The internet is abuzz with exciting innovations in technology, its minimization, automation capacity and the myriad re-applications of older technologies now enhanced with modern communications advances. But this comes with significant security concerns, as now most of our devices, appliances and even light-bulbs are becoming internet-facing liabilities. Cars, pacemakers, heart-monitors, webcams, smartphones, GPS and wireless access-points are just a few technologies that today raise serious privacy/security concerns amongst professionals and well-informed users.
Recent reports are showing foreign attacks and stress tests probing US infrastructure, with US Intelligence officials stepping up their warnings and highlighting issues many security experts have previously noted for years. In a nutshell, our cybersecurity measures, since the start of Industrial IoT, have not kept pace with the internet driven revolution unfolding before us.
With IoT the standard has been focused on competitive pricing and usability, often dedicating little resources for long term device security, rarely using industry standards or poor implementations. Startup-like IoT companies tend to overlook important security aspects of new devices like: the initial setup/provisioning process, default configurations and providing consistent firmware patches and software updates for their foreseeable lifetime.
4.Device Hijacks and PII-based Attacks (Personally identifiable information)
Nowadays people rarely have time to think about all of the security implications in services like ride sharing, fitness tracking with regards to privacy and security. Just take a little time and think about how with a little motivation, systems can very easily be abused and used in ways providers never intended, often to the detriment of others. With shared rides for example, specific users can be targeted using a little information of their schedule and brute forcing methods like simply placing compromised uber drivers around the general area. Autonomous vehicles may even become prime targets for hackers and criminal enterprises after high-profile targets. Even for the layman, targeted social engineering hacks and brute force methods could easily land you a compromised uber driver within your vicinity, who can then leverage your habits, whereabouts and personal devices for further exploitation.
3.Attacks through social media, messaging and news outlets
An example of this attack used to great effect and advantage where multimillion-dollar Ad campaigns that utilized treasure troves of personal data to intelligently modify advertisements on-the-fly for political outreach the 2016 U.S presidential elections. Though impossible to quantify the direct impact of such well-targeted and personalized campaigns optimized through big data farming and AI, the days of blanket advertising and gambling on awareness efforts are all but over. Among media and marketing experts there is no doubt as to the cost-effectiveness of these personalized outreach methods and how impactful these intelligent campaigns tend to be.
2. Attacks on interconnected services
A great example of the level of impact a massive attack can have is the massive (over 100,000 compromised IoT devices) sustained DDoS attack on Dyn, which affected large portions of services on the internet. Attacks on critical internet service providers are especially effective, as shown in the Dyn attack (they are a principal registrar and provider of domain name servers). DNS’s are a vital component of the internet today that translates human-readable names such as google.com or cnn.com into specific network addresses and ports computer systems understand, ex: 123.456.789.0:5555.
1. Attacks on critical infrastructure
Today, more and more of the critical infrastructure is being powered by the Industrial Internet of Things, with power plants opening up internet facing services fo access to things like smart E-meters and home automation. Imagine the devastation things like domestic terrorism can have when combined with other types of cyber attacks on critical infrastructure and supporting emergency services . Damaging power grids and communications can create many life-threatening situations or in the case of emergencies thing like critical healthcare, exacerbate them to life-risking levels.