Cybersecurity professionals say IoT is more like threatening the Internet. why is that.

The Internet of Things (IoT) has exploded in recent years as user demands for connectivity and remote management have soared, which in turn has fueled the smart home market and made home systems easier to use and manage. Everything from routers, TVs, speakers, lights, electrical outlets, major appliances, heating and cooling systems, door locks, security cameras, sensors, and more are now connected to the internet, but security experts say most of these new IoT devices Most are unmanaged and poorly secured, leaving smart homes vulnerable to attack.

As a result, many IT and cybersecurity professionals refer to the Internet of Things as the "Internet of Threats" because of the inherent security gaps in many IoT-based smart home products.

Mark Houpt, chief information security officer at data center operator DataBank, said: "Our real focus is on devices in IoT scenarios that are often unmanaged and that can be hacked and exploited as bounce devices or as Bots, to attack other things and appear anonymously. In other words, using IoT devices as proxies for the actual attack that is taking place."

Why is the Internet of Things insecure?

Many devices, such as laptops, smartphones, and other endpoints, come with Windows, Google, or Mac platforms, and as such come with various security settings that can be changed to make those devices even more secure. There are perfectly valid reasons why cybercriminals would want access to these devices, and the IT and security industries are constantly adapting to these pervasive threats. However, IoT devices are a different story as they are added to the network and security is an afterthought.

Houpt said many IoT devices are inherently insecure for two reasons: neglect and a lack of interfaces to add security and hardening measures.

"On microwaves, refrigerators, TVs, we don't have a lot of options to turn on or off or turn on settings that make the device more secure. Because you can't add antivirus software to a TV or a refrigerator."

Essentially, users are now completely dependent on what manufacturers put in their code.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) agrees, saying the growing prominence of IoT is exacerbating the consequences of known cyber risks and creating new ones.

"Attackers use this scale to infect large numbers of devices at once, enabling them to access data on those devices, or as part of a botnet to attack other computers or devices for malicious purposes," the agency said.

How to Use IoT Devices for Cyber Attacks

There are several recent examples that fit Houpt's description: Hacking campaigns using IoT devices to spread malware, including a campaign spotted by Palo Alto Networks that spread the Mirai botnet through a range of IoT devices, including residential and commercial Routers, access points, cameras, access control systems, etc.

The Mirai botnet, as Cloudflare defines it, is essentially malware designed to infect smart devices running on ARC processors with the goal of turning those devices into networks of remotely controlled robots.

In this case, Palo Alto Networks said, hackers have the ability to take full control of an infected device by exploiting the vulnerability and using it to perform other attacks, including distributed denial-of-service (DDoS) attacks.

The Mirai malware has been active since at least 2016 and has been exploiting vulnerabilities in smart home IoT devices, which have relatively weak security compared to enterprise systems.

In its 2022 Digital Defense Report, Microsoft addressed the growing risk of IoT threats, saying that due to a lack of built-in security controls, IoT threats are becoming a favorite of hackers.

According to the Microsoft report, attacks targeting remotely managed devices have increased steadily since June 2021, and cyberattacks targeting IoT and operational technology (OT) devices have largely decreased There was a huge spike.

Over the past year, Microsoft said it has observed a significant drop, in some cases as much as 60%, in attacks against common IoT protocols such as Telnet. At the same time, botnets are being repurposed by cybercriminal groups and nation-state actors. The persistence of malware like Mirai highlights the modularity of these attacks and the adaptability of existing threats, the report said.

Microsoft singled out Mirai, which the company says has been redesigned several times to accommodate different architectures and has grown to infect a variety of IoT devices, including Internet Protocol cameras, security cameras, digital video recorders, and routers.

Attackers can then use lateral movement techniques to gain access to other vulnerable devices on the network. Typically, this starts with edge routers, and the attackers then seek to move laterally to other devices on the same network.

As Palo Alto Networks points out, attackers can perform a range of other activities in IoT devices, including encrypting data for ransom, wiping data, using the device for cryptocurrency mining, or simply locking down the device and rendering it useless.

In another example, Microsoft said last month that a China-based hacker group had been attacking critical infrastructure organizations by proxying their network traffic through compromised small office and home office network devices so they could remain undetected .

"Microsoft has confirmed that many devices, including those manufactured by ASUS, Cisco, D-Link, NETGEAR, and Zyxel, allow users to expose HTTP or SSH management interfaces to the Internet," Microsoft researchers said.

In another NSA briefing, officials got more specific about the device types, listing ASUS, Cisco RV, Draytek Vigor, FatPipe IPVPN/MPVPN/WARP, Fortinet Fortigate, Netgear Prosafe, and Zyxel USG devices.

In fact, a range of smart home products have security vulnerabilities, including TVs, security systems, cameras, control systems, and more. Integrators, resellers, builders, and homeowners can search the MITER Vulnerability Database for specific product or vendor security vulnerabilities.

While homeowners may not be the intended target of such an attack, these hacking methods do cause a lot of traffic to pass through a residential network, and it can be slow, Houpt said. However, manufacturers of IoT devices (especially smart home devices) are starting to realize this risk and have built in dedicated security protections.