IOT turns 'Internet of threats'

Read time 3min 00sec
Black hat hackers will pry open the Internet of things in 2015, says Fortinet.
Black hat hackers will pry open the Internet of things in 2015, says Fortinet.

In 2015, the Internet of things (IOT) is likely to become the 'Internet of threats' as hackers will continue to follow the path of least resistance with more and more devices getting connected to the network.

That's a prediction made by network security solutions provider, Fortinet, and its threat research division, FortiGuard Labs.

Market research firm, Gartner, last month predicted there will be 4.9 billion "connected things" in use next year - a number it reckons will rise to 25 billion by 2020.

As the number of devices connected to the network increases, cyber criminals will continue to hone their prowess when it comes to IOT attacks and advanced evasion techniques, while also continuing to exploit large-scale server-side vulnerabilities for financial gains and other nefarious purposes, says Fortinet.

Businesses and government organisations globally are at risk, as is important personal information of consumers, it warns.

"In 2014, we saw an interesting shift - namely Heartbleed and Shellshock - focused on server-side vulnerability and exploitation, says Derek Manky, global security strategist at Fortinet.

"Looking ahead to 2015, we fully expect this trend to continue in an alarming way as black hat hackers pry open the IOT."

The network security solutions provider believes vulnerabilities black hat hackers will look to exploit will include consumer home automation and security systems, as well as Web cams.

On the enterprise side, says Fortinet, network-attached storage and routers will continue to be targets, as will critical infrastructure such as human-machine interfaces and supply chain systems.

"Our white hat threat researchers step into the black hat world on a daily basis, and think in tandem with the enemy, to help protect against the enemy," says Manky.

"As threats move to attack new products and software solutions, organisations are at even greater risk. It is imperative they choose not just a security solution, but a proactive and intelligent solution to protect them from the broad breadth and depth of growing attacks that firewall solutions alone will not stop."

Doros Hadjizenonos, Check Point SA's sales manager, concurs, saying as more IP-based appliances are introduced into the workplace and home environments, enabling a better-connected, more efficient world, it also gives criminals a better connected, more efficient network for launching attacks.

"We need to protect devices, as well as protect ourselves from these devices as more and more of them come online. Wearables and 'companion devices' that connect to tablets and smartphones are already infiltrating networks - and companies need to be ready for the impact of these," says Hadjizenonos.

He adds cyber attacks on public utilities and key industrial processes will continue, using malware to target the SCADA [supervisory control and data acquisition] systems that control those processes.

As control systems become increasingly connected, this will extend the attack vectors already exploited by well-known malware agents such as Stuxnet, Flame and Gauss, he notes.

"Whether these exploits are launched by nation states, or by criminal groups, they are already widespread - nearly 70% of critical infrastructure companies surveyed by the Ponemon Institute suffered a security breach over the last year."

See also