IoT – an irresistible trend ……
Forrester, the technology and market research company, defines Internet of Things (IoT) technology as solutions that help companies bridge the physical and digital worlds, ingesting information and context through sensors from the physical world into the digital and taking actions in the physical world via actuators based on digital insights.
These are important benefits and figures from vendors and analysts indicate that more and more consumers and businesses are taking advantage of IoT. The number of things connected to the Internet exceeded the number of people on the planet in 2008, according to Cisco statistics, and it was expected to reach 25 billion items in 2015 and 50 billion in 2020.
Research firm IDC has more conservative estimates, predicting that the number of devices connected to the Internet will reach 30 billion in 2020, up from an estimated 13 billion in 2016. And, they forecast that the worldwide shipments of wearables will surpass 200 million in 2019, driven by strong smartwatch growth.
…….. and an irresistible target
But this seemingly unstoppable boom in IoT-enabled gadgets and sensors makes them a natural and attractive target for hackers and cyber criminals, who are now focusing their attacks on connected devices.
Enterprises and consumers both face attacks, although currently the largest volume of malicious attacks is directed towards enterprises. And, as the trend towards smart devices and BYOD (Bring your own device) increases, the risk of enterprise exposure increases correspondingly.
But, it’s not just the volume of attacks that is keeping security professionals awake at night. New threats are emerging, creating a clear and present danger of vulnerabilities and attacks in unfamiliar forms. One of the most worrying is a new evolution in malware known as ‘Thingbots’.
Thingbots – the new face of malware
Thingbots are a type of Botnet. They consist of many different IoT devices, all connected to each other. Once infected, these connected IoT devices can be controlled by a cyber criminal to launch attacks or steal sensitive data.
Currently, wireless routers and modems are the primary targets for Thingbots since they are usually connected directly to the Internet. Other popular targets include network cameras and network storage systems.
One emerging trend is for Thingbots to take possession of large networks of IoT devices and use them to direct attacks towards other IoT devices like surveillance cameras and home automation systems. There are already reported cases of CCTV cameras turned into ‘Thingbot armies’ to launch DDoS (Distributed Denial-of-Service) attacks against banks and other targets.
IoT vulnerabilities exposed by Thingbots
In 2014, Daniel Miesler, the security practice principal at HP tested ten top IoT devices and found an average of 20 vulnerabilities per device. At the time, he also confirmed the vulnerability of home security systems. He highlighted the risk of attackers logging on to security systems via the Internet to know when an owner was at home, when they’re away, and to watch video of the targeted home from anywhere in the world.
The security company Proofpoint found that if a redirect has been installed by a Thingbot user and a homeowner uses a remote connection to take an action like checking their fridge from their work PC, the work PC becomes compromised.
There are reported cases of vehicle accidents and casualties caused by infected GPS devices leading drivers away from their intended route. And, enterprises are concerned that Thingbots capable of controlling industrial control systems can change heating and air conditioning systems by turning them off, with the risk of massive damage to data centers.
Response and protection are vital
As David Knight, the GM of Proofpoint’s Information Security Division explains, “Botnets are already a security concern and the emergence of Thingbots may make the situation much worse.”
So, it’s essential to ensure IoT security by keeping these threats at bay or, at the very least, to mitigate the risks. Enterprises that do not have the IT staff or resources to systematically prevent these disruptive, damaging attacks are increasingly seeking the help of managed service providers like Virtual Tech Gurus.
Deploying managed proactive monitoring will systematically prevent attacks and help companies deploy secure IoT solutions and stay a step ahead of the cyber criminals.