Trend Micro thinks ransomware will hit the Internet of Things (IoT) soon. In a recent blog post by Ziv Chang, Director, Cyber Safety Solution, Trend Micro titled Can Internet of Things be the New Frontier for Cyber Extortion? the company notes that Gartner has estimated that more than 20.8 billion IoT devices will be in use by 2020, but that with manufacturers focused on performance and functionality, most devices could still have outdated connection protocols and operating systems (OS) by the time they go mainstream.
"Remotely controlled light bulbs and WiFi-enabled in-vehicle infotainment (IVI) systems, for instance, are mostly run in Linux and developed in C language without safe compiler options. They also use dated connection protocols such as TCP/IP (1989, RFC 1122), ZigBee (2004 specification) and CAN 2.0 (1991), which when exploited can open up the device to remote access," Chang noted. Cyber attacks are made even easier with search engines such as Shodan and ZoomEye, which identify potentially vulnerable connected devices and computer systems.
The consequences could be locking a car’s brakes or steering system, distorting the screen and preventing normal viewing of a smart TV, or even shutting down an entire rail system, Chang warns. "In June 2016, we discovered FLocker, a known Android lockscreen ransomware variant, crossing over to other platforms and has recently been hijacking Smart TVs," the post said.
The good news is that security for IoT devices is also gaining traction, Trend Micro adds, with global spending on IoT security projected to reach US$547 million in 2018 by Gartner. While Gartner also predicts that 25% of identified cyber attacks on enterprises will involve IoT by 2020, Trend Micro thinks that it will be relatively unpopular. "Hacking IoT devices involve earmarking time and resources. It also entails personalising the attack and targeting specific victims, enterprises or industries from which they can monetise their operations through extortion. It can also be unviable especially for malefactors such as ransomware operators whose hit-and-run business models work by trying to gain quick ROI from as many victims as possible," Chang pointed out.
The company advises potential targets to consider implementing a security audit when designing IoT software/hardware, setting up security gateways, adding endpoint monitoring and utilising real-time log inspection can help mitigate the risks.
Interested?
Read the Can Internet of Things be the New Frontier for Cyber Extortion? blog post, which also details some ways cyber criminals can use to hack into IoT devices
No comments:
Post a Comment