Attackers gear up for IOT assaults
DEVICES connected under the Internet of Things (IoT) will become increasingly targeted for cyber attacks over the coming year, experts warn.
The scale of the threat was highlighted by a projection that there would be 11.4 million IoT devices in circulation by the end of this year, researcher Gartner said.
Sherif EI-Nabawi, senior director of Symantec Engineering Asia Pacific, said that the increasing popularity of IoT devices would draw out cyber criminals.
The attacks could show up in a range of fields, including as DDoS attacks that can cripple infrastructure and systems as well as result in fake input to control IoT devices in terms of pictures and voice.
“The IoT devices will provide persistent access to home networks and from there, spread to work resources and cloud services,” EI-Nabawi said.
“The IoT devices will be hijacked and used in attacks against us, such as with the hijacking of voice and VDO inputs.”
Meanwhile, Gartner predicts that global spending on IoT security would reach US$547 million in 2018. This year, more than 50 per cent of IoT device manufacturers will not be able to address threats from weak authentication practices, it said.
By 2020, more than 25 per cent of identified enterprise attacks will involve IoT, though IoT will account for only 10 per cent of information technology security budgets. Gartner predicts IoT security spending will be moderate until 2020, after which it will increase at a faster rate as execution improves.
By that year, at least half of all IoT implementations would use some form of cloud-based security service.
He said that Symantec’s Internet Security Threat report in 2017 shows that cyber-criminals are rapidly adding cryptojacking to their arsenal and creating a highly profitable new revenue stream, as the ransomware market becomes overpriced and over-crowded.
Riches motivate criminals
EI-Nabawi said crytojacking is a rising threat to cyber and personal security. “The massive profit incentive puts people, devices and organisations at risk of unauthorised coin miners siphoning resources from their system, further motivating criminals to infiltrate everything from home PCs to giant data centres,” he said.
In 2017, Thailand ranked fourth in the Asia Pacific Japan (APJ) region and 18th globally in terms of crypto-mining activities among 157 countries and territories.
Rattipong Putthacharoen, system engineer lead at Symantec Thailand, said that IoT devices would continue to be attractive targets for exploitation.
Symantec found a 600 per cent increase in overall IoT attacks in 2017, which means that cyber criminals could exploit the connected nature of these devices.
Apple’s Mac computers are not immune, either, with Symantec detecting an 80 per cent increase in coin mining attacks against the Mac operating system, Symantec said. By leveraging browser-based attacks, criminals do not need to download malware to a victim’s Mac or personal computer to carry out cyber attacks, the company said.
“There are variety of cyber threats that continue to rise in the market, including cryptocurrency malware, email, mobile threat, ransomware, spam and Web threats,” Symantec said.