2016 was an extremely thrilling year for IT security experts. A controversial hacking discussion surrounded the US election and even outside of politics, high-profile attacks on IT systems were manifold. What many hacks had in common was their origin in the Internet of Things. This includes the November 2016 failure of countless Telekom internet routers in what was probably the most widely felt incident in Germany. In the last few years professional hacker groups have turned to hijacking IoT devices on a large scale to support their illicit activities. But what IoT security measures ensure your systems are not compromised?
High-profile cyber attacks were a frequent occurrence in 2016 with the most prominent cases of Amazon, Spotify, Twitter, and Netflix only the tip of the iceberg. Apart from a few instances which appear to have originated from nation states, criminal groups were responsible for a vast majority of the attacks. As opposed to nation state actors who are primarily interested in the gathering of information, criminals are usually motivated by greed. Unfortunately, stealing sensitive company data, virtual blackmail and extortion are very lucrative fields of business in the digital space as well.
Professional hacker groups have turned to hijacking IoT devices on a large scale to support their illicit activities
Always on – the Invisible Threat
In its October 2016 “IoT Enterprise Risk Report” IT security company Forescout sounded an urgent warning on the dangers of hacked IoT devices in a company environment. Its authors give a vivid account of the enormous risks posed by connected devices. They define three different threat stages: Damaging, Disruptive, and Disastrous. Hacked IP cameras or climate control systems, for example, were recognized as extremely dangerous from an IoT security perspective. Cameras could give attackers easy access to company secrets, manipulated climate controls could even be used to destroy infrastructure, the study warns. Worst case scenarios include fire sprinklers gone wild in corporate data centers, or the cooling system remaining passive despite overheating servers. What worries the experts most, though, is the threat posed by enormous botnets, made up of hacked IoT devices.
IoT Botnets – the Underestimated Threat
With good reason, given the significant increase in IoT botnet attacks in 2016. This comes as no surprise since Hackers are able to hijack many devices effortlessly due to inadequate security precautions by their manufacturers. Affected devices include connected fridges, TVs and other smart home devices to only name a few. Criminals use them to form what is essentially a zombie army of captured computers, to use for so-called Distributed Denial of Service (DDoS) attacks. In this scenario the perpetrators send useless requests via “their” IoT clients to overload their victims’ networks. This strategy is a favorite among cybercriminals, because they do not have to break into their targets’ well-protected systems anymore. They simply have the devices under their control unleash a flood of requests that eventually lead to the breakdown of their victims’ systems. Infrastructure subject to such attacks is not available for regular requests anymore, and thus useless for day-to-day operation. Only when a ransom is paid, the attack is stopped preventing further economic losses for the company. With businesses from web shops to gravel quarries unable to afford longer periods without their IT systems, many lacking an efficient IoT security strategy quickly run out of options and have no choice but to pay up.
IoT Security is Not Optional
Kontron has long been aware of this often underestimated threat. At the same time, we are firmly convinced that no business today has to deny itself the IoT-based productivity and efficiency boosts. Technology trends such as Smart Factory or applications for Industry 4.0 are too promising to have their potential ruined by sloppy IoT security. With this in mind, we have developed the completely new, hardware-based Kontron Security Solution, making us the first embedded computing manufacturer to offer fully integrated protection as a standard in our Computer-on-Modules (COMs) and motherboards. This new product line offers numerous protective mechanisms such as IP and Integration Protection, License Creation, Management and Tracking, License Model Implementation, as well as the possibility to define different access levels. Thus we make sure that only YOU have access to YOUR IoT devices, and that your hardware does exactly what you want it to do, safeguarding your company secrets instead of sending it to obscure hacker screens hidden in the shadows.