As IoT attacks increase, experts fear more serious threats
With attacks against Internet of Things devices on the rise, threat researchers are warning companies to make sure they know their devices and have processes in place to maintain and defend them.
In a Jan. 25 blog post, threat intelligence firm Intel 471 stated a surge of attacks on IoT devices in 2020 and 2021 led to the theft of confidential information and creation of massive botnets for launching distributed denial-of-service (DDoS) attacks. The company also saw main malware codebases Mirai and Gafgyt being used to compromise connected devices, with variants of Mirai the most popular way to sell illicit access to targeted firms on underground forums.
The threat will only grow this year as attackers shift to more profit-focused motives, says Michael DeBolt, chief intelligence officer for Intel 471.
“As IoT devices become more and more commonplace, and industries increase their dependency on these devices for their uptime and operations … we expect to see the shift to targeted ransomware and IoT botnet operators working with access merchants to identify potential targets,” he says.
Two trends in the IoT marketplace are converging to create a significant security problem. Manufacturers of a plethora of devices are adding connected functionality for management and updates, as well as to offer additional services, leading to a larger attack surface area in most organizations. However, management of these devices has not kept pace, leaving many of them vulnerable to attack.
In the medical space, for example, 53% of connected medical devices and other IoT devices in healthcare settings have critical vulnerabilities, according to a Jan. 20 report from Cynerio. Intravenous pumps and patient monitors are the most common connected devices in hospitals, accounting for 57% of IoT devices in the average medical setting.
The level of vulnerability in the medical industry means that hospitals and healthcare organizations have to go beyond having visibility into their current attack surface, according to the report. They must also be able to effectively respond.
To read the complete article, visit Dark Reading.