Internet of Things (IoT) devices have become ingrained in our daily lives from changing the thermostat to checking a smartwatch. The upside is that IoT offers helpful conveniences yet on the downside they provide many opportunities for cybercriminals to infiltrate them.
Even something as simple as the TV remote has become a possible vulnerability. Last year, Comcast’s Xfinity voice-activated remote was found to have a security flaw that could let hackers eavesdrop on users’ private conversations in their homes. Comcast was able to quickly fix the issue and no consumers are thought to have been affected.
Numbers on the amount of IoT devices out there vary but all point towards a definitive rise in their use. As the reliance on IoT continues, along with it so too are the attacks. Attacks on IoT devices doubled in the first half of 2021. From January to June, there were 1.51 billion IoT breaches which was up from 639 million in 2020.
What is a Distributed Attack?
A distributed attack takes the form of a denial of service (DoS) attack or a distributed denial of service (DDoS) attack. Both types have the goal of making a service, website, or other resource unavailable by using botnets. The main difference between the two is that a DoS is a system-on-system attack, and a DDoS involves several systems attacking a single system.
There were 2.9 million DDoS attacks in the first quarter of 2021, a 31% increase from the same time in 2020. The tools used by attackers to launch distributed attacks are becoming easier to use and at the same time, the attacks themselves are becoming more complex. F5 examined the DDoS attacks that happened between January 2020 and March 2021 and found that in 54% of the incidents, threat actors used multiple techniques to launch simultaneous attacks in an attempt to overwhelm the victim’s defenses.
Why is IoT Under Attack?
Criminals are attracted to using distributed attacks on IoT devices because they are considered soft targets that are easily hacked. Numerous devices have almost non-existent security protection such as weak passwords or missing software updates. Many are interconnected which compromises multiple devices even if just one of them is hacked. These make IoT vulnerable for criminals to come in and use the botnet to take control of the device and wreak havoc on it.
Cybercriminals are leveraging remote work and the pandemic to execute IoT attacks in related areas. These include:
- Work from home: Many employees are using their less secure home devices such as personal routers, smart speakers, and printers.
- Treadmills: Connected treadmills, such as Peloton, are getting more usage but these devices connect to a network and share health aspects such as heart rate.
- Medical devices: Ultrasound or MRI machines often run on legacy systems that were built without the security support that is needed in today’s world. In a study, almost half of all respondents said their staffing for medical device and IoT security is “inadequate.”
- E-learning: Teachers and educators are using smart boards and projectors for remote learning, but these devices often connect with the school’s network so cyberattacks can easily spread throughout the system.
What Security Measures Help Prevent IoT Attacks?
69% of enterprises have more IoT devices on their networks than computers and 93% are planning to increase their spending on security for IoT and unmanaged devices. Here are some action items to consider for the security of the IoT devices at your enterprise:
- Disable Universal Plug and Play (UPnP): UPnP is a convenient way of allowing gadgets to find other devices on a network such as letting a printer automatically connect with a laptop. However, this lets a hacker easily infiltrate an entire connected network.
- Implement software updates: Regularly check with the manufacturers of IoT devices about the latest security patches and install them immediately. Alternatively, check to see if the manufacturer offers automatic updates.
- Disconnect if the internet is not needed: Not all IoT devices, such as smart refrigerators or digital cameras, need to be connected to the internet to function properly. Look at each device’s features to determine if a connection is truly needed.
- Pick strong passwords: We know you’ve heard this a million times, but it is important to use different passwords for each device and enable multi-factor authentication on all of them.
- Create a separate network: Set up a separate Wi-Fi router that can be used exclusively for IoT devices so that the main network is protected from threats. Keep important devices such as smartphones and laptops on the main network.
Cyberlocke offers industry-leading IT services that support efficient and secure operations To drive productivity, increase security, and improve business value. Let’s talk.