With attacks against Internet of Things devices on the rise, threat researchers are warning companies to make sure they know their devices and have processes in place to maintain and defend them.
In a Jan. 25 blog post, threat intelligence firm Intel 471 stated a surge of attacks on IoT devices in 2020 and 2021 led to the theft of confidential information and creation of massive botnets for launching distributed denial-of-service (DDoS) attacks. The company also saw main malware codebases Mirai and Gafgyt being used to compromise connected devices, with variants of Mirai the most popular way to sell illicit access to targeted firms on underground forums.
The threat will only grow this year as attackers shift to more profit-focused motives,.
As IoT devices become more and more commonplace, and industries increase their dependency on these devices for their uptime and operations…one can expect to see the shift to targeted ransomware and IoT botnet operators working with access merchants to identify potential targets.
Two trends in the IoT marketplace are converging to create a significant security problem. Manufacturers of a plethora of devices are adding connected functionality for management and updates, as well as to offer additional services, leading to a larger attack surface area in most organizations. However, management of these devices has not kept pace, leaving many of them vulnerable to attack.
Vulnerabilities in IoT devices extend far beyond home routers and consumer products.
While people hear IoT and automatically think of smart devices — think home appliances with internet connection — that’s not really where the big, primary threat is. The vulnerabilities lie in the software development kits, operating systems and/or firmware that power the hardware that makes all these smart devices connect to the internet.
IoT has become a serious intelligence threat and opportunity.