The internet has been invented for a while now. It connected people from all around and brought the world together. With the invention of Internet of Things (IoT) now, it’s not just about connecting people together, but it is about connecting things. With the rise of the Internet of Things, comes a lot convenience, such as refrigerators that let you access the internet and call for service in the case of any malfunction.
People are rapidly adopting these smart devices to make their life easier. Even the companies are installing IoT devices without having even knowing IoT vulnerability threats that can paralyze their own business very quick. According to Forrester report, about one in five firms globally have already adopted IoT, while another 28% are planning to deploy it in the near future.
Months earlier, hackers used this so-called malware named “Mirai” to identify millions of home and office devices that had weak security. The hackers then put those devices in a network by forming a botnet and launched Distributed Denial-of-Service (DDoS) attacks to shut down the organization’s network. Some experts described this attack as a threat to free speech, and it underscores that there is a quickly emerging dark side to the widely dubbed Internet of Things.
There are already many fields of application within IoT, they range from DVR products, LED Bulbs, Printers, Smartphones, Self-automated cars, Refrigerators, etc. Imagine Refrigerators reminding the company to purchase office equipment and automatically re-ordering the things when they run low. But what will you do if your own refrigerator sends you the junk emails or even worse (who knows)?
Do you know about this attack, wherein attackers used the thousands of household appliances including refrigerators to send more than 750,000 malicious emails to the targeted enterprises and individuals worldwide?
Those attackers used a little-documented feature of most basic email (SMTP) servers called an “open relay” to send their emails through the targeted email server to the end destination, with having the email appear to have originated from the original targeted email server. During the attacks, some experts remotely queried these servers and the servers responded with an explicit identification, including well-known file structures and content. Saying that “Hi! I’m a fridge”. The unusual part of this attack was the servers with the open relays were owned by people who did not have a clue that they had an email server because the servers were hidden in a fridge.
What should companies do to prevent these kinds of attacks?
In the near future, IoT is expected to offer complex connectivity of devices, systems, and services that go beyond machine-to-machine communications (M2M) clearing a variety of rules, domains,
Research firm IDC predicts that more than 200 billion smart devices will get connected to the Internet by 2020. But these Internet of Things (IoT) devices are typically not protected or monitored by dedicated IT teams or by network monitoring software to receive latest security patches or issues as they arise.
The result is that companies can’t expect IoT-based attacks to be resolved at the starting stage; instead, they must prepare for the inexorable increase in highly distributed denial of service attacks, phishing attacks on employee inboxes, and clicks on malicious links.
There are some basic steps everyone can take to protect themselves and their smart appliances from such attacks:
1) Make sure your device is running on the latest firmware.
2) Change your default usernames and passwords regularly to prevent against data breaches.
3) Make sure your router is configured with NAT (network address translation) mode, with the firewall on and no ports open.
According to the research firm “Gartner”, by 2020 IoT will account for less than 10% of IT security budgets. Specifically, in Southeast Asia, organizations are generally not prioritizing IoT security due to internal security cultures and the prevalence of ad-hoc security systems.
We know how virtually everything these days is connected to the internet? And how companies don’t give a crap about security? Well, this will bring us a lot in the future, where our owned appliances will turn against us.