We all love Internet of Things (IoT), isn’t it? It has brought ‘things’ a.k.a devices, around us to life - from watch, bed, luggage, bulb and clothes to even buildings (in some time). But that love is now turning into a spoiler. The smart band or watch on your wrist and other IoT electronics are being hacked by malware attackers to turn them into an army of zombie machines, and launch botnet attacks.
Much like October 2016 attack that used IoT webcams and video recorders to block user access to many sites including Twitter, Reddit, Spotify, etc., by spamming the domain name service used by them. Read on as Dhruv Khanna, CEO, Data Resolve – cyber intelligence company shares insights on it.
Distributed denialof-service (DDoS) attacks aren’t new. So using IoT devices are of a new type?
There are multiple types. First is the conventional botnets that target your laptop and desktop servers to track your online activity. Second is the enterprise specific attacks called distributed denial-ofservice attack(DDoS) when botnets blocks all your access to the device.
Third is where your activity and data is captured and sent to a third party. Fourth is where your device is remotely controlled and access is blocked until some money is paid to the attacker. IoT botnets are like DDoS attacks that not just use computers in a conventional botnet way but also IoT devices to break into information and data.
But why IoT devices have become favourites to launch attacks?
Rise of IoT globally is still in its early days hence the level of protection is on the lower end. Moreover there are constraints in IoT devices such as using basic version of the operating system, less processing, storage and computational power in terms of setting up anti-virus and firewall and other security applications to them. This makes them an easy target for attackers to use to them as botnet for attack in comparison to using just computers and laptops which are relatively better secured. For e.g. Mirai botnet that target consumer devices like remote cameras, and home appliances.
The ecosystem in India too isn’t making efforts to be ready. Right?
That’s because IoT here is beginning to take its first step, hence, the awareness around it is not significant. On the enterprise side before pushing business services on IOT devices, as a best practice chief information security officers of the company eventually would have to frame a security manual and controls around IOT devices in terms of IOT device on-boarding, incident monitoring and control. Also, there is a need of regulation to control and monitor them.
Are we better off without IoT?
Not really. Advantage of IoT is that it is part of the cloud ecosystem. Securing the cloud is as good as securing the device. That’s why people are not spending too much on the device level but more on the cloud side. In a typical malware attack you are not able to control the source of attack but in IoT device you can as you know where your service is based on the cloud. But if your cloud application is compromised, it would be difficult to trace it.
So, this is next level of cyber security challenge?
It is certainly the next level of attack. For large businesses, it will be a significant hit on their brand along with data. If10,000 of ant vendor devices in the market get compromised then it will impact on the company. It is not impacting just you as an individual but all the devices that are interconnected to your device and vice versa.
(This article was first published in the May issue of Entrepreneur Magazine. To subscribe, click here)