Being used in hitherto unheard of sectors, IoT is gaining momentum day in day out! Due to which more and more companies are jumping on the IoT bandwagon with various point solutions and capabilities.
Everyone is going crazy over the term internet of things. And the tech isn’t limited to devices as it is smart enough to hold just a couple of chips, especially the ones which are frequently hidden out of sight and out of mind. However, at some point, analysts seem to be are excited to discover its potential while others have argued that it is overhyped. Besides, there is no denying in the fact that the Internet of Things (IoT) high-profile breaches and attacks are dominating headlines daily. With new threats emerging, we have a real problem! Day in day out, IoT is becoming a headache for any cybersecurity professional.
IoT devices are set to grow at breakneck speed within the next decade; showing no signs of slowing down. So, what to do? I will tell you; Cybersecurity is the only solution to look upon. On the one hand, the world seems to be embedded into applications, improving identity management and producing more effective threat intelligence solutions while on the other hand, companies seem to produce tools and techniques to protect all the emerging IoT endpoints with potential vulnerable exploits.
Down below, I would like to mention emerging cybersecurity threats that business, technology, and security leaders need to take seriously this year.
1. Cryptojacking– One of the biggest threats that might impact businesses in the past two years is ransomware. Due to we all seem to be exploited to several basic vulnerabilities including lack of network segmentation and backups. The bad guys are seen employing the same variants of ransomware which were previously being used to encrypt data to ransom an organization’s resources and systems to mine for cryptocurrency- commonly known as crypto-jacking or cryptomining.
With the increasing rise of cryptojacking, many SMB leaders are seen using a plethora of resources, applications so that things cannot go out of the window. And these application systems, computers, and resources can be used to mine for cryptocurrency. And I personally find it as one of the biggest threats seen right from that standpoint.
2. Geopolitical risks- More and more organizations are seen considering where their products are based or implemented and where their data is being stored. Now the actual scenario is threat actors emerging from nations like Russia, China, and North Korea compel you to follow regulations like GDPR. You require evaluating the intricacies of the security controls of their vendors and their suppliers. Unfortunately, many of you happen to look at geopolitical risk as a cyber risk, which is certainly not true! In case, if an organization does not consider location and geopolitical risk, those that store data in a third party or a nation-state that is very sensitive will run the risk of threat actors or nation-state resources being used against them. And this will have a definite impact on the business outcome.
3. Cross-site scripting– More and more organizations are seen struggling to avoid cross-site scripting (XSS) attacks, especially in the development cycle. In fact, it may quite interest you to know that maximum vulnerabilities identified by bug bounty programs are XSS areas- which means it is considered as one of the leading vulnerability type.
Now, these kind of attacks, in general, allows adversaries to use business websites to execute untrusted code in a victim’s browser. By doing this it becomes way easy for a criminal to interact with a user and steal their cookie information especially the one used for authentication to hijack the site without any credentials.
4. Mobile malware– Mobile devices are increasingly becoming a top attack target. A kind of trend rooted in poor vulnerability management. One of the most significant pain points in this space is the Android installed. The Google developer site shows that the vast majority of Android devices in the world are running pretty old versions of Android. In the present scenario, it’s quite challenging to get them to continue to support devices and get timely patches because then you’re getting back to mobile issues. So what you need to do is, employee access to an anti-malware solution.
5. Internet of Things (IoT) device threats- Several devices are connected to IoT include routers, printers, thermostats, refrigerator, webcams, and home automation hubs powered by artificial intelligence constructs, such as Amazon Alexa and Google Assistant. In addition to this, there are also smart locks, smartwatches, and many more gadgets that we either kept at home, carry or even wear around.
The Security implications are even greater than we think once we add the next wave of devices that will connect to the IoT: automobile navigation and infotainment systems, advanced medical devices, and automated teller machines, and the list extends beyond what we can even imagine. Down below, I would like to mention certain IoT threats to expect in 2019 and upcoming years.
• Hijacked Devices Sending Spam Emails- Smart appliances, such as the Samsung Family Hub refrigerator which have the same computing power and functionality of a modern tablet, which means they can be hijacked and turned into email servers.
• Hijacked Devices Conscripted Into Botnets– IoT devices can be forced to join malicious botnets for the ultimate purpose of conducting distributed denial-of-service (DDoS) attacks. In fact, hackers are now targeting baby monitors, streaming boxes, webcams, and even printers to carry out massive DDoS attacks that have crippled domain name system servers.
• The Shodan IoT Search Engine– The hacker familiar with remote management of routers could easily take advantage of common SSH keys to intrude upon a home network and search for unprotected IoT devices. It should be noted that Shodan provides substantial information about unsecured devices.
• Privacy Leaks– Skilled hackers can cause considerable damage just by identifying an unsecured IoT device that is leaking the internet protocol (IP) address, which can, in turn, be used to pinpoint a residential location.
• Unsecured Devices– the threat has been the most insidious since the inception of IoT, and device manufacturers have been partly complicit. When IoT devices are shipped to stores with default “admin” usernames and “1234” passwords (here’s how to create a strong password), consumers cannot be reasonably expected to change and secure the credentials unless the manufacturer insists upon it through instructions and reference materials.
Like it or not, cybersecurity remains top of mind for companies dabbling with IoT and IIoT or considering such a move. So what are you waiting for?