IOT As A Business Platform For Cyber Criminals

IOT As A Business Platform For CyberCriminals

To make this world a better place to live, there are a lot of innovations in technology that is causing this easier. Internet Of Things happened to be one among such innovations that bring smart life into reality. Despite IOT being one of the significant technological advancements made, it has its limitations regarding security.

What is the Internet of Things (IOT)?

Any physical device that is capable of executing instructions when embedded with necessary software connects the other. The process of creating a network to make these devices exchange data to communicate is what we call IOT.

IOT network provides connectivity among automobiles, smartphones, smart homes and their applications., to remotely access features. Each device connected will be provided embedded computing system to interact. Different categories have proposed based on the devices connected through IOT consumer applications, smart homes, enterprise IOT, media, infrastructure management, agriculture, etc.

What is CyberSecurity?

CyberSecurity is to avoid theft of information, unauthorized access, spoofing, phishing kind of unwanted activities on the internet/interconnected networks. Cyber/Computer security takes care of adequately authorized data exchange, transactions and recognize unusual activities happening among the devices on the network wanted or by mistake.

Inducing wireless internet networks like Bluetooth and wifi to every possible device helps them to connect with each other on the internet. Each device connected has to be

provided protection, as hackers can use this kind of devices to get into the network to breach.

IOT meets CyberSecurity

Innovations in IOT have made it easy to connect even tiny devices to the network, thus expected there would be more than 30 billion devices to be connected through IOT by 2020. According to Sussex-based beaming, there was 70% increase of cyber attack in 2017 through private networks that are used to connect devices like cars, homes, etc.

“CyberCrime As A Business” to “Web Of Profit”

Predictions made by experts in 2014 about some of the significant cybersecurity issues expected with the increase of IOT. Cybercrime was once a business and may follow standard timings to attack. Ransomware as a service is an example of Cybercrime business where real malware hacking tools are employed to attack that can generate revenue out of it. New reports of 2017 came up with an estimate of cybercrime revenue , as $1.5 trillion every year which is equal to Russian GDP.

Expected crime categories and their annual returns:

Image Source: https://venturebeat.com/

 

Cybercrime provides Platform

Reputed business giants like Amazon, uber have got their business models with top class strategies for their organizational success. The same is happening with these cyber criminals who offer cybercrime as the next business model with good revenue. They come up with new innovative ideas in trying to hire small vendor groups with plans to execute organized cybercrime, which includes providing tools used to exploit, customized spyware, etc.

Major Cyber Attacks

  • Man-in-the-middle Attack

Hacker interprets the conversation between two peers, and access original information. One of the dangerous attacks as the peers in the communication may not be able to identify who is sending the data and the data transmitted is valid or not.

  • Identity Attack

IoT devices help in identifying one’s identity. Smart watches, smartphones, fitness trackers, etc., will have some pieces of your information, and when hacker integrates all the data into one, it will give most of your information making it easy to crack your identity.

  • Denial of Service(DoS)

Hackers try to disturb the services provided on the network that will affect their customers in their regular operations. Distributed Denial of Service(DDoS) attack is very often in IoTs are handled by botnets, designed to attack the single target in the network. Once service is denied, hackers blackmail to withdraw attacks.

  • Social Engineering

Hackers ability to manipulate users to share their personal information like bank details, passwords, etc., is termed as social engineering. Psychologically disturbing

users to believe them as trusted ones thereby stealing information. The standard way of social engineering is email phishing which will be led users redirect web-pages that look alike the original bank websites.

CyberSecurity Challenges with IOT

IOT enabling devices to interconnect has no doubt become a playground for cybercriminals. Before IOT, it was not that easy to peek into public networks. But with this modern IOT, cybercriminals can quickly get into systems using IOT connected cars, IOT enabled tiny physical devices that compromise security or automated smart home devices. Once they get access to IOT, the amount of data breach expected is more than one’s imagination.

Interpol has already warned about the all the devices connected to IOT are at risk and mentioned the example of cyberattack Mirai BotNet. In the year 2016, Mirai bot has infected thousands of routers that have got weak passwords and used them for Distributed Denial Of Service(DDoS) to attack WWWs.

Research on CyberSecurity – Use Case

Wind Turbine Hack , research conducted to explain the ability of hackers to disrupt cybersecurity. With the permission of wind energy companies in 2017, it was undertaken and projected in Black Hat Security Conference, how quickly one can disturb networks connected with wind turbines. Jason Staggs practically explained how one could gain access to turbines. All the information about the turbine manufacturers, locations, and the name of the owners are kept secret. Secret commands by Staggs have disrupted the network, and with the access to one turbine, one can pull the data of all other turbines in the network system.

Many of such use cases were held to find innovations of providing security through IoT network devices.

Areas to be focussed on avoiding cybercriminal access

  • Interface used to provide web services have to be more secure.
  • Authentication and authorization of services and information.
  • Securing network services.
  • Updated encryptions to be made for data transport.
  • Privacy concerns about the user and the provider.
  • Secured IOT enabled devices interface.
  • Cloud security, a lot of data is exchanged to and from the cloud.
  • Security configurations along with physical security can enable network breach.
  • Embedded software into devices is to be secured.

Secured IOT as a mission

Interpol conducts Digital Security Challenge every year to express their research on cyber threats and vulnerabilities that are expected to damage network environment.

Updating software associated with small IOT devices and applications like fridges, smart homes will help in reducing cyber attack. May not altogether avoid but reduces.

Certification for IOT enabled devices can help in developing secured devices that will, in turn, reduce the access through it, when connected to the network.

General Data Protection Regulation(GDPR) of European Union is going to charge penalties up to four percent of the annual revenues of the companies that compromise on personal data of their users.

Cybercrime court is to be built in London specially to tackle cyber frauds when the reports claim about £11 billions in the year 2015-2016.

Trends are expecting to hit IoT very soon.

Intel’s 17-bit test chip, IBM’s 50-qubit quantum computers, Microsoft’s new language to develop quantum programs will raise new security threats in quantum computing, as this can perform many combinations to decrypt any encryption.

IoT botnets are spreading their potential towards the biggest cryptocurrency market. Many believe blockchain cannot be hacked, but some cases burst this fact, Portnox CEO Amitai said.

IoT Attack Surface Areas Project came up with the kind of vulnerabilities expected using various attack surfaces that belong to different sectors. And Open Web Application Security Project(OWASP) can help you with guidelines that will eliminate such vulnerabilities further.


Also Read: The Ultimate Guide to Learning IT Security


Conclusion

Internet helps you connected with people, devices, etc., to make lives easy. But every platform hackers take every platform for granted to explore and express their innovative ideas in disrupting the networks to prove their potentials. Governments have already started to share notice about the threats happening in and around the nations to make people aware of such activities. IoT, when integrated with advanced cybersecurity, will be expected to deliver more comfortable life ahead. “ Be cautious when connected.


Contributor: N Subash Reddy

Authors Bio: N Subash Reddy has been the senior content writer at Mindmajix. His writings focus on latest innovations in software and technical updates. Prior he was web developer familiar with most of the web and UI technologies. He is computer science post graduate. You can connect with Subash at LinkedIN, Twitter and Facebook.