Sunday Jan 29, 2023

Dark Web Criminals See the Internet of Things as the Next Big Prize in Hacking

Internet of things hacker
  • Cyber ​​security experts say that 2022 could be a turning point due to the rapid spread of IoT (Internet of Things) devices.
  • There are approximately 17 billion IoT devices in the world today, from printers to garage door openers, each with software (some open source) that can to meet quickly. Cars and medical devices are essential for everyday life and are vulnerable entry points for hackers.

John Hultquist, vice president of intelligence research at Mandiant, a cybersecurity firm owned by Google, compared his work to studying criminals from soda straws. It investigates cyber threat groups directly on the dark web, looking at what is a free market that ebbs and flows from crime.

Organizations buy and sell services, and hot ideas – a type of business for crime – can quickly develop when people realize that it works to hurt or harm people. pay the bill. Last year it was ransomware, as violent criminals figured out how to take down servers through so-called denial of service attacks. But 2022, experts say, may already be a turning point due to the rapid growth of IoT (Internet of Things) devices.

Read: How Does Malware Affect the Internet of Things (IoT)?

Attacks range from those that shut down computers or steal data, to those that can cause immediate damage to everyday life. IoT devices can be entry points for attacks on critical infrastructure areas of cities, such as electricity grids or pipelines, or they can be specific targets for criminals, as in the case of vehicles land or medical devices with software. Meredith Schnur, head of online marketing for the United States and Canada at Marsh & McLennan says, “My wish is that cybersecurity vulnerabilities can’t affect people’s lives and infrastructure negatively.” “Everything else is just business.”

In the last ten years, manufacturers, software vendors and consumers are running for the promise of Internet devices. Today, there are about 17 billion devices in the world, from printers to garage door openers, each of which has software (some of which is software that open) which can be done quickly.

Government Takes

In the discussion Dec. On February 26 in the Financial Times, Mario Greco, CEO of the insurance giant Zurich Insurance Group, said that cyber attacks could pose more risks to insurers than epidemics and climate change, but he if hackers want to disrupt lives, rather than just spy or steal data.

IoT devices are a key entry point for many attacks, according to the Microsoft 2022 Digital Defense Report. “Although the security of computer hardware and software has improved in recent years, the security of the Internet of Things (IoT) … has not kept pace,” the report said.

The series of attacks that have reached the physical world from the cyberworld in the past year shows an increasing level. Last February, Toyota stopped work at one of its factories due to a cyber attack. In April, the Ukrainian power grid was targeted. In May, the port of London was attacked. This was followed by 2021 which included a major attack on critical infrastructure in the United States, bringing down the energy and feed projects of the Colonial Pipeline and the JBS meat stockpile. What many experts are hoping for is the day when criminals or criminals involved in the community will find it easy to replicate using large-scale IoT devices.

Criminal groups, possibly linked to foreign governments, can figure out how to control many things at once, such as cars or medical devices. “We have already seen large-scale attacks using IoT, in the form of IoT botnets. In this case, actors exploiting vulnerabilities in IoT devices have used the control of these devices to carry out denial of service attacks against many purposes. These vulnerabilities are always found in products that are not updated.

In other words, the opportunity is already there. It is only when a criminal or nation decides to act in a way that targets the common world on a large scale. “It is not always possible. It’s a business thing,” Hultquist said. “One finds a strategy that succeeds in making money.”

Besides reacting quickly to attacks, the only answer to the “game of cat and mouse” is always something new, said Shlomo Kramer, one of the first investors of Palo Alto Networks and now one of to make investors all over the world. in the field of cybersecurity.

There are a few companies, a new management system, a growing focus on cars as a particularly important area, and a new movement in the world of software engineering to better integrate cybersecurity from the start.

The Internet of Things Has a Big Update Problem

The cybersecurity industry is upping its game. Companies such as ForeScout and Phosphorus focus on the security of the Internet of Things, which puts a lot of effort into the regular collection of “endpoints” – where new devices connect to the network.

But one of the main issues in IoT security is that there is no good system for updating devices with patches as new vulnerabilities, hacks or attacks are discovered. . Many users have a habit of downloading updates and patches on computers and phones; and even then, a significant number of users don’t bother to update.

