Ev­ery­thing is a tar­get, Threats to IoT Shoot Up

Voice&Data - - TRENDS 2017 -

In re­cent past, IoT (In­ter­net-of-Things) de­vices were hi­jacked to shut down a huge sec­tion of the In­ter­net. Stolen doc­u­ments were used in an at­tempt to in­flu­ence the US pres­i­den­tial elec­tion. Ran­somware be­gan to reach epi­demic pro­por­tions, in­clud­ing high value tar­geted ran­som cases. Th­ese and sim­i­lar at­tacks have had sweep­ing im­pacts be­yond their vic­tims.

Watch­ing cy­ber threats evolve over the past year, a few trends have be­come ap­par­ent to Fortinet:

The dig­i­tal foot­print of both busi­nesses and in­di­vid­u­als has ex­panded dra­mat­i­cally, in­creas­ing the po­ten­tial at­tack sur­face.

Ev­ery­thing is a tar­get and any­thing can be a weapon.

Threats are be­com­ing in­tel­li­gent, can op­er­ate au­tonomously and are in­creas­ingly dif­fi­cult to de­tect.

We are see­ing two threat trends: au­to­mated at­tacks against groups of smaller tar­gets and cus­tom­ized at­tacks against larger tar­gets. Th­ese two trends are in­creas­ingly be­ing blended to­gether, with au­to­mated at­tacks be­ing used as a first phase, and tar­geted at­tacks as a sec­ond.

Based on th­ese trends, For­tiGuard Labs is mak­ing six pre­dic­tions about the evo­lu­tion of the cy­berthreat land­scape for 2017.

IoT man­u­fac­tur­ers will be held ac­count­able for se­cu­rity breaches

We are in the mid­dle of a per­fect storm around IoT. A pro­jected growth to over 20 bil­lion con­nected de­vices by 2020, a huge M2M (ma­chine-to-ma­chine) at­tack sur­face, built us­ing highly vul­ner­a­ble code and dis­trib­uted by ven­dors with lit­er­ally no se­cu­rity strat­egy. And of course, most of th­ese de­vices are head­less, which means we can’t add a se­cu­rity client or even ef­fec­tively up­date their soft­ware or firmware.

Right now, at­tack­ers are hav­ing a lot of suc­cess sim­ply ex­ploit­ing known cre­den­tials, such as de­fault user­names and pass­words or hard­coded back­doors. Be­yond th­ese, there is still much low-hang­ing fruit to ex­ploit in IoT de­vices, in­clud­ing cod­ing er­rors, back doors and other vul­ner­a­bil­i­ties re­sult­ing from the junk code of­ten be­ing used to en­able IoT con­nec­tiv­ity and com­mu­ni­ca­tions. Given their po­ten­tial for both may­hem and profit, we pre­dict that at­tacks tar­get­ing IoT de­vices will be­come more so­phis­ti­cated, and be de­signed to ex­ploit the weak­nesses in the IoT com­mu­ni­ca­tions and data gath­er­ing chain.

One likely de­vel­op­ment is the rise of shadow nets – or IoT bot­nets that can’t be seen or mea­sured us­ing con­ven­tional tools. Shadow net at­tacks will ini­tially take the form of tar­geted DDoS at­tacks com­bined with de­mands for ran­som. Col­lect­ing data, tar­get­ing at­tacks, and ob­fus­cat­ing other at­tacks are likely to fol­low.

The se­cu­rity is­sues around IoT de­vices are be­com­ing too big for gov­ern­ments to ig­nore. We pre­dict that un­less IoT man­u­fac­tur­ers take ur­gent ac­tion, they will not only suf­fer eco­nomic loss, but will be tar­geted with leg­is­la­tion de­signed to hold them ac­count­able for se­cu­rity breaches re­lated to their prod­ucts.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.