Australians are some of the most watched people in the world...
Sydney alone has more than 60,000 increasingly sophisticated CCTV cameras and ranks in the top 20 most surveilled cities, with cities like Canberra not too far behind.
This stat alone can be discomforting, but a major concern we need to consider within this ecosystem of scrutiny is the risk of cyberattack against it. As Australia’s Internet of Things (IoT) market grows, individual CCTV cameras are becoming internet-enabled which also makes them hackable. In the mind of an attacker, it means there could be 60,000 entry points through which they could attempt access.
In March, IoT security camera provider Verkada fell victim to a cyberattack which gave perpetrators unfettered access to the live feeds of around 150,000 cameras. This included sensitive footage from inside schools, hospitals and manufacturing facilities – including those of EV car maker, Tesla.
This didn’t make major headlines in Australia – it had tough competition from more prominent local attacks – but as we build more IoT, AI and other modern technology into our video security network, we need to be mindful of avoiding a similar incident.
According to reports, this attack was fairly rudimentary with perpetrators infiltrating an internet-exposed server used by Verkada’s support team. Here, they gained access to privileged account credentials which eventually permitted access to cameras deployed at thousands of customer sites.
Watching and waiting
Timing is crucial here – most victims of this attack found out only when images were shared publicly online. A lot of time passes between a breach and this kind of public reveal. This suggests Verkada did not have the right tools in place to detect the breach early which might have mitigated the worst of the damage.
In this case, the hackers intended to show the pervasiveness of video surveillance, for example revealing shots of workers inside a Tesla warehouse and hospital staff tackling and pinning a man to a bed. Audio visual data can be highly sensitive to the people in them or organisations that own them.
There are no silver bullets in cybersecurity, so we need to work with what we’ve got and the ability to monitor and detect these attacks as they happen in real-time is among the strongest tools available.
IoT networks – and CCTV networks in particular – can benefit from behaviour-based anomaly detection. These devices have a standard and well-defined baseline of activities they should carry out. When anomalous behaviours occur, it should raise an immediate flag.
Once adversaries get access to an environment, they perform reconnaissance to better understand the victim and what they can do. That can mean activities such as credential guessing or port scanning against hosts inside the network.
These kinds of activities are unmistakable deviations from ‘the norm’ – the device’s established baseline behaviour – and would instantly generate an anomaly alert. Naturally, there’s a fear of ‘boy who cried wolf’ if the alerts are too sensitive, but asset intelligence services can help ensure accurate alerts and minimise false positives.
Distrust and verify
The zero-trust network model also helps to yield stronger protection. This essentially means a presumption of distrust from anything inside or outside the network’s perimeters, and verification being required to gain access.
The previous status quo was essentially: ‘once you’re in, you’re not a threat’. It’s quite clear this castle and moat mindset hasn’t served us well, and technologies such as multifactor authentication, analytics, and encryption have become commonplace as a result.
A key element in zero trust is monitoring technology that logs all activities which can then be reviewed to retrace the criminal’s footsteps. In doing so, it shows the full extent of the damage, which has hopefully been minimised, and is a major step in recovering from an attack.
They don’t need to be sophisticated – we do
It’s worth noting that Verkada was not breached by highly sophisticated, nation-state attackers. It was the result of a relatively amateur group poking around to find privileged credentials on the internet.
Unfortunately, this lack of security hygiene is commonplace throughout Australia and the local ecosystem of surveillance relies on multiple private and public organisations, networks and other stakeholders to run. Any of these could be the source of a major breach if they’re leaving behind similar breadcrumbs to Verkada.
In the same way an effective alarm system can immediately notify you of an intrusion, better networking technology can help prevent these kinds of attacks from happening and the detrimental impacts of this data being released.
Rather than wait for video feeds from Australia’s most sensitive areas to be posted online for everyone to see, attackers can – and should – be stopped in their tracks.