EXPERT OPINION
kind of financially-interested hacker or cybercriminal will work for the ones that are targeting IoT .
To be clear , yes , it is of great significance that industrial control systems ( ICS ) and connected devices are being targeted but cybercriminals are , by and large , a pretty unoriginal bunch . What ’ s more is that they bleed green . What makes them money 90 % of the time will probably work the other 10 %.
Whether it is an email server or a connected kettle , they still want your data . Sometimes , that something is as simple as getting access to a network . As long as a leaky connected device is part of a home or business network , it can be used to infiltrate upwards to higher levels of access and increasingly more valuable information .
Going after smartwatches , Fitbits , or even smart meters can give scammers a unique profile of information about their target . This goes as much for your personal orbit as it does the wider world in which IoT devices are collecting information about you throughout your day . That data , some of it extremely personal , can then be sold or used in an array of identity theft scams . The IoT often provides criminals with the unique data they can use to take those scams to the next level of sophistication .
Spiral Toys , the manufacturer of a line of IoT teddy bears called CloudPets , learnt this lesson keenly when it was discovered that email and password data from 800,000 accounts had been exposed along with two million voice recordings collected by their talking teddy bears . That data , it was discovered , had been accessed by cybercriminals who later held it to ransom .
But one of the largest threats to the IoT does upend the traditional robber / rob victim relationship . I speak , of course , about DDoS . The entry of millions of flimsy IoT devices onto the consumer market provided bold new possibilities for DDoS and botnet herders who quickly went around scooping up all of the badly secured devices they could .
This became apparent last year when botnets made using the Mirai virus perpetrated some of the largest DDoS attacks ever seen . Of particular note were the late 2016 attacks on French host OVH and DNS provider Dyn , which
The IoT often provides criminals with the unique data they can use to take those scams to the next level of sophistication .
smashed previous DDoS records , took down large parts of the internet with an army of enslaved IP cameras , printers and baby monitors .
While 2017 didn ’ t see anything of quite that scale , Mirai herders are still as
42 Issue 02 | www . intelligentciso . com