8 IoT security trends to expect in 2018

8 IoT security trends to look out for in 2018

The topic of security has accompanied conversations related to the Internet of Things. Next year, expect that discussion to take a considerably different direction.

Written by Brian Buntz
1st December 2017

Are you ready for a surge in hybridized malware? What about IoT botnets mining cryptocurrency? Those are just two of the possibilities that could be lurking on the horizon in the coming year, according to interviews with several IoT security experts. In this article, we dig into these subjects, but also consider what 2018 could have in store, given the rapid growth of related technologies such as artificial intelligence, quantum computing and security and networking automation tools.

1. IoT ransomware and “synthetic malware” grows more common

Ransomware continued to gain ground in 2017. While the majority of traditional ransomware uses encryption to lock users out of computing platforms, next year, hackers will likely begin launching a wider variety of ransomware attacks, says Song Li, co-founder and CTO of NewSky Security. “IoT-based ransomware attacks could focus on stealing data or disabling the functionality of a target device,” Li said. IP cameras can capture sensitive footage from a range of locations, ranging from a factory floor to the inside of a house. “Hackers could say: ‘Unless you give me some Bitcoin, I’ll distribute this footage.’” Another possibility is hackers use IoT devices like webcams to funnel traffic to a malware-infected web address. “That address, in turn, can extract data from the accessing endpoint and demand ransoms for the return of that encrypted data,” said Ofer Amitai, CEO and co-founder of Portnox.

Alternately, a hacker could threaten to disable the functionality of, say, a smart lock or thermostat unless payment is received. Of course, there is no way to ensure hackers abide by their own terms. “We saw this with PCs where hackers would use a ransomware attack to lock someone out of their PC and come back and say: ‘I need more cryptocurrency.’”

In the coming year, we could see a continued hybridization of malware strains, where DDoS, ransomware and other attack types merge. “This gives rise to what I am going to call ‘synthetic malware,’” said Peter Tran, general manager and senior director of RSA’s Advanced Cyber Defense division. “Thanks to the skyrocketing numbers of IoT devices, the various permutations of attacks will be unpredictable.”

2. IoT botnets take aim at cryptocurrency

Given the recent uptick in cryptocurrency valuations and heated competition in cryptocurrency mining, it is only natural hackers will work to cash in from the boom. “Many believe the blockchain is unhackable, but we already see an increase in the attacks against blockchain-based applications,” Amitai said. The central vulnerability here is not the blockchain itself, but rather the applications that run on it. “Social engineering will be used more often to extract passwords and private keys to hack these applications,” Amitai predicted.

There has already been a spike in IoT-botnet based mining in the case of the open-source cryptocurrency Monero, said Ankit Anubhav, principal security researcher at NewSky Security Inc. And hackers have repurposed video cameras for Bitcoin mining.

“Like traditional currency value and volatility structures, the risk is to flood the open market through IoT botnet miners, breaches in blockchain and general data integrity disruption, manipulation and outright smash-and-grab robbery of large pools of cryptocurrencies,” Tran said.