As we move towards a “smarter” world, the adoption rate of IoT (Internet of Things) and IIoT (Industrial Internet of Things) has grown exponentially. A leading market research firm predicts that the IoT platform market, alone, is all set to grow by USD 12.52 billion by 2025. When it comes to the IIoT data collection and device management market, 39% of the growth is expected to originate from North America alone. Since Growth is very quick, it is very important to avoid Cyber Crime through IoT.
While, on the one hand, these facts and figures highlight the potential of these technologies – on the other hand, the sheer numbers reflect the huge treasure trove of data these devices hold. This also means that the footprint of potential access points for cybercriminals will grow exponentially.
We have found the most powerful way to avoid Cyber Crime:
To put things into perspective, towards the end of 2021 a botnet named BotenaGo targeted millions of routers and IoT devices with 33 exploits which is the most powerful way to avoid Cyber Crime. With a rather low antivirus detection rate, the malware manages to evade defense solutions successfully. What this attack resulted in for businesses was not only potential loss of critical data and finances but also operational disruption and possible dent to their hard-earned reputation.
According to our threat intelligence team, botnets are just one of the many ways in which cybercriminals launch attacks. Denial of Service (DoS), Man-in-the-Middle, Ransomware, Privilege Escalation, Brute Force, Firmware Hijacking, Data Encryption, Eavesdropping, and most of all Physical Attacks are other ways in which threat actors target IoT and IIoT devices.
As per our cybersecurity predictions, in 2022 we will continue to see an increase in business adopting of IoT/IIoT devices and increased number within our homes. We will also witness the attacks on IoT/IIoT and its continued convergence of OT devices, edge computing devices – where data is operated on as close as possible to the point it is collected, as well as a centralized cloud infrastructure that is vulnerable.
Here are some ways to protect your infrastructure:
Move beyond the traditional model of security awareness towards improved simulation and training exercises that mimic real attack scenarios, account for behaviors that lead to compromise, and are measured against real attacks the organization encounters.
Block exploit-like behavior. Monitor endpoints memory to find behavioral patterns that are typically exploited, including unusual process handle requests. These patterns are features of most exploits, whether known or new. This will be able to provide effective protection against zero-day/critical exploits and more, by identifying such patterns.
Minimize network exposure for all control system devices and/or systems and unless there is a business requirement make sure they are not exposed to the Internet.
Locate control system networks and remote devices behind firewalls and isolate them from the business network.
IoT device owners should keep their software and applications up to date and use complex, unique passwords for accounts associated with their devices. Further, they should avoid connecting to vulnerable devices from untrusted networks, such as public Wi-Fi.
IoT device manufacturers should apply controls around Web APIs used to obtain Kalay UIDs, usernames, and passwords, as this would decrease attackers’ ability to access the data, they need to remote access target devices.