Posted on 12/19/2020 2:16:23 PM PST by TigerLikesRoosterNew
Researchers show no IoT device is too small to fall victim to ransomware techniques.
There's no question that ransomware has become one of the most feared (and loathed) cybersecurity attack types. The idea of your critical data sitting on your hard drives yet inaccessible is, frankly, terrifying. And a new study shows it could get much, much worse.
You know that cup of coffee that's pretty much the only thing that can get you out of bed most mornings? Well, some eye-opening ransomware research came out with the announcement of a proof-of-concept ransomware attack on a coffee maker. Losing access to critical data is one thing. Losing access to coffee is, as Vizzini said in "Princess Bride," "Inconceivable!"
But coffee makers may only be the tip of the inconceivable ransomware iceberg.
"I think the important thing to remember is that these issues are not new, but there are new tools to access these issues and to leverage them and to exploit them," says Kiersten Todt, managing director of the Cyber Readiness Institute. She points out that giving yourself the ability to control Internet of Things (IoT) systems from 3,000 miles away gives others the same ability. And those IoT systems can extend far beyond caffeine delivery. While the infamous Target attack of 2013 took criminals from an HVAC contractor to Target's customer database, modern converged IT/OT systems can easily see lateral movement in the other direction.
And, as Terence Jackson, CISO at Thycotic, says, "I would say you wouldn't want to see your connected refrigerator or HVAC system 'ransomwared.' That would be a disaster."
While the idea of lateral movement between IT and OT systems in the enterprise could be disastrous, the current work-from-home environment means that attacks against residential IoT systems could have a significant impact on productivity -- or even become entry points for attacks against enterprise assets.
Some employees may not be a good understanding of precisely how great the risk might be.
"Going through our daily lives where we buy connected devices and don't even know [it], it can certainly create some risk and more than some inconvenience in a scenarios like ransomware hitting them," explains Brandon Hoffman, CISO at Netenrich.
Those connected systems can extend from coffee makers and refrigerators to physical security systems and environmental controls. And as the weather changes with the seasons, "I can't really work around my home thermostat as there is no way to manually run the heat or air conditioner," says Oliver Tavakoli, CTO at Vectra.
I would prefer that the coffee maker, refrigerator, and toaster, mind their own business, and not plot against me .
—
Sounds like the Twilight Zone episode “A Thing About Machines”.
The Internet is great for communication and entertainment. There is NO WAY that I want an Internet of Things, where my coffee maker, refrigerator, stove, and so on all have IP addresses.
Hey, let’s set this Trump Supporter’s house on fire by hacking his electric stove! (possible example)
“I have never understood the ‘connected’ craze. “
It’s a great idea; in theory .
If it was secure and everything was reliable there many benefits it offers.
Low tech is generally more secure and less prone to complications.
I don’t drink coffee and no coffee makers around here.
Folks just don’t understand simple.
If push came to shove...hot water from the tap would do the trick. Heck, I know where my backpack stove is.
Got introduced to anew on line/ telephone Scam this am. Somebody offered me Covid 19 shots for $40 so I wouldn’t have to stand in line.
Tell them it sounds great, so busy these days at the FBI, can you drop by the office with them?
I don’t understand the idea of putting all these appliances on the internet. It is just asking for more trouble than most people could ever imagine.
Now, I can see utility of having some stuff controllable locally. For instance, I have a music server that I built that is hooked up to my stereo system. It has a webserver on it that allows me to pick up my phone, click on a link, and control the player, by pausing, backing up, or skipping to the next tune. I can’t control it when I’m at Starbucks. What would be the point of that? It’s only available when I’m actually at home. I also have an ‘app’ that can connect to the stereo to control volume, input, output and other stuff from my phone. That also cannot be reached through the internet. If I’m at home on my local network, I can control all that stuff.
My heat/air system, apparently has network capability. I would think it would be really cool for me to be able to have similar kind of control that I have with my stereo. Unfortunately, it wants to connect out to the internet to function. I really have no desire of controlling my AC unless I’m at home. If I did, I’d open a pinhole on my firewall, and set things up with port forwarding, so I could enable it when I’m on vacation or something, but otherwise, it should be available only internally.
Making your coffeemaker, or printer available to the outside world is just asking for trouble. The number of printers available on the internet is astounding. An evil person might direct some kiddie porn to a printer owned by his enemy, then call the authorities with an anonymous tip about it.
Heretic! Heretic!
For whatever reason I could never stand the taste of coffee. The aroma I usually like. Give me a good and rich hot chocolate.
No doubt I am deemed a heretic for many reasons.
That’s why I have a dumb house, and I avoid Alexa like the plague. 8>)
MY coffee maker doesn’t need to be connected to the Internet.
If someone hacks my stovetop espresso maker I’ll be impressed.
Hot chocolate is close enough in my book. LOL.
I can’t live without coffee. Guess you being a non-drinker leave more for me!
You can have me and my wife’s share of coffee.
Thanks. I may post it as a separate thread.
Anyhow I appreciate your tip.:)
I can’t believe how people bought up these Alexas and Google Nests. Sadly, our society is ripe for the slaughter. I do not see a good ending.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.