Last week, I mentioned a comment from Javvad Malik, security advocate at AlienVault, who said he expects to see an uptick in ransomware in Internet of Things (IoT) devices. He told me that with ransomware being one of the most rapidly growing areas of cybercrime, the logical next step is for it to infect the increasing IoT market.
Malik isn’t alone in this opinion. According to ZDNet, the Institute for Critical Infrastructure Technology released a report that said the IoT is especially at risk for malware attacks, particularly ransomware attacks.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
This led to me having a conversation with Malik about why the IoT is so at risk for ransomware. He attributed the problem to three particular areas: the growth (and growing pains) of IoT, the evolution of ransomware, and end users who aren’t aware of the risks.
The growing pains of the IoT are a natural consequence of our increasingly inter-connected world. As Malik said, it will likely soon be impossible to buy a non-internet-connected device, regardless of whether one wants the functionality or not. Here are some of the concerns we’ll see with IoT growth in the not-so-distant future:
- The user interface of smart devices is often a mobile app, which typically requires a painstaking process of installation, account creation, pairing and configuration.
- Some devices are also designed to only work when online, without redundancy to operate when offline. This can make them susceptible to intentional or even unintentional, denial of service attacks.
- There is also the issue of updates. To fix flaws, or introduce new functionality, companies have to push out updates to devices. Unfortunately, many times, these occur at inopportune moments, rendering a device unusable for the duration.
- Inevitably, there will be network bandwidth and load issues, as a result of the extra connected devices.
- Finally, Terms and Conditions of usage will also apply in very different ways to IoT devices. These Terms and Conditions will need to be accepted in order to utilize device functionality, but doing so could mean that personal data is shared widely, or for targeted advertising campaigns.
Are these the type of vulnerabilities that open IoT devices to malware, particularly ransomware? Tomorrow, we’ll go into Malik’s thoughts about the connection between ransomware and IoT.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba