View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 24, 2016

Top five biggest threats to IoT security

Threats to Internet of Things security increase with many un-protected connected devices.

By Hannah Williams


Hackers have recently been able to obtain access to a wide variety of connected devices, which has prompted new concerns over the security threats of the Internet of Things.

The hackers were found to have gathered a collection of connected devices to generate data and webpage requests that took their targets offline, according to security experts.

Ironically, since October is European Cyber Security Month, CBR has put together a list of the biggest threats to IoT security as of recent.


  • Ransomware

Ransomware, which has been identified as the main cybersecurity threat of 2016, not only follows the usual system of affecting computers and locking files- IoT ransomware is able to control systems in the real world, not just the computer.

Ransomware attacking IoT ecosystems, may lead to locking them down and industrial IoT ecosystems are said to already include all the characteristics of an easy ransomware target.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

When specifically targeted, IoT ransomware can be timely and critical, rather than irreversible. Hackers are eager to target devices at a time and place where there will be no need to reset the device.

For instance, rather than searching valuable files on a Nest Thermostat for instance, hackers will lock it up whilst it is unattended and send a notification that it has been hacked- leaving the owner with costs to pay a ransom or it will remain locked.


  • Phishing

Device takeover from hackers tends to be enabled by misconfiguration and the use of weak default passwords that leaves devices exposed on public networks.

Phishing is the attempt to acquire information such as usernames, passwords and other private information via electronic devices through sending emails.

phishingEnterprise employees have been found to open various emails through unawareness of the realisation that many could be harmful to business files, and with the increase of connected devices, it may become much easier for hackers to gain access to user files.


  • IoT Botnets (Thingbots)

Based on the ubiquity and the fact they are usually connected directly to the Internet, wireless routers and modems are the primary targets for thingbots.

A ‘Thingbot’ is something with an embedded system and an Internet connection that has been copied by a hacker to become part of a botnet of networked things.

botnetsBotnets consist of many different connected devices, from computers, smartphones, and various other ‘smart’ devices.

The risks that are found within botnets area of a large scale, for example against critical infrastructure or gaining unsolidated access to company networks.


  • Distributed denial-of-service (DDoS)

A DDoS attack is the hack of a malicious user, into a network or connected device to sabotage a specific website or server.

It usually happens when the hacker sends information, e.g. URL to contact a specific website or server consistently. If an attacker overloads a business’s server with requests, it will not be able to process.

DDoSMajority of IoT malware is targeted to non-PC embedded devices, with many which are internet accessible due to its operating system and processing power limitations.


  • Spyware

Spyware is another threat that is enabled to computers and connected device by third parties. The threat enables personal information to be collected without the user knowing.

It is an increasingly noticeable method of attacking smartphones, with reports showing that it scales for 10 out of the 25 most prolific threats.

They can be difficult to remove and add viruses to devices; however with effective security and careful browsing on safe sites- it can be prevented.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.