The now-ubiquitous Internet of Things (IoT) consists of devices like surveillance cameras, thermostats, baby monitors, medical equipment, home appliances and thousands of other items that can communicate with each other over the Internet.
Billions of IoT devices are already in use, and they are continuing to proliferate. The Gartner Group estimates that more than 50% of major new business processes and systems will include an IoT component by 2020, when BI Intelligence estimates there will be roughly 24 billion IoT devices connected to the internet. Businesses will be the top adopters of these new technologies and experts warn that IoT is one of the most vulnerable areas in corporations. This only means that hackers will have that many more vectors from which to launch their attacks.
Anatomy of an IoT Cyber Attack
What are IoT cyber attacks? Botnets—armies of zombie computers infected with malware—have transformed the IoT into a distributed zombie network. Massive device armies are now a tool of choice for launching cyberattacks, a tool that force-multiplying hackers can deploy with the stroke of a key.
Most devices are designed to be left alone after being set up. Consumers and businesses install devices and never think about them again, totally unaware of whether a device has been compromised. As IoT proliferates, the scope of the attack surface (the set of different points where a hacker can gain access) is expanding exponentially.
A cyber attacker uses software to automatically scan the Internet for connected devices that have weak security. The botnet is assembled by using default credentials to harvest hundreds or thousands of bots, and this network of infected devices is made a slave to the hacker. Botnet-driven attacks are very successful because they come from such a large area they are hard to mitigate—it’s even harder to track down the cyber attacker, especially when traffic is bouncing from a web camera to a thermostat and so on.
Examples of IoT Cyber Attacks:
- Hackers at the Def Con security conference found nearly 50 critical issues in internet-connected door locks and solar panels, among other devices.
- In 2015, two ethical researchers were able to wirelessly take control of a Jeep Grand Cherokee, resulting in a recall of 1.4 million vehicles.
According to F5 Labs, IoT attacks grew 280% during the first half of 2017. F5 Labs says there is every indication that today’s botnets, or “thingbots” (built exclusively from IoT devices) will become the infrastructure for a future darknet. They point out how important it is that businesses instigate a DDoS strategy, and perhaps even abstain from buying and selling vulnerable IoT devices.
Ideally, an IT infrastructure must be defended against attacks while the company attempts to ensure its own devices are not contributing to the problem. As more botnets are used to hit corporate targets over time, critical infrastructure is moving to the Cloud on the theory that distributing resources across many servers is a countermeasure.