Partners: Massive Global Ransomware Attack Highlights Critical Infrastructure, IoT Security Challenges
Sarah Kuranda and Lindsey O'Donnell
On the heels of the most recent worldwide ransomware attack, partners said it is more important than ever for companies with critical infrastructure and IoT devices to secure their environments.
Victims of this week's attacks include the government, banks, and state power utility in Ukraine, as well as the capital Kiev's airport and metro. It also reportedly hit hospitals in the U.S. and the nuclear radiation monitoring system at Chernobyl in Russia.
While the attacks did not appear to target critical infrastructure companies – also hitting companies in the pharmaceutical, shipping, and legal verticals – partners said the instances show that critical infrastructure and IoT security remains a weak point for many companies.
[Related: 5 Things Partners Need To Know About The New Global Ransomware Outbreak]
Alton Kizziah, vice president, global managed services at Kudelski Security, said this latest strain of ransomware appears to be more sophisticated than the similar WannaCry ransomware outbreak last month. While it doesn't appear to be targeting critical infrastructure companies in particular, Kizziah said he "absolutely" sees a growing concern around ransomware and critical infrastructure and IoT.
"We think it's just going to become more and more prevalent," Kizziah said, citing examples of ransomware in cars, movie theater kiosks, thermometers, and more. "You're starting to see a lot more of it."
Kizziah said ransomware could severely impact a company's ability to access those control systems. Victims of this week's ransomware attacks cited examples of that by returning to manual systems or even ceasing operations until IT systems could come back online. Systems monitoring the Chernobyl nuclear disaster site, for example, had to monitor radiation levels manually after being hit by the ransomware.
David Johnson, vice president of sales and marketing for The Fulcrum Group, a Keller, Texas-based solution provider, said that the channel plays a critical role in ensuring infrastructure security – especially as more IoT devices come online.
The Fulcrum Group, which works to secure networks for customers implementing connected devices like surveillance camera systems, makes sure that IoT devices get their own separate VLAN – so if IoT devices become compromised, they are on a separate network that doesn't impact the rest of the company's infrastructure.
"We recommend that IoT devices get their own separate logical network," he said. "If you look at some of the recent attacks – such as Target – Internet of Things devices like HVAC systems have been the jumping-off point for hackers. This wouldn't happen if they were on a separate network."
The Fulcrum Group recently worked with one client who was setting up an array of new IoT devices, including audio-visual displays, cameras, HVAC controls, lighting controls and point of sale systems. Johnson said that the solution provider ended up isolating the IoT devices onto 22 separate VLANs overall, and designing the network infrastructure on the front end while working with the various IoT vendors to make sure all devices were secured.
Beyond isolating devices, Johnson recommends that solution providers make sure IoT devices are behind a firewall and secured with virtual private networks, and that customers only open ports that need to be opened for access.
"IoT security is becoming one of the major problems in the industry – so many new kinds of devices are becoming plugged onto the network, and the people installing them are not necessarily IT or security professionals," he said. "There’s a lot of good revenue opportunities for the channel, and MSPs will become more involved in the design and implementation of IoT security measures."