Futurologists like to outline the possibilities of IoT. They talk about a future in which cities, cars, households, companies, etc. become ‘smart’. Sounds great, but IT security guards look at it differently. They see dangers. By connecting more and more devices to each other, the number of access points on a network increases.
It is difficult for network administrators to secure all those access points. There are a number of reasons for this: IoT devices are not always properly protected, devices do not always receive updates, and unknown IoT devices can also become active on the network. Think of the employee who walks into the company with a hacked Fitbit on his wrist. It is not inconceivable that this way business data will be put on the street.
These types of risks will only increase in the coming period. By way of comparison: there are now around three billion smartphones worldwide, but the number of IoT devices exceeds twenty billion within a few years! The more access ports, the more possibilities for hackers. That is no longer a theory. Already in 2016, there was the Mirai botnet that had IoT devices in sight. Some 300,000 devices were infected.
Recent research by Fortinet shows that hackers are increasingly able to abuse IoT devices:
Recent research by Fortinet shows that hackers are increasingly able to abuse IoT devices. In the Global Threat Landscape Report, the security company warns that malware makers are focusing on agile development. By constantly adapting the malware a bit, they make the malicious software difficult to trace.
For example, many IoT devices in consumers have been the victim of crypto jacking over the past period. The devices were misused to search for crypto coins. The hackers focused mainly on media players because they have a lot of computing power and are constantly connected to the internet. As long as a device does not become noticeably slower, the owner will not immediately sound an alarm.
Bitcoin’s price against crypto jacking malware China, USA, Russia:
Where do malware attacks come from? According to F5 Labs, the research branch of F5 Networks, much from the Far East. The risk analysis The Hunt for IOT states that nearly half of all brute force attacks originating from China. There are also many numbers from the United States and Russia.
The number of attacks increased as much as 249 percent. If we look at which countries are most frequently attacked, the US, Singapore, Spain, and Hungary are at the top, but F5 Labs notes that actually, every country has to deal with it.
The researchers suspect that many attacks are not detected. They point out that IoT developers are not sufficiently concerned with securing IoT equipment. The result is obvious: vulnerable devices continue to appear on the market. The problems will, therefore, increase if consumers and companies use more IoT devices.
The number of Telnet attacks on IoT devices (source: F5 Labs)
As the threats increase, you would expect companies to be extra alert to IoT security. Nothing is further from the truth, points out research by security company Trend Micro. For many large companies, security is only a side issue. The company interviewed 1,150 IT and security managers worldwide and a grim picture emerges.
63 percent of respondents said they had seen more incidents in the past year. On average, companies suffered three cyber attacks on connected devices.
IDC expects that 1.2 trillion dollars will be spent on IoT in 2022
Yet companies do only minimal tests before IoT technology is implemented. Moreover, the security manager is involved in just 38 percent of the cases. The Trend Micro report notes that significantly many companies are unknowingly opening up to online threats.
The surveyed managers say they are worried about that. They fear mainly loss of consumer confidence (52 percent) and financial loss (49 percent). Despite the introduction of the AVG, they are less afraid of fines by violating data protection rules (28 percent).
In the research, we read that companies invest heavily in IoT. They spend 2.1 million euros per year on average. Given this kind of substantial amounts and the significant impact of a cyber attack, Trend Micro writes that security must have the same priority to reduce IoT risks.