
kept secure and the devices that interact, use
or store that data
• Segment your network to minimize impact of a
breach and for resiliency purposes
- Think about the payload delivery of malware
(opportunity) – path of least resistance to achieve
a level of presence
- Adversaries gain access in a non-vital zone and
pivot into a vital zone

15. What You Should Do to Reduce Your
Uncontrolled IoT Footprint
15
Things You Can Do Now … So
You’re Not Overwhelmed Later
• Take stock of your software and devices
• Leverage security solutions that can:
- Monitor network protocols and Internet
traffic for threats
- Proactively detect malware at the endpoint
• Stay current and aware of relevant cyber
threats within this technology area and ensure
you have visibility of risks within your digital
supply chain and your business
• Incorporate IoT security risks into your
incident response and legal processes

16. Q&A and Additional
SurfWatch Labs Resources
16
SurfWatch Cyber Advisor:
www.surfwatchlabs.com/cyber-advisor
SurfWatch Threat Analyst:
www.surfwatchlabs.com/threat-intel
Dark Web Intelligence:
www.surfwatchlabs.com/dark-web-intelligence
Personalized SurfWatch Demo:
info.surfwatchlabs.com/request-demo
Strategic and Operational Threat Intelligence