Lanner

IoT a critical vector for ransomware

IoT Ransomware, Spyware, malware

The percentage of Ransomware has been steadily increasing, and due the the even greater proliferation of IoT devices, it has already managed to position itself as one of the main cybersecurity threats looming over 2017. Now that more and more devices are set to come online, the damage cybercriminals can do extends beyond monetary and social into the physical realm. Things like driverless cars, smart meters, smart thermostats, light bulbs and coffee makers are all being exposed to internet facing connection, making them a target.


Why We should be Worried Now

Although IoT devices rarely store any valuable information, there’s is still the traditional model of ransomware: holding the device itself hostage. Although this may seem simple at first to solve (ie replace compromised device, even a reboot may fix it) the damage that can be caused in between the solution may be more costly than simply paying the ransom – giving the criminals exactly what they want.
Many IoT devices have actuators and sensors, take for example a smart thermostat. It’s entirely feasible for a ransomware developer to target them and raise or lower the temperature consuming high amounts of electricity. Due to all the sensors and internal logs on the devices, one could easily figure out if anyone is home, or if they’ve been gone for an extended period, then simply launch the malware when the target has no easy way of mitigating.

Printers are one of the most vulnerable Internet-enabled devices on a network

Recent white hacker demonstrations showing the amount of insecure printers connected to the internet is staggering. Many inexpensive consumer printers come with very questionable default setting, and users simply fail to change default password, disable WAN connectivity or secure the device behind a firewall.
Printers can be thought of as one of the first IoT devices, containing sensors (paper feed tray,), actuators(motors, ink system), and where connected to the internet early on. Back then security on the internet was an afterthought, and the many vulnerable printers on the internet show the need to secure these legacy devices.

 

IoT Vendors need to implement better security-by-design.

With the millions of IoT devices intentionally and even unknowingly invading our everyday lives, the ecosystem of cheap internet-enabled devices is becoming an alluring target for cybercriminals looking for a quick buck. Security cannot be an afterthought when dealing with internet-connected devices.

The largest DDoS (Distributed Denial of Service) attacks ever launched has mostly conveyed the message to businesses that having massive amounts of vulnerable IoT devices ripe for hijacking. Even if your devices and network are secure, mitigating a 500Gbps+ denial of service attack is simply not feasible.

 

Increasingly invasive IoT applications continue to emerge

Recent findings from the Federal Trade Commission show that devices like smart TV’s are being used to spy on their users – siphoning off location data, viewing preferences, customer demographic information. This is alarming and shows that many companies have no moral qualms in abusing IoT devices to their own ends. Now, not only do we have to worry about potential breaches from hackers, we also have to look out for spyware from the manufacturer itself!

 

Critical sectors needs to strengthen and audit security the most

It came to consumers as devices for things related to fitness, mostly monitor heart rate, blood pressure and breathing with a myriad of sensors. Now IoT is taking over many critical tasks in actual patient healthcare, and healthcare is no exception for cyber-criminals. In fact there are numerous real world examples of ransomware attacks taking place in healthcare environments. Even in constantly imaged systems (imaged = full backup), the downtime from restoring the devices can mean life or death.

The Energy industry has already suffered from numerous attacks, and its not unreasonable to believe ransomware will eventually strike. Holding the energy production of a critical part of the country could rake in the cash for cybercriminals. Its not a matter of keeping these systems offline, there is really no going back to isolated networks as the industry is moving towards a smart service based model.

Conclusion

The pace at which IoT is growing is staggering, and security has only recently taken a forefront in everyone’s priorities. Malware, spyware, ransomware can all inevitably find a way into the network. The best security practices fall flat in the face of zero-days and sophisticated attacks. True security comes from complete network visibility, awareness of critical attack vectors and constant vigilance. As IoT devices continue to evolve, we should be seeing these philosophies come into play, with more robust monitoring and reporting software, standardized API’s and faster update cycles.

Exit mobile version