Internet of Things…or Threats: what attacks on smart devices will look like in 2023
by Vladimir Dashchenko, security evangelist at Kaspersky
Researchers estimate the number of IoT devices will be more than 13 billion in 2022. This figure is predicted to grow remarkably further. Since an average IoT gadget contains 25 vulnerabilities, it gives a considerable attack surface for perpetrators, which leads many cybersecurity researchers not to sleep too well at night. The first signs of the upcoming cyber “document wave” are already here – gigantic botnets, pandemic bugs, and so on. Vladimir Dashchenko, security evangelist at Kaspersky, ponders the future of IoT security in the coming year.
Demand for initial access to IoT devices
To begin with, there will be greater demand for IoT vulnerabilities from cyber criminals. The underground black market will be offering and demanding vulnerabilities like Remote Code Execution and Local Privilege Escalation in various smart/IoT devices, especially those with direct internet access (cameras, routers, etc.). This boosts underground vulnerability research and exploits broker businesses. Besides DDoS botnets and initial access vectors into internal networks, these smart/IoT devices can be used as proxy servers for cyber criminals to pivot network traffic through the compromised devices.
In addition, initial access brokerage will highly likely be on the rise in the nearest future. A large proportion of the initial accesses leading to incidents comes from remote access and management. One of the most popular ways to acquire these credentials is to buy them on the Darknet from initial access brokers. Usually, those credentials are gathered from infected devices: the more attacks there are on IoT, the higher the possibility that attackers will provide access to these devices as a first entry point to corporate networks via Darknet.
Emerging online-to-offline cybercriminal services
Online-to-offline cybercriminal services might emerge, as this could be an additional way to monetize assets that attackers have already acquired. For instance, a botnet based on video surveillance near banks or shops can be a spy service for “classical” criminals, such as thieves. Therefore, security services and products have become increasingly important because they help to stop the spreading of stolen information.
Unauthorized sharing of sensitive data from devices with third parties
IoT devices are already a piece of cake for state-sponsored attackers or shady-marketing platforms, as they gather sensitive personal data such as biometry, which can also be handed to third parties for advertising or espionage purposes. Moreover, turbulent geopolitical times also turn IIoT (Industrial Internet of Things) into a target of state-sponsored threat actors, as it allows them to conduct attacks on industrial organizations, disrupting technological processes, safety systems, and so on.
IoT cyberattacks lead to actual physical damage.
IIoT cyber threats, among other things, can include threats to human life since any external intervention in industrial processes may lead to cyber-physical damage – when a cyber-attack causes physical damage, which might affect humans. Consider enterprises from oil and gas, chemical, and other industries with a high probability of leakage of explosive, toxic, and other gases. Unique gas monitoring systems are used in companies like these to monitor working areas for gas contamination to spot emergencies on time. These systems immediately notify staff responsible for the safety and all personnel in the danger zone. But these smart systems are vulnerable to remote control as well and might be a target of hacktivists or cyberterrorists, especially amidst the volatile political climate we observe now across many countries. If safety alerts are modified during an attack, this can lead to catastrophic consequences, and affect people’s lives. Perhaps in the near future, we will see more cybercriminals targeting smart/IoT/IIoT gadgets not only to get direct financial profit but also to cause (physical) damage, conduct intelligence or spy campaigns, and, probably, create new areas of cybercrime.
IoT-focused APT and IoT brokers are a hot research topic
The hottest topics for security researchers will be IoT-focused APT, IoT brokers, and IoT clouds. Concerning the first topic, detection of such APTs will be challenging since there are no existing unified technologies to monitor malicious behavior on endpoints. IoT brokers and IoT clouds will also be a hot topic for security research, being a possible point of failure for a big group of smart/IoT devices.
Cyber immunity in IoT as a proactive way of protection
The main problem for IoT devices, with their availability and a vast amount of data, is that they are usually secured reactively – in other words, when they are already compromised. Now experts worldwide are creating proactive ways of protection, such as secure by-design architecture principles, security development standards, and vulnerability testing programs. The increasing number of incidents is speeding up the process. Today’s IoT cybersecurity regulation not only concerns security standards but also employs best practices such as the cyber immunity approach.
Cyber immunity is a modern concept in cybersecurity when a device is built with a strict limitation of functionality based on high-security standards, and using secure coding practices. We are following this concept by creating KasperskyOS, but there are other examples.
Various intelligent devices are used in entirely different spheres, making our life easier and more convenient – intelligent vacuum cleaners for the home or advanced monitoring systems in large corporations. The IoT threat landscape is evolving as rapidly as gadgets infiltrate the daily routine, making this cybersecurity segment especially relevant on the eve of 2023. The good news is that we are now at the ideal moment to reverse this process with research and advanced security tools, making IoT threats much less dangerous or eradicating them.
