//////////////////////////////////////////////////////////////////// t cht lk
expanded and expanding attack surface created by IoT for new
disruptive opportunities.
According to Fortinet’s latest quarterly threat landscape report, three
of the top 20 attacks identified in Q4 2017 were IoT botnets. But
it says unlike previous attacks, which focused on exploiting a single
vulnerability, new IoT botnets such as Reaper and Hajime target
multiple vulnerabilities simultaneously, which is much harder to combat.
Wi-Fi cameras were targeted by criminals with more than four
times the number of exploit attempts detected over Q3 2017. The
challenge is that none of these detections is associated with a known
security threat, which Fortinet describes as ‘one of the more troubling
aspects of the myriad of vulnerable devices that make up the IoT.’
The effects of an attack
Ian Kilpatrick, EVP Cyber Security for Nuvias
Increase in DDoS attacks
DDoS (Distributed Denial of Service) attacks
are on the rise. In the UK alone, 41% of
organisations say they have experienced a
DDoS attack.
IoT devices are a perfect vehicle for
criminals to use to access a company’s
network. In fact, 2016’s high-profile Mirai
attack used IoT devices to mount wide-
scale DDoS attacks that disrupted Internet
service for more than 900,000 Deutsche
Telekom customers in Germany and
infected almost 2,400 TalkTalk routers in the UK.
Ransomware attacks
Elsewhere, there has been an almost 2,000% jump in ransomware
detections since 2015. Ransomware became a public talking point
in 2017 when WannaCry targeted more than 200,000 computers
across 150 countries, with damages ranging from hundreds of
millions to billions of dollars. While most ransomware attacks
currently infiltrate an organisation via email, IoT presents a new
delivery system for both mass and targeted attacks.
Consider the potentially life-threatening impact of ransomware on
smart devices within critical applications, the ability of criminals to
shut down critical business and logistics systems has already been
repeatedly demonstrated. So perhaps it is unsurprising that a 2017
survey found that almost half of small businesses questioned would
pay a ransom on IoT devices to reclaim their data.
Increasing intensity and sophistication of attacks
The sophistication of attacks targeting organisations is accelerating
at an unprecedented rate, with criminals leveraging the significantly
www.intelligentcio.com
The aftermath of a cyberattack can be devastating for any company,
leading to huge financial losses, compounded by regulatory fines for
data breaches and plummeting market share or job losses. At best,
a company could suffer irreparable reputational damage and loss of
customer loyalty.
On top of that, IoT devices have the potential to create organisational
and infrastructure risks, and even pose a threat to human life, if they
are attacked. We have already seen the impact of nation-state attack
tools being used as nation state weapons, then getting out and
being used in commercial criminal activity. While the core focus is on
defending critical infrastructure and that is still far behind the curve,
weak business infrastructure is a much softer target.
Profit over security
It’s crazy to think that devices with the potential to enable so much
damage to homes, businesses and even entire cities often lack basic
security design, implementation and testing. In the main, this is
because device manufacturers are pushing through their products to
get them to market as quickly as possible to cash in on the current
buzz around IoT. Lawrence Munro, Vice President SpiderLabs at
Trustwave, said: “We are seeing a lack of familiarity with secure
coding concepts resulting in vulnerabilities, some of them a decade
old, incorporated into final designs.” n
“
ANY DEVICE
OR SENSOR WITH AN IP
ADDRESS CONNECTED TO
A CORPORATE NETWORK
IS AN ENTRY POINT FOR
HACKERS AND OTHER
CYBERCRIMINALS.
INTELLIGENTCIO
99