The Internet of Things (IoT) is everywhere nowadays – it’s in most households and offices.
However, these devices have been increasingly seen as a potential risk for cybersecurity:
A study by Symantec revealed that IoT cyber-attacks increased by a staggering 600% between 2016 and 2017.
Business Insider reveals that there will be around 21 billion IoT devices by 2020, which means 21 billion ways for cybercriminals to attack. Not just that, 90% of all vehicles will be connected to the internet. Every second 127 devices are connecting to the internet. The opportunities of a cyber-attack are, thus, endless, and the rise of IoT has clearly escalated it.
In fact, statistics suggest that 70% of the most commonly used IoT devices contain vulnerabilities.
What are the potential threats that could threaten IoT devices?
1. DDoS Attacks
It was a peaceful morning on 12th October 2016 in the US. Things were going as usual. All of a sudden, a massive DDoS (distributed denial of service) attack, one of the largest ever seen, brought businesses to a standstill all over the Eastern US.
It was due to the Mirai botnet, a type of malware, that assembled a group of compromised computers and turned them against their own servers and networks.
According to the State of the Internet security report 2016 by Akamai, DDoS attacks have increased by 125% from 2015 to 2016 alone.
In 2015, the average attack duration lasted 12-15 hours. Now it’s 16 hours. With the exponential increase of IoT devices, such attacks may become more and more frequent and dangerous. This is especially concerning with IoT devices to do with healthcare, any lock off of service could be incredibly dangerous to patients.
A lot of devices right now, even basic stuff, like vehicles and office floor equipment, are made IoT-enabled in the US.
A basic problem with them is that they weren’t designed with proper security measures in mind. As a result, most of these devices are vulnerable to cyber-attacks.
An alarming statistic was furnished by AT&T’s security operations center. It was found that between 2015 and 2016, there was a 458% increase in vulnerability scans of such IoT devices.
It means we are just turning ill-equipped gadgets into IoT devices, paving the way for imminent attacks, without enabling adequate security protocols. This may lead to massive trouble in the future.
3. Faulty tracking
A potential security threat with respect to IoT devices is that people still aren’t taking them seriously enough. They are not properly monitored at all. In a recent survey of 5000 companies, it was found that one-third of them, roughly 1700 companies have more than 5000 connected devices each.
If these devices aren’t properly tracked and given due importance, a disaster of epic proportions could soon be on the cards.
But here is the scary part. In the same survey, it was found that around 2500 companies didn’t track the IoT devices; they were simply estimating them.
Less than 2000 companies used any sort of device tracking software to monitor the connected devices, and only 800 had a formal audit in place.
That is an expansive range of opportunities, just waiting out there for cyber-criminals to take advantage of.
4. Spoofing attacks
With the rise in the deployment of IoT devices, the probability of spoofing attacks is on the rise. A spoofing attack is an instance where a cybercriminal hacks into a computer in a network, and then launches an attack on the network host to steal or destroy data.
Some of the most common spoofing attacks are:
– IP address attacks
– ARP attacks
– DNS server attacks
The most-used path of attack is through IP addresses. And the attacks are increasing more and more. According to a CAIDA study, there were 30,000 spoofing attacks per day, and 21 million attacks in total on around 6.3 million unique IP addresses, between 2015 and 2017.
And with IoT devices on the rise, spoofing is set to increase as well.
As Paul Barford, professor of Internet studies at the University of Wisconsin opined, ‘Some attacks are show-off attacks, but they can also be ransom attacks. It’s not just losing Hulu for a few hours, it can be losing control of the power grid or a large bank’s financial records.’
5. Security updates and patches
Regularly updating security patches of IoT devices is an essential facet of ensuring security. It may not be effective against highly sophisticated attacks, but it can be useful in case of basic ones.
Regularly updating system patches can provide an additional layer of security against cyber-threats. But unfortunately, according to a study, only 49% of companies regularly update their security patches. 51% of the, do not, which may escalate into greater disaster in the future.
6. Phishing attacks
Phishing is the most popular choice of cyber-crime with respect to IoT devices, as the initial stage in any attack. Global phishing attacks have been on the downward trend for some time, but they are as lethal as ever since the attacks are getting more and more targeted and specific.
A SonicWall study revealed that in 2018, there were 26 million phishing attacks worldwide.
A malicious phishing attack using IoT was uncovered by Proofpoint recently.
This attack used 750,000 malicious email communications from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multimedia centers, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks.
The number of IoT devices will grow in the future, and with it, will bring severe cybersecurity implications.
If statistics are anything to go by, it is apparent that IoT devices are being actively targeted in 2019.
According to a report by AVAST, around 40% of homes come with IoT vulnerabilities, of which 33% are vulnerable because of outdated software, and around 66% are vulnerable due to weak credentials.
‘The magnitude of the IoT and the consequences of a breach are now so significant that it is vital for businesses to anticipate security needs before new devices are deployed. Clear lines of responsibility, consistent security procedures and top-down engagement in IoT security are necessary to avoid problems and deal with inevitable attacks.’, as warned by Sandy Verma, Senior Director, IoT solutions, AT&T.
Both experts and numerous statistics suggest how IoT has escalated the cybersecurity issue.
Now is the time to take all precautionary measures you can. Don’t delegate it anymore – make sure to put everything in motion today.
About the Author:
Lucy Manole is a creative content writer and strategist at Right Mix Marketing Blog. She specializes in writing about digital marketing, cybersecurity, technology, entrepreneurship and education. When she is not writing or editing, she spends time reading books, cooking and travelling.