Rapid Rise in Monetization of IoT Attacks
An investigation by Trend Micro into the dark dealings of the cyber underground has found a rapid increase in the monetization of IoT attacks.
In a report released today, the global security software company revealed that forums across Russian, Portuguese, English, Arabic, and Spanish language-based markets are all brimming with chatter of how to compromise devices and then exploit them for profit. Routers and IP cameras were the most prominently discussed devices.
Financially driven attacks were found to be most prominent in the Russian and Portuguese markets, which are also the most criminally sophisticated. In these forums, cybercriminal activity is focused on selling access to compromised devices—mainly routers, webcams, and printers—so they can be leveraged for attacks.
The greatest threat is posed to consumer IoT devices, but businesses are also at risk as hackers are increasingly wising up to the possibility of compromising connected industrial machinery to launch digital extortion attacks.
In light of their findings, researchers at Trend Micro have made four sagacious predictions that reach varying levels of doom. The first is that the move from 4G to 5G will work very much in the hackers’ favor, opening up more avenues for exploitation than they’ve ever had before.
The second is that attacks on VR devices and cryptocurrency mining kits are going to take off big time, with more advanced threats like low-level rootkits and firmware infections on the horizon as well.
A third prophetic warning is that digital extortion attacks are going to rise as programmable logic controllers (PLCs) and HMIs are increasingly found online. Manufacturers should be cognizant that their machinery is at risk of being hijacked and their production lines halted by hackers chasing big-dollar ransoms.
Finally, the company’s team of security experts reckon that attacks on routers are going to evolve entirely as ISPs become better acquainted with tactics that take advantage of DNS settings.
“We’ve lifted the lid on the IoT threat landscape to find that cybercriminals are well on their way to creating a thriving marketplace for certain IoT-based attacks and services,” said Steve Quane, executive vice president of network defense and hybrid cloud security for Trend Micro.
“Criminals follow the money—always,” said Quane. “Enterprises must be ready to protect their Industry 4.0 environments.”