Posted on 12/19/2020 2:16:23 PM PST by TigerLikesRoosterNew
Researchers show no IoT device is too small to fall victim to ransomware techniques.
There's no question that ransomware has become one of the most feared (and loathed) cybersecurity attack types. The idea of your critical data sitting on your hard drives yet inaccessible is, frankly, terrifying. And a new study shows it could get much, much worse.
You know that cup of coffee that's pretty much the only thing that can get you out of bed most mornings? Well, some eye-opening ransomware research came out with the announcement of a proof-of-concept ransomware attack on a coffee maker. Losing access to critical data is one thing. Losing access to coffee is, as Vizzini said in "Princess Bride," "Inconceivable!"
But coffee makers may only be the tip of the inconceivable ransomware iceberg.
"I think the important thing to remember is that these issues are not new, but there are new tools to access these issues and to leverage them and to exploit them," says Kiersten Todt, managing director of the Cyber Readiness Institute. She points out that giving yourself the ability to control Internet of Things (IoT) systems from 3,000 miles away gives others the same ability. And those IoT systems can extend far beyond caffeine delivery. While the infamous Target attack of 2013 took criminals from an HVAC contractor to Target's customer database, modern converged IT/OT systems can easily see lateral movement in the other direction.
And, as Terence Jackson, CISO at Thycotic, says, "I would say you wouldn't want to see your connected refrigerator or HVAC system 'ransomwared.' That would be a disaster."
While the idea of lateral movement between IT and OT systems in the enterprise could be disastrous, the current work-from-home environment means that attacks against residential IoT systems could have a significant impact on productivity -- or even become entry points for attacks against enterprise assets.
Some employees may not be a good understanding of precisely how great the risk might be.
"Going through our daily lives where we buy connected devices and don't even know [it], it can certainly create some risk and more than some inconvenience in a scenarios like ransomware hitting them," explains Brandon Hoffman, CISO at Netenrich.
Those connected systems can extend from coffee makers and refrigerators to physical security systems and environmental controls. And as the weather changes with the seasons, "I can't really work around my home thermostat as there is no way to manually run the heat or air conditioner," says Oliver Tavakoli, CTO at Vectra.
Unfortunately, Mr. Coffee is made in China.
Tech giants are tirelessly promoting the technology to boost their profit, attempting to take control over many traditional industries. It is rather successful in its application to many manufacturing facilities. However, it is a limited market. So they want to move into far larger consumer market.
May the Lord bless the world. We will need his blessing.
I have a feeling the toasters are the instigators — the four-slice ones. Never trusted them.
We bought a Sleep Number bed a couple months ago. The installer asked for our smart phones so he could connect the bed to the internet. I don’t know why, but I know it was not an option. We said we only have flip phones. We don’t but we told him that.
I had the Honeywells installed all over the house.
Your nightmare has already happened on a massive scale.
https://www.smartspate.com/how-to-hack-50000-network-printers/
Yup. I remember reading about some of that.
This is why my printer is networked, but only locally on my lan. If someone gets through my firewall, I have bigger issues than my printer.
My landlady can change the combo on the front door lock remotely. Fortunately, I have a hard key.
I heard a story about Chinese industrial espionage. Usually, Chinese hacked into a rival company and steal things like blueprint. It is nearly impossible to do it to Japanese companies because they have their blueprint on a sheet of paper and store it in a secure vault.:)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.