Hackers have recently been able to obtain access to a wide variety of connected devices, which has prompted new concerns over the security threats of the Internet of Things.
The hackers were found to have gathered a collection of connected devices to generate data and webpage requests that took their targets offline, according to security experts.
Ironically, since October is European Cyber Security Month, CBR has put together a list of the biggest threats to IoT security as of recent.
- Ransomware
Ransomware, which has been identified as the main cybersecurity threat of 2016, not only follows the usual system of affecting computers and locking files- IoT ransomware is able to control systems in the real world, not just the computer.
Ransomware attacking IoT ecosystems, may lead to locking them down and industrial IoT ecosystems are said to already include all the characteristics of an easy ransomware target.
When specifically targeted, IoT ransomware can be timely and critical, rather than irreversible. Hackers are eager to target devices at a time and place where there will be no need to reset the device.
For instance, rather than searching valuable files on a Nest Thermostat for instance, hackers will lock it up whilst it is unattended and send a notification that it has been hacked- leaving the owner with costs to pay a ransom or it will remain locked.
- Phishing
Device takeover from hackers tends to be enabled by misconfiguration and the use of weak default passwords that leaves devices exposed on public networks.
Phishing is the attempt to acquire information such as usernames, passwords and other private information via electronic devices through sending emails.
Enterprise employees have been found to open various emails through unawareness of the realisation that many could be harmful to business files, and with the increase of connected devices, it may become much easier for hackers to gain access to user files.
- IoT Botnets (Thingbots)
Based on the ubiquity and the fact they are usually connected directly to the Internet, wireless routers and modems are the primary targets for thingbots.
A ‘Thingbot’ is something with an embedded system and an Internet connection that has been copied by a hacker to become part of a botnet of networked things.
Botnets consist of many different connected devices, from computers, smartphones, and various other ‘smart’ devices.
The risks that are found within botnets area of a large scale, for example against critical infrastructure or gaining unsolidated access to company networks.
- Distributed denial-of-service (DDoS)
A DDoS attack is the hack of a malicious user, into a network or connected device to sabotage a specific website or server.
It usually happens when the hacker sends information, e.g. URL to contact a specific website or server consistently. If an attacker overloads a business’s server with requests, it will not be able to process.
Majority of IoT malware is targeted to non-PC embedded devices, with many which are internet accessible due to its operating system and processing power limitations.
- Spyware
Spyware is another threat that is enabled to computers and connected device by third parties. The threat enables personal information to be collected without the user knowing.
It is an increasingly noticeable method of attacking smartphones, with reports showing that it scales for 10 out of the 25 most prolific threats.
They can be difficult to remove and add viruses to devices; however with effective security and careful browsing on safe sites- it can be prevented.