New research indicates that the Internet of Things (IoT) will be a major target for hackers in 2019 and DeepAttacks using AI-generated content are also predicted to pose a growing threat.
A report from F5 Labs claims that IoT devices are in fact the number one attack target on the Internet, surpassing former favourites such as web and application servers, email servers and databases.
The trend toward smart devices will become so pronounced in the coming years that it will be difficult to buy appliances or home electronics not connected to the internet. And it’s almost always easier to compromise an IoT device exposed to the public internet that relies on vendor default credentials than it is to trick an individual into clicking on a link in a phishing email. This situation is exacerbated by the fact that many IoT devices used by businesses in their networks are actually managed by third parties not concerned with security, rather than by the internal corporate IT and security teams.
Whilst routers, IP cameras, DVRs and CCTVs will all be subject to attack, a hacker’s ingenuity knows no bounds. For example, a casino in Europe was breached through the thermostat in its fish tank, whilst the US retailer Target was breached through its heating, ventilation and air conditioning (HVAC) system.
“IoT devices already outnumber people and are multiplying at a rate that far outpaces global population growth. Increasingly, lax security control could endanger lives as, for example, cellular-connected IoT devices providing gateways to critical infrastructures are compromised,” said David Warburton, Senior EMEA Threat Research Evangelist at F5 Networks.
The concerns about IoT are echoed in the latest Avast Threat Landscape Report, which highlights the fact that security is often an afterthought in the manufacturing of these devices.
While the big name smart devices often come with embedded security options, some producers skimp on security, either to keep costs low for consumers or because they are not experts in security.
The result is that IoT malware is expected to evolve and become more sophisticated and dangerous during 2019 in order to exploit these deficiencies.
Meanwhile, the annual report also predicts hackers will be employing the powers of Artificial Intelligence (AI) a lot more, placing DeepAttacks in the spotlight. With DeepAttacks, hackers use AI-generated content to evade AI security controls.
In 2018, the Avast team observed many examples where researchers used adversarial AI algorithms to fool humans and in 2019, it clearly expects to see DeepAttacks deployed more commonly by cybercriminals in an attempt to evade both human detection and smart defences.
All in all, the need for cybersecurity professionals who are capable of addressing these increasingly sophisticated attacks has never been more urgent.
European Product Manager