IoT Devices, The Biggest Threat To Cyber Security

by CXOtoday News Desk    Sep 03, 2015


Intel Security has released a five-year retrospective report on industry threats, stating that rapid connectivity and greater adoption of Internet of Things (IoT) devices means that people are becoming an increasingly attractive target for cyber criminals. 

The report shows while people have become dependent on devices at the cost to their security and privacy, allowing malware and ransomware attacks are rapidly on the rise. The report also said that businesses and consumers still do not pay sufficient attention to updates, patches, password security, security alerts, default configurations, and other easy but critical ways to secure cyber and physical assets.

The McAfee Labs Threats Report August 2015 reveals that IoT devices are just beginning to be exploited as adoption increases. “The sheer volume of devices has grown faster than we foresaw, and into industries that we did not expect, creating a massive attack surface. So it is only a matter of time until IoT device threats are widespread,” it said.

Intel Security noted that it had predicted in 2010 that the increase in device users, bigger networks and cloud-based services would create a “perfect security storm”, but admitted this had come about faster than it expected. ”The adoption of cloud computing, IoT devices and mobile devices moved faster than we expected. Our 2010 prediction of 31 billion internet-connected devices by 2020 now seems an underestimate,” the firm said.

“Consumers have very quickly adopted cool technology. Rapid device adoption is connecting our homes and organisations to the IoT in healthcare, energy, logistics, retail, cities, transport, automotive and manufacturing.”

The report said that although the volume of mobile devices has increased even faster than  expected, serious broad-based attacks on those devices has grown much more slowly than  thought. Over the past five years, cloud adoption has changed the nature of some attacks, as devices are attacked not for the small amount of data that they store, but as a path to where the important data resides.

Intel Security also foresaw threats targeting hardware and firmware components and threatening runtime integrity.  “Increasingly evasive malware and long-running attacks did not surprise us but some of the specific tactics and techniques were unimagined five years ago. We are seeing just the beginnings of attacks and breaches against IoT devices.”

“We were impressed by the degree to which three key factors – expanding attack surfaces, the industrialization of hacking, and the complexity and fragmentation of the IT security market – accelerated the evolution of threats, and size and frequency of attacks,” said Vincent Weafer, senior vice president, Intel Security’s McAfee Labs. “To keep pace with such momentum, the cybersecurity community must continue to improve threat intelligence sharing, recruit more security professionals, accelerate security technology innovation, and continue to engage governments so they can fulfill their role to protect citizens in cyberspace.”

Researchers show that while new versions are automatically overwriting CPU commands once the malware deflects processing capability toward the GPU, that doesn’t mean they are completely undetectable from endpoint security systems. Security researcher Craig Schmugar wrote that Microsoft has a number of key protections that can keep GPU malware from taking over a system, including Patch Guard, Early-Launch Anti-Malware and Secure Boot.

 Intel recommends a number of fundamental practices for protecting against these type of attacks, including enabling automatic OS updates, keeping endpoint security up to date

While these sound like easy fixes, Intel finds that business and consumers still aren’t paying attention to basics of cybersecurity. Updates, patches and security alerts are often and application whitelisting.

The report also takes in the past three months, which is what these quarterly reports usually do. McAfee found that ransomware is growing at a rapid pace, increasing by 50 percent against the previous quarter and 127 percent against the same quarter last year.

Mobile malware attacks have increased by 17 percent against Q1, but infections have fallen by one percent. Spam is also falling, but other flavours of attack are not. McAfee found that there are 6.7 million attempts made to lure people to bad URLs, and 19.2 million infected files slung around, every single bloody hour.