Hackers graduate to financial gain as motivation for IoT attacks
📲Securing IoT devices is a top priority for organisations looking to implement this new technology.
The phrase Internet-of-Things (IoT) has gone from buzzword to common speech, having had an impact on almost every industry and sector. Once an abbreviation that seemed bound for fad-status among the tech elite, even the average consumer now embraces “IoT” as a category of connected technology that’s increasingly all around us.
In fact, it’s estimated that the IoT market hit a staggering $20.35 billion valuation in 2017 and is only set to continue past $75.44 billion by 2025. That means that the perception that IoT is “all around us” is going to go great leap further in under a decade – and the implications will be dramatic.
Especially in the context of cybersecurity, what will an omnipresence of connected devices tracking our every move mean for the hacking community?
We’re already starting to get a taste of what the future holds today when it comes to hacked IoT, as headlines over the past year have consistently focused on ever-increasing “muscle-flexing” on the part of hackers. As with any major technological change that’s embraced so rapidly by the masses, cracks in the façade will inevitably emerge as best practices catch up with the rate of adoption. IoT devices are especially prone to this chain of events, as industries and individuals are often bringing IoT solutions into their workflows before security is assured or a defense against threats is even mapped.
Evolving from DDoS to Financial Gain
Take, as an example, the distributed denial of service (DDoS) attacks that leveraged common household and office IoT devices over the course of 2016 and 2017. The Mirai attack, for instance, was a DDoS operation that used an army of botnet-infected IoT devices to flood Twitter, GitHub and the PlayStation network – to name just a few victims – with “loud” network traffic that drowned out legitimate directives from network administrators. This overwhelmed the targets’ servers, forcing them to shut down. First detected in October 2016, active strains of the Mirai virus were still being reported as recently as December 2017.
While the Mirai attack continues to be causing financial hurt for those affected parties, it was widely considered an exercise in showboating for the hacker Paras Jha, who recently pleaded guilty to hacking charges alongside two of his classmates. Jha and his cohorts made the vulnerabilities to IoT networks – even those connected to tech giants – glaringly obvious, which only opens the doors for “one-upsmanship” that will give IoT hacking over the next year a new motive: Malicious actors looking for financial gain will inevitably attempt to leverage those vulnerabilities, taking advantage of readily available ransomware and PII for big paydays.
In fact, research group Forrester made this prediction one of its top forecasts for the next year. Instead of being motivated solely by political, social, or military reasons – as had been forecasted in previous years – cybercriminals will likely be driven by financial gain moving forward, as the black market for malware and the Dark Web continue to mature, Forrester noted.
Bracing for the future
Fighting the increasingly persistent threats that will affect enterprise IoT networks requires a similarly comprehensive approach to security that IT takes with their standard network connectivity. For starters, organizations need to immediately ensure the security of their existing IoT infrastructure by assessing their hardware for security gaps, including weak encryption implementation or inadequate patching functions.
📲Securing IoT devices is a top priority for organisations looking to implement this new technology.
The phrase Internet-of-Things (IoT) has gone from buzzword to common speech, having had an impact on almost every industry and sector. Once an abbreviation that seemed bound for fad-status among the tech elite, even the average consumer now embraces “IoT” as a category of connected technology that’s increasingly all around us.
In fact, it’s estimated that the IoT market hit a staggering $20.35 billion valuation in 2017 and is only set to continue past $75.44 billion by 2025. That means that the perception that IoT is “all around us” is going to go great leap further in under a decade – and the implications will be dramatic.
Especially in the context of cybersecurity, what will an omnipresence of connected devices tracking our every move mean for the hacking community?
We’re already starting to get a taste of what the future holds today when it comes to hacked IoT, as headlines over the past year have consistently focused on ever-increasing “muscle-flexing” on the part of hackers. As with any major technological change that’s embraced so rapidly by the masses, cracks in the façade will inevitably emerge as best practices catch up with the rate of adoption. IoT devices are especially prone to this chain of events, as industries and individuals are often bringing IoT solutions into their workflows before security is assured or a defense against threats is even mapped.
Evolving from DDoS to Financial Gain
Take, as an example, the distributed denial of service (DDoS) attacks that leveraged common household and office IoT devices over the course of 2016 and 2017. The Mirai attack, for instance, was a DDoS operation that used an army of botnet-infected IoT devices to flood Twitter, GitHub and the PlayStation network – to name just a few victims – with “loud” network traffic that drowned out legitimate directives from network administrators. This overwhelmed the targets’ servers, forcing them to shut down. First detected in October 2016, active strains of the Mirai virus were still being reported as recently as December 2017.
While the Mirai attack continues to be causing financial hurt for those affected parties, it was widely considered an exercise in showboating for the hacker Paras Jha, who recently pleaded guilty to hacking charges alongside two of his classmates. Jha and his cohorts made the vulnerabilities to IoT networks – even those connected to tech giants – glaringly obvious, which only opens the doors for “one-upsmanship” that will give IoT hacking over the next year a new motive: Malicious actors looking for financial gain will inevitably attempt to leverage those vulnerabilities, taking advantage of readily available ransomware and PII for big paydays.
In fact, research group Forrester made this prediction one of its top forecasts for the next year. Instead of being motivated solely by political, social, or military reasons – as had been forecasted in previous years – cybercriminals will likely be driven by financial gain moving forward, as the black market for malware and the Dark Web continue to mature, Forrester noted.
Bracing for the future
Fighting the increasingly persistent threats that will affect enterprise IoT networks requires a similarly comprehensive approach to security that IT takes with their standard network connectivity. For starters, organizations need to immediately ensure the security of their existing IoT infrastructure by assessing their hardware for security gaps, including weak encryption implementation or inadequate patching functions.