MQTT Principals to Mitigate IoT Cyberattack

  /  ICS Security   /  Cybersecurity   /  MQTT Principals to Mitigate IoT Cyberattack

MQTT Principals to Mitigate IoT Cyberattack

In September 2016, the Mirai malware cyberattack shook the IoT world with a DDoS attack model that infected over 600,000 IoT devices. Such attacks on network-attached devices and IoT devices continue to increase exponentially. With the IDC predicting that there will be 41.6 billion connected IoT devices, generating 79.4 zettabytes (ZB) of data by 2025, the number of malware attacks we will need to protect against endure. That said, such IoT cyberattacks can be mitigated by adhering to key security principles – using secure technologies such as the MQTT protocol.

More about What’s best for IIoT: An integration hub or an MQTT broker?

IoT Cyberattack Vulnerabilities

At IoT conferences and events, discussions about IoT security are always a hot topic. These conversations confirm that the key factors behind IoT security vulnerabilities typically boil down to choosing the wrong technology or even simple oversight.

A 2018 IoT Security Foundation survey concluded that less than 10% of consumer IoT companies follow vulnerability disclosure guidelines. For a long time, companies in the IoT space have focused on reducing the time-to-market and overlooked implementing basic security principles. When users take advantage of all security features the protocol offers, the use of MQTT as the communication protocol is a secure technology. The key is to avoid falling prey to any of the commonplace oversights of security principles that we see all too often.

In the same way that public cloud users share the responsibility to secure the infrastructure from their end by adhering to specific security principles, MQTT users must adhere to key principles and best practices for securing their MQTT devices and communications.

Misconfigured and poorly configured MQTT clients are a primary cause of security and privacy issues in the IoT space. Without proper configuration and setup, the MQTT protocol allows anybody to subscribe to any topic. Theoretically, every MQTT client can subscribe to any MQTT server that is available on the Internet. It is us – the users – who share the responsibility to secure the communication channel with appropriate measures and comply with key security principles.

More about Preventing Malware Attacks with Network Security Monitoring Solutions

Read the full post from HiveMQ to learn about the key principles of MQTT security to reinforce IoT security.


About the Author

Florian RaschbichlerFlorian Raschbichler serves as the head of the HiveMQ support team with years of first-hand experience overcoming challenges in achieving reliable, scalable, and secure IoT messaging for enterprise customers.


Further reading: Five cybersecurity experts about CrashOverride malware: main dangers and lessons for IIoT

Learn from global ICS cybersecurity subject matter experts as they share insights on topics like Cybersecurity for Manufacturing, Energy and Infrastructure Industries and The Role of AI in ICS Cybersecurity at IIoT World’s Cybersecurity Day on October 6, 2021. The first 500 tickets are free, so register today.

Cyberattack cybersecurity registration




Post a Comment