The News: Failing IoT security means that old malware is making an IoT comeback. Conficker, a computer worm that first emerged in 2008 by proliferating Windows XP and older Microsoft operating systems and spread itself to vulnerable machines to rope them into a botnet, is making a comeback on IoT devices, and is specifically a threat to the healthcare industry via IoT connected medical devices. Even though it’s been 12 years, the Conficker malware remains an active threat as the new Unit 42 IoT Threat Report from Palo Alto Networks confirms.
Failing IoT Security Means Old Malware Makes IoT Comeback, Targets Healthcare
Analyst Take: There’s been a resurgence in Conficker infections, determined to be largely the fault of failing IoT security. Researchers have confirmed some 500,000 IoT connected machines and devices are infected, up 100,000 since 2015. The most attractive target for the Conficker malware? The healthcare field in general, and medical devices in particular. For instance, at one hospital mammography machines were discovered to be infected with the Conficker malware, which then migrated to other medical devices on the same network, which included a digital imaging unit, a radiology machine, and others. As reported by ZDNet, the IT team’s attempt to remove the infections amounted to rebooting the machines which was, not surprisingly, ineffective. Wondering why I titled the article “failing IoT security” … well, that’s it right there. ZDNet further reported that it took the hospital an entire week to take all the devices offline, install the latest security patches, and then reconnect the devices to the network.
The Problem Extends Beyond IoT Connected Devices, to the Healthcare Vertical Itself
With so much emphasis on cybersecurity today, it’s a bit alarming that a 12-year-old malware is becoming an issue again — but that’s part of the problem with IoT connected devices. Add to the complexity of the situation the fact that we’re dealing with COVID-19, and it’s even more alarming that the healthcare vertical is generally the primary target of cyberattackers — especially when having certain medical equipment up and running will be crucial for hospitals that may become overrun with patients.
As the ZDNet author points out, [and I agree] the main issue is that many of these IoT connected devices aren’t monitored like computers on a network, which in turn is making them a gateway for attacks. As mentioned in my previous post, IoT Cybersecurity Regulations Kick in With the Start of 2020, IoT-specific botnets like Mirai are an excellent example of this as they were penetrating IoT devices like DVRs and IP cameras.
Healthcare IT security leaders have their work cut out for them. In the 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses from Keeper Security and conducted by the Ponemon Institute, more than half of healthcare organizations surveyed reported experiencing a cyberattack in the last year. More importantly, 87 percent of healthcare organizations report a lack of security personnel (and budget) for more effective security operations and 90 percent devote less than 20 percent of their IT budget to cypbersecurity.
That’s Why Network Slicing Capabilities Will Be Key
This is why the promise of network slicing capabilities will be key to IoT security, in the healthcare space and beyond. IoT devices can be segmented on a separate network than desktops and laptops and prevent the spread of malware. This creates traffic isolation and IoT devices can have its own resource (slice) with their own security mechanisms and policies. Each slice can have customized security functionality, such as firewall configurations, access policies, and packet inspection, for example. With network slicing, if attackers gain access to the IoT device from outside, they won’t be able to exploit it for moving onto the rest of an enterprise’s network.
Wrap up – Failing IoT Security Measures Aren’t Going to Cut It
The lesson here is that failing IoT security measures aren’t going to cut it in today’s internet-driven, everything connected world. IoT devices, in the healthcare world and elsewhere, must treated just as carefully as employee computers, servers, and other devices. They must be connected to network security, continuously monitored and scanned, maintained by way of security patches, and updated on a regular basis. That’s also where Security Information and Event Management (SIEM) software providers like Splunk, LogRhythm, Dell Technologies (RSA), Rapid7, Securonix, Exabeam, and IBM play a big role in helping enterprises develop their Security Operations Center (SOC). Security technology that augments your human workforce and helps them do their jobs more effectively can go a long way toward keeping companies safe—from malware like Conflicker and others to any number of cyber incidents that endanger the business. There should be no halfway measures here, in the healthcare industry or otherwise — security of IoT connected devices is too important to business operations and business continuity.
Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.