Your IoT Devices May Be Weaponized (and What to Do About it)
One of the most significant areas for cyberattacks on businesses, networks, utilities and other critical infrastructure is through IoT devices. These attacks range from denial of service to ransomware and information theft to aggressive destruction of information and cyber-physical systems. The devices involved can range from security cameras to monitoring devices and any other device or control system that is either connected or considered “smart.” Who cares if someone hacks your security camera or non-critical IoT device? In addition to privacy concerns and nuisance problems with non-critical systems you may unwittingly become part of a more complex attack. Using malicious code, a hacker may use a number of IoT devices as part of a botnet to mask themselves and to use the power of multiple systems to launch an attack. In effect, they weaponize your IoT devices. Now complex software allows hackers to perform these attacks using machine learning and augmented intelligence without direct involvement. At this moment a great many of the over 10 billion currently connected devices have either default passwords or are directly connected without security as most homeowners, tradespeople, installers, vendors and OEM salespeople are untrained and unaware of the consequences. In this presentation we will discuss the impact of the known weakest point in our cyber-defenses: the IoT device. We will then discuss some of the strategies and framework developed by the U.S. Government that can help improve the trustworthiness and resiliency the digital Wild West.