From the course: The Cybersecurity Threat Landscape
Explore the threat of unmanaged IoT devices
- [Instructor] The internet of Things, or IoT can be the source of major cybersecurity threats, including data leakage, distributed denial of service attacks, and any attack that can be launched from botnets. Let's take a look at what the Internet of Things is and why it's part of the cybersecurity threat landscape. More and more devices are being connected to the internet in the name of convenience and control, key drivers for the growth of IoT devices include the rise of cloud computing as the foundational technology for IoT, plummeting cost of IoT devices, common usage of smartphones and tablets to control IoT devices, and easy access to wifi. Practically any electronic device can be connected to the internet and become an IoT device. Common IoT devices include smart home lights, switches, thermostats, home appliances, TVs, security cameras, and even locks. Many health devices are also directly connected to the internet, such as fitness trackers, connected scales, pedometers, and sleep monitors. Personal assistants that respond to voice commands are also popular. And of course, most modern vehicles are also IoT devices. And the number of IoT devices is projected to grow to more than 50 billion by 2025. The problem is IoT devices are often connected to the internet without thinking about their security and IoT devices can be more vulnerable to attacks than servers and network devices connected to the internet. That's because they usually don't have enough computing power to support basic protections like antimalware and firewalls. They also often have built in back doors for maintenance with default passwords that can easily be found on the internet, because these IoT devices are usually directly connected to the internet, attackers can easily exploit these and other vulnerabilities with automated scripts. Once they have control of an IoT device it can be added to a botnet or used as a jumping off point to attack other devices on the same network. According to Symantec's internet security threat report, routers and connected cameras are the IoT devices most infected by malware and the main sources of IoT attacks, accounting for over 90% of malicious activity. One of the most dramatic examples of the threat of unmanaged IoT devices is the Mirai botnet. The attackers built their botnet army by running a simple script against devices on the internet that attempted to log in with 61 known IoT default passwords. If they successfully logged in, the IoT device was infected with malware that directed them to follow the instructions of a central command and control system. The attack was very effective. It's estimated that there were nearly half a million Mirai infected IoT devices, mostly composed of closed circuit TV cameras, DVRs, and routers. They were used to conduct distributed denial service or DDoS attacks against a wide variety of targets. Some good news is governments and regulatory bodies are recognizing the problem of poor or no security standards for devices connecting to the internet. They're proposing minimum security standards for device manufacturers and labeling to raise the awareness of users about how secure their devices are. These requirements are being enforced as laws like the IoT cybersecurity improvement act which was signed into US law in 2020, but with next generation internet capabilities like 5g dramatically increasing data speeds and throughput, we may see IoT devices continue being a key player on the cybersecurity threat landscape well into the future.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.