Beware the Internet of stolen things
Digital transformation threatens to become a profitable playground for sophisticated cybercriminals as the cost of data breaches hits $2.1 trillion globally by 2019, warns Juniper Research. That’s nearly four times the financial consequence analysts expect from breaches this year.
The majority of breaches are likely to come from attacks against existing IT and network infrastructure, Juniper Research warns, but Internet of Things (IoT) devices may become future targets. The analysts note that while the number of identified IoT infections remains small, new threats are being reported at an “increasing rate”.
What makes this scenario more challenging is the increased professionalism of cybercriminals. Criminal hacks are becoming commoditized.
Don’t panic, yet: “Currently, we aren’t seeing much dangerous mobile or IoT malware because it’s not profitable,” noted Juniper Research report author James Moar.
While reassuring in the present the Moar’s statement does suggest attacks against mobile devices, platforms and other connected things will become more likely as the potential payloads become more profitable.
“With the absence of a direct payout from IoT hacks, there is little motive for criminals to develop the required tools,” he notes.
But things may change…
A little reported recent attack saw Starbucks customers in the US defrauded of hundreds of dollars. Criminals figured out how to subvert credit card protection using the Starbucks mobile app.
As a sign of what’s to come as apps and mobile payments become increasingly popular, this may be a salutary story for those concerned about their security.
Sophisticated cybercriminals already use authentic seeming “phishing” attempts to harvest user names and passwords – but the bad news is how convincing these attempts are becoming.
Intel Security tested 19,000 people in 144 countries to see if they could spot phishing emails and found that on average they missed 1 in 4 of these attempts.
It’s not as if connected devices are confined to smart homes. Other elements to this ecosystem include network equipment, connectivity services, and more.
“IoT is a growing market and with the number of connected devices, cyber criminals will start looking at ways to intrude the networks and exploit them,” warns Websense Regional Director (India and SAARC) Surendra Singh.
Infrastructure interests cybercriminals. Think about last year’s attack on Home Depot, when hackers used the connected HVAC system to undermine security and steal personal data.
Singh observes attacks against hotel temperature control systems and medical devices have already been attempted, stressing the need to secure IoT devices.
At Mobile World Congress this year, Sophos security researcher, James Lyne, demonstrated how cybercriminals can easily compromise mobile devices and Internet-connected closed-circuit cameras (CCTV), hacking into an Android tablet over Wi-Fi to record video and audio.
“Considering how most organizations are still struggling with Bring Your Own Device (BYOD), the challenges of the IoT comes at the worst of times, particularly when you consider that the IoT includes consumer devices that IT may be forced to support for business purposes,” he warned.
Last year’s HP Fortify Report warned 80 percent of connected IoT devices lacked sufficiently complex passwords, leaving them vulnerable to attack. Other security weaknesses included lack of encryption and user account ID protection.
“IoT offers previously unimaginable connectivity and applications, yet the ease of deployment and the desire to innovate often override security concerns,” warns Singh.
Orange Business Services offers 400 consultants, eight security operations centers and 15 research and development facilities to help you ensure your IoT products are secured. Or explore recent research from Orange Labs here.