• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Business   »   Will 2017 be the Year IoT Threats Go Mainstream?

Will 2017 be the Year IoT Threats Go Mainstream?

  • Posted on:January 26, 2017
  • Posted in:Business, Internet of Everything, Security
  • Posted by:
    Ed Cabrera (Chief Cybersecurity Officer)
0

The Internet of Things (IoT) is changing the way we live and work forever. It makes us more productive, healthier and happier, and it enables businesses to work smarter, more efficiently and with greater agility. There’s just one problem: from a security perspective IoT devices are fundamentally flawed. And the bad guys are getting pretty good at exploiting them.

Trend Micro predicts that 2017 could see an avalanche of new attacks on consumer-grade smart devices and industrial IoT environments. These systems may be worlds apart. But the effect of compromises on targeted businesses could be similarly devastating.

Mirai: just the beginning?

If 2016 was the year IoT-powered botnets became big news, then the coming 12 months could see the trend finally go mainstream. After the source code of the now infamous Mirai malware was publicly revealed last year, it didn’t take long before the black hats were using it to probe smart home devices for those featuring default usernames and passwords. They were then able to compromise such devices in the tens of thousands to create botnets capable of launching some of the biggest DDoS attacks ever seen. One allegedly took the African nation of Liberia briefly offline. The most notable targeted the DNS firm Dyn, which had a devastating knock-on effect, taking down its clients – some of the biggest names on the web. The likes of Twitter, Reddit, Spotify and SoundCloud were all affected.

We predict that cybercriminals will this year continue to leverage basic security vulnerabilities in consumer grade devices like webcams and DVRs to build DDoS botnets. After all, the lukewarm reaction to Mirai among the vendor community has proven that there’ll always be vulnerable devices to exploit.  In the crosshairs of hacktivists and financially motivated attackers using DDoS botnets will be service-based, news, corporate, and political sites this year.

Going industrial

At the other end of the spectrum, we’re likely to see an uptick in highly targeted attacks aimed at compromising Industrial IoT systems, like those found in manufacturing and energy firms. Once again, the precedent has already been set. Ukrainian power stations were disrupted in December 2015 and 2016 by relatively sophisticated attackers, leaving many without electricity.

The risk here is not necessarily of data loss but very real physical harm – because IIoT sits at the intersection of physical and cyber worlds. Hack a connected car and you could cause a major pile-up on the freeway. Successfully hack a power station during the middle of winter and who knows what could happen to residents unable to heat their homes?

Unfortunately, in this sphere too, the products themselves are woefully vulnerable to attack. In fact, supervisory control and data acquisition (SCADA) system vulnerabilities comprised nearly a third (30%) of the total number of vulnerabilities found by Trend Micro TippingPoint in 2016.

So what can we do? We can try to raise awareness of security among consumers and manufacturers, to reduce the easy pickings for the bad guys. And from an industrial standpoint, security bosses should always try to keep mission critical systems patched and up-to-date, and where possible, air-gapped from the wider internet. Also, ensure you have network IPS in place to detect and block malicious network packets.

As we head into a new year, we’re all going to have to up our game to mitigate the growing IoT security threat.

Related posts:

  1. 2016: The Year of Online Extortion
  2. 2017 Predictions: A New Year’s Resolution for Security
  3. 2017’s Biggest Threats and What CISOs Can do to Mitigate Risks in 2018
  4. The biggest cyber threats for the rest of the year

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Fujitsu and Trend Micro Demonstrate Solution To Secure Private 5G
  • Trend Micro Receives 5-Star Rating in 2021 CRN® Partner Program Guide
  • Smart Factory Cyber Attacks Knock Out Production for Days
  • Eliminate Hesitations: Security Simplified For Those Building In The Cloud
  • Nuffield Health Depends on Managed XDR with Trend Micro Vision One
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.