Just like the visible stars in any night sky, the number of IoT devices may soon be countless and with that, count on at least one vulnerability and probably more for each device. IoT is exacerbating concerns over mobile security threats, as well as exploits that lack a mobile component. IoT will play a role in more than one-fourth of all cyberattacks by 2020.
The sheer number of connected devices forming an attack surface globally and the degree to which these devices and our increasingly connected culture are so easily compromised will continue to compound the issue. A lot of research is going into methods for exploiting IoT. Organizations need to be equally aware of the threats and attack vectors in order to form plans for protection, detection and response.
IoT attack vectors
Enterprise data stores of intellectual property and customer data can seem far removed from a smart home’s intelligent fridge or thermostat. Yet black hat crackers absolutely can spoof that fridge, launch a man-in-the-middle attack, gain control of your employee’s smartphone and from there, potentially gain access into your organization.
The same kinds of IoT devices and hardware that provide efficiencies and conveniences in the home do likewise at the office. The path to your data treasures is greatly abridged when these gadgets are plugged directly into the office.
Attackers are including smart home and smart office IoT in botnets to attack the enterprise. Due to limited security for IoT, black hat crackers can readily use these devices in the same way they do zombie computers, building and maintaining significantly larger botnets and enabling their botnet armies and C&C servers with more power and an extended grasp to launch more efficient and effective attacks.
As with other DDoS attacks, these can be used to overwhelm cybersecurity while another much more damaging attack takes place. Furthermore, with their added size and strength, these IoT botnets (or botnets combining IoT gadgets and zombie computers) can send many times more Phishing emails, exploding the likelihood that someone will fall prey and infect the organization. There are many examples of how weaponized IoT devices that form botnets for DDoS attacks can do harm.
Black hats have demonstrated attacks where the successful manipulation of IoT can lead to hacks on gmail. With so many business personnel using gmail, this is another potential path into the enterprise for the hungry attacker.
Don’t forget the IIoT (Industrial Internet of Things) and SCADA devices that industry is increasingly connecting to the Internet. An internet connection is all attackers need to find and manipulate IIoT and SCADA devices and bring affected parties to their knees through the compounding repercussions of their acts.
Cybersecurity for IoT: Where to Begin
To secure IoT, begin now to select and design IoT assets, deployments, and infrastructure with centralized monitoring and management in mind. This way, you can start to secure IoT hardware from a central system rather than by doling out nonuniform security measures here and there a bit at a time. Read about increasing your secuirty posture for better IoT defense.
You can read the original article here.