BACKGROUND:
It has been reported that Internet of Things (IoT) devices are more popular targets for cybercriminals than ever before, a new report from Kaspersky has claimed. The company says that in the first half of 2021, the number of attacks against IoT devices doubled compared to the same period last year. Kaspersky created a number of honeypots, essentially pieces of software that imitate the behavior of a vulnerable IoT device, to build its research. During the first six months of 2021, the company detected more than 1.5 billion attacks against these honeypots, twice as many as during the same period in 2020. Most of the time, the crooks would use the telnet protocol in an attempt to establish a connection (a protocol usually used to access and manage devices remotely). Sometimes, they’d also use SSH and web, as well.
<p>IoT exploitation is on the rise and critical to business success mainly to augment throughput and operations and to secure the ecosystem. In tally, ascending the IoT solution presents an arduous challenge as businesses scuffle with the complexity and technical impediments. Those adopting IoT as part of a culture and who prioritize investing in the right technical staff could overcome barriers sooner.</p>
<p>COVID-19 is having an undeniable impact on the world and IoT expansion. With rising trajectory for an emerging technology such as Artificial Intelligence, Edge Computing, and Digital Twins that are becoming more and more a part of connected ubiquitous compute & connectivity particularly within their IoT plans.</p>
<p>That is an unabridged proportion of IoT devices and protecting such a colossal attack surface is no easy task, especially when there are so many varying types and security standards on the devices. The prevailing concern from a security operations perspective regarding those billions of IoT devices, is that anything connected can be hacked. Each IoT device represents an attack surface that presents attackers with an avenue into your data. </p>
<p>And unlike laptops and smartphones, most IoT small factor devices hold less processing and storage capabilities. This makes it difficult to employ anti-virus, firewalls and other security applications that could help protect them. At the same time, edge computing intelligently aggregates local data, making it a concentrated target for sophisticated threat actors. Ransomware can also target applications and data in addition to IoT device hardware.</p>
<p>As there is a growing rate of IoT attacks, especially when trends of remote work and remote offices are considered, it is increasingly important to know and understand the threat landscape. The U.S. General Accounting Office GAO identified the following type of attacks as primary threats to IoT:</p>
<p>Denial of Service</p>
<p>Malware</p>
<p>Passive Wiretapping</p>
<p>Structured query language injection (SQLi controls a web application’s database server)</p>
<p>Wardriving (search for Wi-Fi networks by a person in a moving vehicle)</p>
<p>Zero-day exploits</p>
<p>Ultimately, the Internet of Things (IoT) intensifies supply chain vulnerabilities. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices. The increased integration of endpoints combined with a rapidly growing and poorly controlled attack surface poses a significant threat to the internet of things.</p>