CONNECTIONS BETWEEN SMART OBJECTS COULD GENERATE RISKS FOR CYBER SECURITY. HOW TO REACT?
Day by day the number of devices connected with Internet of Things (IoTs) is growing. Smart objects are increasingly adopted for domestic use but also for business purposes in the Industry 4.0.
They go from refrigerators that allow users to monitor food supply to sensors that can collect data and optimize the operation of machinery used in Industry 4.0. However, the attention of the cyber crime to the world of IoTs has also increased.
IN THE FIRST HALF OF 2018 THE CYBER ATTACKS TO IOT DEVICES ARE THREE TIMES HIGHER THAN THOSE MADE IN THE WHOLE OF 2017
According to a research of Kaspersky Lab, in the first half of 2018 the number of cyber-attacks against IoT devices was three times higher than that recorded in the whole of 2017.
The main attacks against IoT devices detected by Kaspersky (93%) are “Brute Force”, cyber attacks that aim to discover the password of accounts and resources by testing all possible combinations of letters. These are followed by attacks based on “Exploits”, piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in the device attacked, not yet fixed by security updates. The most affected targets are routers, DVR devices, printers, and in some cases even smart washing machines.
The main purpose of cyber criminals seems to be to exploit the smart objects affected to create botnets, networks of infected devices that can be used to perform Distributed Denial-of-Service attacks (DDoS attacks): cyber-attacks typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.
THE HIGHEST RISKS ARE CONNECTED TO THE INDUSTRIAL INTERNET OF THINGS
The main problem concerns the way in which users perceive IoT devices, often seen as tools for entertainment, and hardly perceived as potential carriers for cyber-attacks. But the greatest risks derive by the adoption of IoTs objects in the industrial sector and especially in infrastructure related to critical sectors such as energy or water supply.
On July 26, at the University of Genoa, within the Master in “Cyber security and Critical Infrastructures Protection”, Vladimir Dashchenko – head of the Vulnerability Research Group of the Industrial Control Systems Cyber Emergency Response Team in Kaspersky Lab – explained that:
«IoT or IIoT (Industrial Internet of Things) can, unfortunately, be a good starting point for hackers. We are doing some research and the first results are unsettling: a common smart camera can become the worst enemy for an internal network. It can become a tool for spying, or mining cryptocurrencies.»
Securing our IT structures from internal and external threats must be a priority for companies and, in this context, the cyber security of the Internet of Things becomes an increasingly urgent issue to tackle.
HOW TO ASSIGN A DIGITAL IDENTITY TO THE IOT SMART OBJECTS? IT’S POSSIBLE THANKS TO INFOCERT MIDPKI
As per digital human-based transactions, also the ones between objects claims for Trust, in order to prove the identities and the responsibility of actions carried on by objects. That’s why InfoCert has created a solution called MIDPKI.
MIDPKI allows to assign a digital identity to the machines and to those who develop them, to map corporate organizational processes and responsibilities throughout the Human to Machine and Machine to Machine transaction chain. Acting on the technological, organizational and legal side, MIDPKI guarantees rapid deployment and operation, traceability and a clear and transparent liability framework.