IoT Infrastructure is Ripe for Ransomware

by Matt Klassen on April 26, 2016

cybersecurity-759The inevitability of all technological progress is that somehow cybercriminals will find a way to target it with any or all of the malicious tools in their digital arsenal, and according to one think tank, so it will be with the emerging Internet of Things (IoT).

According to the Institute for Critical Infrastructure Technology (ICIT), the malware “epidemic” will invariably strike IoT devices, with the threat of ransomware in particular being the likely approach, given that the proliferation of unsecured devices in one comprehensive network offers “practically an infinite attack surface” for cybercriminals to take advantage of.

In fact, not only could hackers potentially find ways to deploy ransomware to hold your house, or your car, or any number of the infinite minutia of our daily existence that we’re now imbuing with wireless connectivity hostage, but given that much of our health technology is now connected, it’s certainly not outside the realm of possibility that cybercriminals will begin to highjack the very devices that help keep many people alive.

If you’ve ever been a victim of ransomware on your PC or mobile device, you know firsthand the fear, then the annoyance, and then the concern associated with someone holding your digital life hostage. Now just imagine it was more than your digital life cybercriminals had control over, but every facet of your home life—constantly turning up the heat, or flashing your lights, controlling your security system, or unlocking your doors—and demanding a considerable sum of money to release you from such frightening bondage.

In fact, given just how well ransomware works today, where business for cybercriminals is so good that they’re actually starting to establish themselves as pseudo-legitimate companies, operating during regular business hours and even taking vacations, I fear just how more willing victims will be to pay up when so much more is at stake.

And if that wasn’t bad enough, the ICIT report indicated that it could be possible for cybercriminals to infect wirelessly connected medical devices, most notably pacemakers, with ransomware.

“The scenario is not too far-fetched; in fact, it is much more deadly. Many medical devices, such as pacemakers, insulin pumps, and other medication dispersion systems are internet or Bluetooth enabled. Ransomware could utilize that open connection to infect the IoT device,” the report said.

The potential danger could be that cybercriminals hack into the device and decrease the battery life, as one example, to such an extent that “the ransom window might be less than the wait time before a medical team could schedule a surgery to reset or replace the device”. Simply put, cybercriminals could use a threat of imminent personal harm to promptly extort payment.

Of course the answer is building an IoT ecosystem from the ground up that has such security and other protective features built-in, but given that such connectivity has already spread exponentially throughout our digital lives and security is already sorely lacking, perhaps it’s too late already.

Did you like this post ? TheTelecomBlog.com publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Matt Klassen. www.digitcom.ca. Follow TheTelecomBlog.com by: RSS, Twitter, Facebook, or YouTube.

Previous post:

Next post: