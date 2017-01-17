IoT Seen as Weakest Link for Attacking the Cloud

As cloud-based services continue to increase in scope and scale, there isn't a single organization that wouldn't benefit in some way from the cloud, Fortinet Inc. said. 'Indeed, with the promise of lowering Opex [operating expense], while reducing or even abolishing Capex [capital expenditure], the cloud can enable an organization to better focus on its core business, which is something that every C-level executive wants to hear these days,' the company said in a statement. 'As a result, the cloud has seen immense growth over the last couple of years.' But the security risks that arise from such a profound change are not to be taken lightly, Fortinet said. Citing industry research, Fortinet said more than 95 percent of all enterprises today have at least one system on the cloud, with 71 percent of these companies having some of their assets running on a hybrid cloud. 'The cloud is here to stay, and has already shifted the way these companies conduct their business.' One of Fortinet's predictions for 2017 is that the Internet of Things (IoT) will become the weakest link for attacking the cloud. 'That threat can come in many forms, as IoT devices have been shown to be more likely to contain easily exploitable vulnerabilities, making them a growing target for cyber criminals seeking, for example, to expand their botnets and 'weaponize' them,' the company said. It explained that IoT-based Distributed Denial of Service attacks have already shown their power to disrupt business. Fortinet cited as example a recent attack that was so massive that it reached the 1 terrabyte-per-second mark, with all traffic being sent from IoT devices. 'Not only are IoT devices an attractive target because of their inherent insecurity, but also for the role they play in some organizations, such as closed-circuit television cameras, which can provide real-time information about everything that is happening at a given location,' Fortinet said. But vulnerabilities are not the only issue. As IoT devices are being deployed, they must also be managed, and they are increasingly being managed by cloud solutions that require a communications channel between the IoT device and its master controller in the cloud. 'We expect to see attacks leverage this trust model in order to poison the cloud, and then use that beachhead to start to spread laterally,' Fortinet said. 'These end devices can then be exploited to misuse their trusted relationship to upload malware to, and distribute it from the cloud. © 2017 Business Mirror under contract with NewsEdge/Acquire Media. All rights reserved. Read more on: Internet of Things, IoT, Cybersecurity, Cloud Computing, Cybercrime, Hackers, Botnet Comment:

Name:

Embedded Sys Practitioner: Posted: 2017-01-22 @ 5:40pm PT The corporations that built the security cameras, that were used in the botnet attacks, had Opex and Capex on their mind. By getting to market early, they maximize their market advantage and spend as little as possible on development, making their shareholders happy. But by leaving out details, like common security, they ended up messing up their costs with multi-million dollar recalls.



These botnet security cameras are in mom and pop businesses and people's garages all across the other 99% or the world, not the data centres of the American large corporations. These systems don't have "inherent insecurity", their insecurity was an implementation choice.



Don’t think that your corporations are immune. Many corporations rely on network firewalls to protect their applications. This is a horrible idea. Once the firewalls are bypassed, the applications have no security designed in, their server software isn’t kept up to date, and the application software has never gone through best practice code reviews. Does this sound like your corporation? Do you even have a Chief Security Officer?



The CEOs should be making sure that they have a Chief Security Officer to go along with their CFO. You really don't want to be the CEO on the front cover of Wired magazine as the head of the company that had their servers or products turned into a botnet.