The problem is even worse with IoT: for example, who bothers to update the garage door opener? “Few IoT devices have a mechanism for updating the code,” Clark explains. “It’s becoming a big problem to fix vulnerabilities in IoT.”

He said one of the goals of cybersecurity companies is to put control around devices so they can only do one thing. In this way, the devices cannot be used to launch attacks on other networks. “There are a lot of hammers flying,” Clark said, of products that make the IoT secure). Medical devices, which are considered especially important and simple, are the subject of attention. Last month, Palo Alto Networks announced a new product for medical device manufacturers. IoT device manufacturers are not well organized
Because these challenges are new and the industry has passed, US guidelines and regulations are still different.

This has left much of IoT cybersecurity to consumers and businesses across industries, rather than the many manufacturers building IoT devices. “Don’t expect there to be new rules and regulations that force marketers to do more,” says Randy Trzeciak, program director for information science and security management and policy at Carnegie Mellon University. “There should be a national discussion about device reliability and where manufacturers should have responsibility.”

Clark said CISA works closely with the National Institutes of Standards and Technology, providing guidelines for the thousands of IoT device manufacturers that cover things like making sure IoT devices are identify themselves in the network as they go. In 2020, the US Congress turned the directive into law, but only for companies that provide IoT devices to the US government.

A spokesman for the National Institutes of Standards and Technology said the agency is only aware of local laws. Certain state and federal laws also apply: for example, HIPAA will cover data on medical devices, and the National Highway Traffic Safety Administration has jurisdiction over automobiles.

Some entrepreneurs and leaders are cautiously accepting the growing involvement of administrators. “It’s very confusing,” Kramer said. “There is a lack of qualified and experienced security personnel.”

How Cars are Being Targeted

As most hackers focus on the physical sector, cars are a target. This includes theft, with attackers exploiting keyless entry systems, but also attacking sensitive information currently stored in vehicles, such as cards and credit card data.

Led by the European Union, countries around the world are quickly adopting cybersecurity laws for cars, with the EU starting in July of last year. The move to electric vehicles has created opportunities for regulators to stay ahead of criminals. As new technology has lowered the barrier to entry, more drivers have entered the market. This, in turn, has created an opportunity for regulators to work with industry groups seeking to protect their local industries.

Car stress is nothing new. In a remarkable experience in 2015, two thieves attacked a Jeep Cherokee. “They cut the engine on the highway – the brakes didn’t respond. It’s not a happy situation,” said David Barzilai, head of a six-year-old Israeli company called Karamba Security, which helps automotive manufacturers to improve their IoT devices. security 안전한카지노사이트.

Barzilai says that in the past 12 months, there have been many attacks, both by serious criminals and teenagers. “When we started six years ago, it was the states that were leading the fight, especially China,” he says. “In the last 12 months, there has been a democratization” of car bombs, he said, pointing to the trial in January 2022 of a teenager who devised a way to gain control the twelfth of Teslas at the same time, last January. – already completed.

Connected cars often have SIM cards, which hackers can attack through mobile networks, he said. “All cars of the same type of car use the same software,” he said. “Once the hackers find a vulnerability and a way to exploit it at a distance, they can repeat the attack on other vehicles.”

Cybersecurity grew as an industry primarily as a closed concept to fix software and hardware in the market for a long time, as criminals and foreign governments discovered weaknesses in their systems that could be exploited. A study by IBM’s System Science’s Institute found that it costs six times more to close cybersecurity vulnerabilities during software implementation than during development.

The IoT is still relatively new as an industry, allowing security-conscious developers to continue the cat-and-mouse game, Trzeciak says, and there’s a growing movement of researchers and developers working on it. and it. The Carnegie Mellon Software Engineering Institute’s DevSecOps initiative, which aims to strengthen security in the early stages of software development. Innovations based on this process can make all kinds of software, including those in cars and medical devices, secure – and therefore, secure devices.

Marianne Kaiser

Leave a Reply

Your email address will not be published.

Back to Top