The Internet of Things (IoT) is one of the most targeted segment in the last few years. In this guide we will present where the most aggressive attacks are executed.
The State of The Internet of Things Attacks
Major networks were disrupted this year by massive IoT attacks. The reasons why they happen is that its relatively easy to exploit a large number of devices or smart appliances with easy to use tools. Many IoT products feature bad configurations and weak security features that cannot prevent the sophisticated (or easy for that matter) attacks that the hackers employ. The reasons why security fails in this market segment are actually very simple:
- Bad Default Configuration – The vendors ship the devices with very insecure default configuration options enabled that make it very easy for hackers to compromise the devices. The owners of the appliances often do not change the base settings and this fact adds to the problem.
- Old Software – As every IoT appliance runs code that connects to the network this in turns means that it can become vulnerable to protocol, operating system and userland programs vulnerabilities. Many consumer-grade IoT devices do not receive regular updates (or none at all!) on time. This allows for easy exploits. Its important to perform regular software updates. To learn more about this problem read our in-depth article.
- Bad Security Policies – Most users do not follow adequate security policies when they set up or use their devices. The most often cited example is the password. This is the most essential security mechanism and in most of the hacker attacks easy passwords only take seconds to brute force. There are some creative ways to craft a good password using a technique known as Diceware, click here to find out more.
We would like to give you some insight on which segment the hacker attacks are the most numerous.
Where the Internet of Things Is Hit the Most
We have observed IoT attacks in many market segments over a myriad of different connected appliances, inducing not only breaches, but also service slow downs and other types of damage. And here is top ten lists of where the hackers like to hit.
- Industrial Facilities – This is the most likely market segment of IoT products that are targeted by hackers worldwide. This is done by targeting security vulnerabilities via exploit kits or directly launching malware attacks. One of the big campaigns against industrial IoT was done with the PLC Blaster malware.
- Cars – IoT is getting more and more integrated into cars. There have been major security weaknesses in many of the recent implementations. Read our in-depth guide for more information on the topic.
- Video Cameras – As we said before, the IoT devices can be easily hacked when their default configuration are not changed. Most video cameras sold today have a networking function that enables remote management and control of the target security zone. Unfortunately a really large amount of streaming video cameras are exposed on the Internet and can be viewed by anyone. Online real time streams are available from personal home security systems to hospitals and industrial sites.
- Utilities – A major IoT attacks was mode in January against critical power infrastructures in Ukraine which shut down 30 power substations.
- Building Infrastructure – Hacker attacks can hit Internet-connected locks, elevators and other essential access devices.
- Transportation Networks – Many cities are upgrading parts of their transportation infrastructure to a new generation of “smart” additions. Imagine what a hacker could do the city if they take possession of all the connected traffic lights or smart signaling systems used by many metropolis cities in the world, it would be a disaster. Such scenarios are very difficult to actually carry out, however these attacks have not stopped and they will probably continue, until the criminals succeed.
- Medical Devices and Hospitals – Lots of medical devices and hospital systems already use network-connected smart devices. Unfortunately they have proven to be an easy target to hit. Security tests have found that hospitals often don’t encrypt their data and that can lead to severe problems. Read our article on this topic for more information.
- Retail Shops – Its not surprising that retail shops are one of the biggest targets in the Internet of things realm. We witness serious data base breaches, payment card details theft and damage against large retail chains almost every day. Just remind yourselves of the Vera Bradley breach.
The Consequences of The Internet of Things Attacks
There is no way of stopping the hacker attacks that target the IoT segment as it contains the two most essential components that hackers seek:
- Profit – The caused damage in many of the above mentioned cases can severely impact the owners of the IoT appliance.
- Weak Security – Many of the carried out attacks are easy to launch due to the weak security employed by the devices.