Cybersecurity in the IoT era: why you need to protect your IoT solutions
The fast-paced IoT development is a significant achievement, but it comes along with many security concerns requiring prompt attention.
The growing IoT sector is expected to increase to 20.4 billion devices by the year 2020, and the businesses are expected to invest $134 billion annually by 2022 just on cybersecurity for IoT devices, as stated in a report by Juniper Research.
IoT applications, from smart homes to smart factories, have exposed almost every part of our life to the internet. IoT devices have created many access points for the hackers who can exploit vulnerabilities in the IoT infrastructure, even if they get the access only to one device in the network. According to the Symantec internet security threat report 2018, the number of IoT attacks increased from around 6,000 in 2016 to 50,000 in 2017, which is a 600% upsurge, in just one year. The Kaspersky IoT lab report 2018 has revealed that the IoT attacks have been tripled in the first half of 2018. Also, these attacks were carried out in more sophisticated ways as the hackers are continuously improving their skills.
IoT Attacks - 2018
A VPNFilter IoT botnet
In May 2018, the security researchers from Cisco Talos discovered that more than half a million routers and storage devices in almost 54 countries were affected by a Russian-linked botnet.
It was revealed that that the botnet malware, VPNFilter, was designed with the purpose to gather personal information, access internet communication and conduct destructive cyber attacks. The affected devices included routers and internet-connected storage devices from TP-link, NETGEAR, Linksys, and MikroTik.
A casino hack via a fish tank thermometer
The CEO of the cybersecurity company Datatrace reported an IoT hack incident in May 2018.
The attackers had exploited a vulnerability in the thermostat located in the casino’s lobby to gain access to the casino’s network. As a result, they managed to get the database of gamblers and "then pulled it back across the network, out the thermostat, and up to the cloud."
Last June, the security researchers discovered a malicious botnet when it had already affected more than 40,000 servers, routers and IoT devices of several organizations all over the world.
Hackers used various attacking methods including password brute-forcing, abusing weak configuration to carry out the attack.
Techniques used for IoT attacks
There are some conventional techniques hackers use to exploit a vulnerability in IoT ecosystems.
A botnet is a network of systems assembled to control and spread malware in devices remotely. The botnet operators control this system through Command-and-Control-Servers, and hackers use it for many tasks including stealing private information, DDoS attacks, for spam and phishing emails.
As implied by the name, man-in-the-middle attacks are those in which a hacker interrupts in between two separate systems with an intention to violate them. These attacks are incredibly threatening when executed through IoT devices especially when the communication involves not harmless items such as smart TVs or garage doors, but potentially dangerous industrial equipment and vehicles.
Social engineering is the technique that targets directly IoT users rather than smart devices. By using psychological pressure and deceit, a hacker might be looking for any information to gain different benefits, but the primary purpose of manipulating individuals is to obtain passwords or bank details.
How IoT vulnerabilities сan be сontrolled
IoT has brought many successful changes to our lives, but the phenomenon come along with a flurry of concerns which should be regularly monitored, for example, within the framework of IoT solutions’ security audit, and idenfitied issues should be addressed as soon as possible.
And don’t neglect some simple measures to secure your IoT environment. The use of proper and updated passwords, encrypting file systems, securing your network with a firewall with appropriate rules are just a few basic things, which can significantly minimize the IoT threat and save from the above mentioned IoT attacks.