Here in the industry, we’ve been spending lots of air and ink talking about how we can secure our electronic borders and keep the dangerous hackers out who want our valuable data. A new study has come out saying that the real danger to the larger world isn’t what IoT devices are collecting. The real danger is that we’re a gateway to bigger systems.
Nexusguard, a global Distributed Denial of Service (DDoS) security solutions provider has released the findings of an in-depth security report that examined the risks that come with always-online IoT devices that haven’t been secured properly. The report was conducted by Cybersecurity Ventures.
According to the report, IoT devices carry inherent risks, especially from insufficiently secured routers than can be used as jumping off points for aggressive DDoS attacks. These devices can be exploited by bad actors during software updates and then used as proxy servers to attack targets. DDoS is often the first wave of attacks by hackers, the report says, who can use them to distract companies from other more targeted intrusions. Unsafe routers can also be used in Simple Service Discovery Protocol (SSDP) reflection attacks, which are used to target unpatched or un-patchable routers. These SSDP attacks are especially dangerous because they can use vulnerable routers to amplify an attack beyond normal bandwidth limits while also hiding the original source of the attack.
“IoT brings new layers of interconnectedness and efficiency, but the risks cannot be ignored,” said Steve Morgan, CEO, Cybersecurity Ventures and Editor-In-Chief, Cybersecurity Market Report and Cybersecurity 500. “We created this report to highlight the risks that come with IoT devices, as more and more of these objects are connected to the internet and built with exploitable lightweight security.”
By the end of 2017, more than 20 percent of businesses will use security services to protect IoT initiatives, the report predicts, and as a result security research and spending will have a market lift through 2025. Through this period, IoT devices will become obsolete, and as older devices are no longer supported by manufacturers, there will be increased opportunity for hackers.
Nexusguard released the following security statistics: in the seven days before the release of the report, the company saw 64 Internet-based scans for SSDP services and, in a recent attack, the company tracked 559 edge devices that were being exploited. More than half were located in the USA, China, Bulgaria and Russia.
“Home routers and other similar Internet-connected devices are easy access points for hackers, who can use them to launch DDoS or setup proxies for internet fraud that can shut down ISPs or cripple a business,” said Terrence Gareau, Chief Scientist, Nexusguard. “These attacks can be especially harmful to the providers of IoT services, for example if an alarm system is controlled by an app, the attack could completely shut down this capability, rendering the entire service unusable. We believe it is important to raise industry awareness about the persistent IoT threat.”