Extended IoT devices (xIoT) stand as a perennial favorite for cyberattackers seeking to move laterally and establish persistence within enterprise networks. They’ve got everything the bad guys need for a foothold: They’re grossly under secured, they’re present in large numbers (and in sensitive parts of the network), and, crucially, they’re typically not well monitored.
In an upcoming session at RSA, security researcher and strategist Brian Contos will walk his audience through the ways that these devices can be used to create very broad attacks against enterprise resources, along with what security strategists should be doing to counter the risk.
“I’ll be doing some xIoT hacking demonstrations, because everybody likes to see things broken into,” says Contos, chief strategy officer for Sevco Security. “But in the xIoT world it’s quite easy to compromise, so I won’t focus on that but instead on how it can be used as a pivot point to attack on-prem devices, in-cloud devices, to steal sensitive data, maintain persistence, and evade detection.”
His goal is to show the entire life cycle of the attack in order to demonstrate the weighty ripple effects that are in the offing from leaving xIoT devices unmanaged and unmonitored in enterprise environments.
The Prevalence of xIoT Insecurity
As Contos explains, xIoT devices typically fall into three device categories that all proliferate significantly in business environments. The first are the enterprise IoT devices like cameras, printers, IP phones, and door locks. The second are operational technology devices like industrial robots, valve controllers,