Five Eyes warns of security flaws in edge and IoT devices

Intelligence alliance Five Eyes warns of attacks on edge and IoT devices and addresses the public with security guidelines.

IoT devices are used en masse in the OT sector in conjunction with edge systems. In production, they are often found in measurement and control technology. They usually form a bridge between internal and external networks such as the internet. However, many companies are either unaware of them or treat them very neglectfully. Attackers benefit from this. Western intelligence services are concerned and taking unusual measures.

It is extremely rare for intelligence agencies to address the public and issue recommendations. Now they have done so and published guidelines for improving the cybersecurity of edge and IoT (Internet of Things) devices. According to the services, the background to this is a worrying increase in attacks on these components, particularly in the OT sector and in the area of critical infrastructure (KRITIS).

These devices are rarely at the centre of IT security. They are often completely overlooked and in many companies, neither model, location nor even the number of these devices are known. This makes them a preferred target for cyberattacks. "Attacks on edge devices have become the favoured tactic for many cyber threat actors, including state-sponsored ones," warn the intelligence services in their publications.

The Anglo-American intelligence alliance, consisting of Australia, Canada, New Zealand, the UK and the USA, is informally referred to as Five Eyes. Among other things, this alliance serves to share intelligence and has divided up its surveillance activities. They also share their technical resources. Not much is known about the Five Eyes, which is the nature of intelligence services. All in all, the alliance is considered to be very effective. For the current joint warning, each intelligence service has taken a different focus and recorded the results in a separate document. Most of these are now available. They published their "Security Considerations for Edge Devices" in a series of guides. "These guides outline various considerations and strategies for a more secure and resilient network both before and after a compromise," according to a joint statement.

Services warn: Edge devices as a gateway for cyber attacks

While the Canadians focus on hardening edge devices, the British take care of forensic problems as well as monitoring and logging issues. The Australians describe strategies for dealing with damage and provide practical advice, while the American cybersecurity authority CISA emphasises the need to consider security right from the design process of the devices, security-by-design. The contribution of the New Zealand National Cyber Security Centre (NCSC) is not yet available.

The services point out that edge devices often serve as a starting point for attackers to gain access to internal company networks, as they play a decisive role in handling the transfer of data between internal and external networks. They therefore have a key role to play. At the same time, they recognise a number of shortcomings in edge and IoT devices. For example, these components generally do not have endpoint detection and response (EDR). In many cases, they lack regular updates and strong authentication. Security vulnerabilities and insecure standard configurations are also not uncommon, as the regular warnings from cybersecurity authorities show. Inadequate logging mechanisms and incomplete monitoring functions make integration into company-wide security concepts and tools difficult or even impossible. Furthermore, there is a lack of forensic options for analysing security incidents. Outdated hardware is also frequently used and security features are missing, as these do not play a role in the design of the devices, adds the British National Cyber Security Centre (NCSC) of the Government Communications Headquarters, GCHQ. This makes them very vulnerable, the British agency warns.

Know your own network

The Alliance's intelligence services are therefore making recommendations on how these components can be better protected. These recommendations focus on edge devices, which consist of network components such as firewalls, routers, VPN gateways and other IoT devices. They are widely used in the OT sector and are often used in conjunction with simple IoT devices such as sensors and controllers. Many of these devices form a bridge between internal networks and external networks such as the internet. The Canadian Centre for Cyber Security emphasises: "Edge devices are an important part of many corporate networks". In operational technology (OT), they enable connections between the inside and outside world, which increases productivity. A typical use case in the OT area: data from IoT sensors is generated at a high frequency and is therefore first aggregated on edge systems before being analysed in the cloud.

Manufacturers of such systems are therefore being asked to better secure management interfaces, especially if they can be accessed via the internet. They should also improve forensic transparency to help security managers recognise attacks and investigate security incidents. Other recommendations include disabling unused ports and services and enabling secure access controls and authentication. If systems cannot be properly secured, they should be located in separate network segments and protected by a firewall.

The Australian Cyber Security Centre (ACSC) advises that it is essential to locate and identify all devices in this category that are located at the external borders of the company network. This includes determining who they are connected to, especially outside the organisation's own network. Another piece of advice: "Remove or replace devices that have reached their end of life" and are therefore no longer supported by the manufacturer. This also means that there will no longer be any updates for them.

Author: Uwe Sievers

Source:

Bleeping Computer: Cyber agencies share security guidance for network edge devices

Canadian Centre for Cyber Security: Security considerations for edge devices (ITSM.80.101)

Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC): Mitigation strategies for edge devices: Practitioner guidance

Government Communications Headquarters (GCHQ), National Cyber Security Centre (NCSC): Guidance on digital forensics and protective monitoring specifications for producers of network devices and appliances

National Coordinator for Critical Infrastructure Security and Resilience (CISA): Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products