EXPERT OPINION
Thankfully , the more creative IoT hacks remain the preserve of nation states . To be sure , there have been plenty of examples , including Stuxnet and BlackEnergy , of a nation hacking critical infrastructure . Those more
For the moment , and it may not be a long one , cybercriminals will satisfy themselves by avoiding the functionality of the IoT and just going after the data . ravenous as ever and the IoT seems just as vulnerable . The SANS Institute found that it took two minutes from the moment a DVR with default credentials was connected to the internet to be attacked by Mirai .
While this is clearly a threat , it does upend the direct predator / victim relationship that we are used to , posing the problem of how to address these ‘ victims ’ even if they ’ re not the ultimate target of a crime .
Explaining to people how their vulnerable connected devices leave their data exposed is one thing , explaining to them how their router is now part of an army of kettles , cameras and dolls now being used to attack the country of Liberia is something quite different .
Other threats continue to loom far larger than those that the IoT faces . Financial fraud and ransomware still top the lists for the greatest threat to average users and enterprises . Dull-as-dishwater email phishing is still the biggest attack vector for attacks . Again , cybercriminals aren ’ t too original .
That lack of originality could provide us with clues into how the IoT could be leveraged by cybercriminals in the future though .
If the popularity of ransomware is anything to go by , it won ’ t be long before more people are facing down the barrel end of their encrypted motor vehicles and thermostats .
Indeed , companies are already being threatened with ransomware attacks on their industrial facilities . That same technology could just as easily be turned towards power plants , smart cities and pieces of public infrastructure . creative hacks however require energy , resources and talent in volumes which most cybercriminal groups cannot bring to bear .
For an example of what that might look like we need only cast our minds back a few months to the WannaCry attacks . Aside from shutting down large multinationals and government departments , it also took a bold swipe at the NHS , severely hindering 42 trusts and paralysing frontline services .
It might not fit the letter of the definition , but it certainly lives up to the spirit of an IoT hack ; one which pierces that increasingly thin veil between the on and offline worlds and reaches out to touch us . For the moment , and it may not be a long one , cybercriminals will satisfy themselves by avoiding the functionality of the IoT and just going after the data . u www . intelligentciso . com | Issue 02
43