Page 77 - Cyber Warnings
P. 77
of malicious code and set the device to increase the temperature to the maximum, causing the
owner to pay a ransom.
Let's imagine you got into a connected car this morning and suddenly there is a message on the
screen: "If you pay $500, I’ll let you get to work today." It was impossible several years ago, but
due to technological progress, such scenario does not look fantastic anymore.
Furthermore, IoT ransomware may steal important data and personal information, for example,
from surveillance cameras connected to the network or from fitness gadgets and then blackmail
people, threatening to publish their sensitive information.
Despite the fact that IoT devices often have serious security weaknesses, it is still premature to
talk about the imminent ransomware threat for smart homes and connected cars. The wide
variety of apps and devices created by thousands of manufacturers complicates extensive
malware usage.
The IoT industry is highly fragmented these days. It lacks standardized approaches, common
platforms and communication systems. It is tough to carry out mass attacks. Every time a
compromise occurs, hackers only target a specific type of devices, which reduces the number of
potential victims.
We can conclude that hackers’ benefits from attacking consumer IoT devices are currently
small. But the situation is likely to change in the future as the Internet of Things is going to
deeper penetrate into our homes and offices.
Industrial segment already facing high risks
We see an entirely different picture in the industrial segment of the Internet of Things. Industrial
systems are already very attractive for cyber extortionists. This could be any relevant system
that may affect the lives of thousands or millions of people and are extremely expensive to
operate.
For example, several US hospitals have undergone a series of ransomware attacks recently.
Normal workflow of the Hollywood Presbyterian Hospital was disrupted because of ransomware.
Some patients had to be moved to other clinics, and doctors started to keep records the old
fashioned way on paper.
If a hospital system is compromised, it puts the health of patients at risk. The likelihood is very
high that the hospital will pay upon demand. An attack against critical infrastructure can be
carried out successfully based on similar factors - if lives of people might be put in danger and
time is pressing, the owners would often agree to pay up. Power grids and power stations can
be another important target for IoT malware. Their important role in the modern world was
perfectly illustrated by the Northeast blackout of 2003. It caused $6 billion in losses within
several hours, affecting 55 million people. It wasn’t a cyber attack but a software failure. Today,
hackers constantly scan the Internet for important and vulnerable networks, so energy
companies should be prepared.
77 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
