n order to understand the internet of things (IoT), ransomware and their significance in a business setting, we first need to understand what both terms mean.
Ransomware is a tool that is used to commit cybercrimes. It's a portmanteau of the words ransom and malware. Essentially, it's a form of malware that is used to encrypt a victim's data in order to make them ineligible to access it. The criminal that orchestrates the crime then demands that the victim sends them a ransom via an online payment that is untraceable, Bitcoin is often used for this. Victims then find themselves with few options and have to comply in order to regain access to their data. There are many ways that ransomware can get hold of a computer system. The most common is phishing, where malware is sent to the victim via an email.
Now, you might wonder why the victim would willingly open the email and download the malware so that it can infect their system. First of all, the reason why most people fall for phishing scams is that they normally look genuine. Phishing involves a fraudster masquerading as a legitimate entity. The victims are enticed by irresistible offers and have the urge to act immediately.
Secondly, as per a Cybint report, 95% of data breaches are caused by human error. Another common kind of cyberattack with the word “ransom” in it is a ransom DDoS or ransom distributed denial-of-service. Unlike ransomware, this attack does not involve encrypting the victim's data. Here, the attacker merely floods a targeted server with fake internet traffic so that the intended users can't access the service. They then demand money to restore everything.
Now on to IoT, the internet of things or IoT is a revolutionary type of technology and is certainly one of the most prominent technological innovations of our time. It is a concept that has significantly accelerated the integration of technology into human life. In the simplest of terms, the internet of things is a network of things such as your ceiling fan, light bulb, door lock, TV, fridge, microwave, air conditioner, or any other such thing that can be connected to the internet and exchange data with other technological devices.
IoT devices are devices that aren't traditionally internet-connected such as watches. Today, we have watches that are smart and can record our every step and count our every heartbeat. Internet of things (IoT) devices are not only distinguished by their ability to connect with other computing devices, but also by their innovative embedded sensors and software that allow them to be distinct computing entities in their own right.
In a business setting, IoT means tons of data which is useful for AI systems and analytics. The larger the amounts of data that the enterprises have, the better they are able to understand themselves, their performance, and their customers. This means that, internet of things (IoT) has become an integral part of the business domain and since it is so crucial, we should not ignore the potential safety risks that could come with it.
Two researchers from Pen Test Partners at a recent Def Con hacking conference showed how they could hack your thermostat and infect it with ransomware from hundreds of miles away and then coerce you into paying hefty ransom to regain control of your device. This example adequately demonstrates what IoT ransomware is. Since IoT devices are distinct computer systems in their own right, they are also susceptible to attacks from cybercriminals.
IoT ransomware is not something to be taken lightly as it can have devastating effects. But, despite at this, it is still often ignored. Let's delve deeper to understand the reasons why it's ignored.
The biggest reason why IoT ransomware isn't taken seriously is that most IoT devices aren't taken seriously. Why is that you may ask? Unlike a personal computer, laptop or mobile phone, an IoT device is usually designed to perform a specific task/s, or in other words, isn't very comprehensive in nature and rarely stores or generates sensitive data.
Additionally, most of the data that it does generate is saved in the cloud. So even if the data in an IoT device is encrypted, the victim will have little to no incentive to want it back. Moreover, even if a hacker restricts access to an IoT device, all that the victim will have to do is reset the device and it'll be good as new. Resetting devices, installing new patches, and completing updates is much easier with IoT devices than traditional computers.
The second major reason why IoT ransomware is taken lightly is due to hackers' lack of motivation. Hacking a more comprehensive service such as Windows or Internet Explorer that have way more users than an IoT device promises more value for their efforts. So, when they can hack other things that are more beneficial for them, why would they target something so trivial as an IoT device? Another thing is that not all IoT devices have displays so, in order to let the victim know that their device has been hacked, the hacker would have to go through an extra step of finding their contact info like an email or mobile number to notify them.
Whether the damage caused by IoT ransomware is reversible or not is down to when the attack takes place. Imagine you're at your home under the cool air of your AC and it is at this point that it gets hacked. You can take immediate steps to recover your air conditioner. But imagine that you're on a trip, far away from your home and it is then that your thermostat is hacked. The hacker will notify you and you'll have no choice but to comply because if you don't, by the time you get home it'll be fried and if it isn't you'll have an electricity bill that'll make you wish that it was.
Things can get uglier in healthcare settings. Imagine a hacker gaining control over your pacemaker or other such crucial medical device. These consequences can be very serious and therefore it is necessary for not only enterprises, but everyone who uses IoT devices to take IoT ransomware seriously. A prevention is always better than the cure.
IoT ransomware is certainly an area that isn't fully explored. It is relatively new and we’ve only just begun to scratch the surface of the potential that internet of things (IoT) holds. With time, as the world continues to get filled with more and more IoT devices and more and more industries become dependent on it, hackers will eventually realise it's definitely worth their effort. To protect yourself and your business against IoT ransomware, there is a simple mantra that you need to follow, “if it's connected, it has to be protected”.
At Gemraj Technologies Ltd we house experts with industry insights and experience that allows them to develop an infallible cybersecurity roadmap for your business. We offer a diverse range of cybersecurity services including compliance and audit, risk management, identity and access management and security operations centre (SOC) as a service in order to cover all critical cybersecurity points and provide your business with intelligent, comprehensive, and continuous protection.