While the house usually wins on the casino floor, it’s the hackers who are winning on the network. At least that was the fate of an unnamed U.S. casino infiltrated by hackers via a newly added thermostat to its fish tank in 2018.
Dubbed as one of the most clever cyber-security attacks to date, the incident single-handedly demonstrates the failure of the casino’s network architecture and the challenges of securing the Internet of Things (IoT) devices in an increasingly connected world.
The proliferation of IoT devices and sensors is happening at a tremendous pace, and with it, enterprises across all verticals are facing escalating threats from cyber attacks.
More than 20 billion IoT devices will be in use by 2020, according to estimates by Gartner and according to IDC research firm the total worldwide spending on IoT is expected to exceed a whopping $1 trillion by 2022.
“IoT security is minimal to nonexistent on many devices, making this an increasingly dangerous and vulnerable sector as now everything from life-saving medical devices and equipment to home security systems and cars are IoT-equipped,” stated Hardik Modi Senior Director of Threat Intelligence at NetScout, a leading network performance management firm.
Innocuous sensors tasked with the automatic transfer of simple data over a network found in gadgets such as occupancy sensors, smartwatches, fish tanks, and even light bulbs are being used by hackers as entry points to access highly secure data, according to Netscout.
IoT devices become targets by malware bots within five minutes via brute-force attack of common backdoor usernames and passwords once plugged into the network enabling hackers to gain access to sensitive data within less than 24 hours according to a recent report released by Netscout.
A brute-force attack happens when IoT malware continuously attacks random targets using the antiquated Telnet protocol by running through lists of common factory-default usernames and passwords until they succeed at implanting harmful malware into a device.
According to the report, the top source countries of brute-force IoT activity are Russia, China, Brazil, and the United States.
In the case of the fish tank hack, cybercriminals were able to access the casino’s list of higher rollers causing unquantifiable financial and reputational damages.
Public WiFi and cellular networks, the more prominent connectivity options in the marketplace today, have failed to prevent IoT hacks and secure systems properly.
Most IoT devices are simply designed and are not properly equipped with the security functions which make it even more critical to secure the network.
In recent years, a more secure and reliable option known as Private LTE has emerged to meet the needs of enterprise customers.
While most LTE networks serving the general population and enterprise subscribers are considered public, a network is deemed to be private when its primary purpose is to connect people and things belonging to an enterprise where data needs to be kept secure.
Private LTE networks enable enterprises to minimize the risk of data breaches by separating the data transmission process from the mobile operator’s public network.
Private LTE Network For IoT Device Segmentation
A critical benefit of Private LTE networks is the ability to segment IoT devices and sensors on the system and restrict access only to authorized users. Segmentation helps to prevent attacks from propagating throughout a network even if a public system is compromised.
A Private LTE network architecture usually includes on-site servers, giving organizations the ability to keep traffic between IoT devices and corporate servers on the wireless LAN instead of the public Internet.
Private LTE networks are available through licensed, unlicensed, and shared spectrum, but most experts agree that when it comes to mission-critical and high-security applications, a licensed Private LTE network is the best option.
“While nothing is fool-proof enterprises focused on mission-critical and heightened security use cases should consider a licensed Private LTE network,” said Alex Besen founder and CEO of The Besen Group who leads the independent consulting and market research firm dedicated to Private LTE.
Licensed Private LTE networks enable organizations to manage highly sensitive data by keeping it on-site and prevent the security risks associated with WiFi and other options, said Besen.
In use cases which require heightened surveillance via cameras, Private LTE can also provide the data transmission requirements to achieve mission-critical needs, Besen added.
While there is no way of knowing if the infamous casino fish tank hack could have been prevented using a licensed Private LTE network, it’s fair to conclude that a licensed Private LTE network can add a significant layer of security that capable of preventing data breaches and cyber attacks in the future.