With everything becoming increasingly connected electronically, the IoT (the ‘Internet of Things’) provides a perfect breeding ground for ransomware.
In 1999 technology expert Kevin Ashton conceived a vision like some device from a H.G. Wells novel – the IoT. Many people at the time thought he was a lunatic. The idea that your refrigerator could notify you by Iphone that you were running low on beer – or even remotely contact the store to get some more delivered – this was plainly ridiculous. But less than two decades later, here we are.
Ashton explained his concept all those years ago in the RFID Journal: ‘ If we had computers that knew everything there was to know about things — using data they gathered without any help from us — we would be able to track and count everything, and greatly reduce waste, loss and cost. We would know when things needed replacing, repairing or recalling, and whether they were fresh or past their best.’ Although young people won’t recall, there was a time when there was no public internet, let alone Cloud technology; mobile ‘phones were the size of construction blocks (and weighed as much!). Ah, those were the days, my friend…
AND – there was NO ransomware.
Maximized risk
Ashton proposed that if the full scope of technology was harnessed, it would ‘change the world’. Well, he certainly wasn’t wrong – it has made life unrecognizable from that of pre-internet days. Today, if a person is not connected and ‘linked-in’, it can be difficult to function. Technology has also transformed business beyond all recognition, with global transactions being completed at light-speed (almost). But this utopian convenience and electronic rationalization comes at a price – it’s not only day-light (legitimate) business that exploit these advances.
A few hundred years ago (before telephones), transactions were made in gold coin. These needed to be transferred between points for business to proceed. This was done via trade routes. Enter the dandy Highwayman. This romantic figure (who was executed if caught) intercepted the traffic at a vulnerable point and demanded ‘Stand and deliver – your money or your life!’. The same on the high seas with pirates. Well, here’s the news – as ‘things’ get easier and more efficient, the routes of vulnerability are increased. Think about the Highwayman; then think ransomware.
Electronic chatter
Increasingly, everything talks to everything else and all these devices have I.P addresses to communicate either with a server, or another device. In business, this (like the beer) can provide automated inventories of stock and facilitate improved supply chains. An example of this rationalization is UPS who monitor their fleet of 80 000 vehicles to reduce fuel costs and maximize route efficiency. Now is the age not just of intra-personal communication – machines talk to machines.
An increase in Things
Analysts at the firm Gartner estimate that in 2016 there will be 6.4 billion devices of one kind or another communicating with each other. By 2020, they think the IoT will rise to 20.8b (in both business and private sectors). Cisco predict a 2020 figure of 50billion.
Enter the electronic Highwayman
2016 is forecast to be the worst yet for ransomware attacks, according to the Institute of Critical Infrastructure Technology. They predict that this year will be ‘…the year ransomware will wreak havoc on America’s critical infrastructure community… unattended vulnerabilities that were silently exploited in 2015 will enable invisible adversaries to capitalize upon positions that they have previously laid claim to’. The Insitiute state the cause of this as being organizations’ fast move toward efficiency offered without an adequate preparation for the cybersecurity risks that come with it.
Bad for business
Ransomware can cripple a company or organization. Just one example of this is the attack on the Hollywood Presbiterian Center which had to redirect patients to other hospitals until the threat was dealt with. There is a marked increase in ransomware targeting business – of course, this makes sound financial sense from the hacker’s perspective. Almost half of Cryptowall’s victims last year were business or organizations, and the campaign netted at least $18 U.S in just one financial quarter. And the threat is growing – McAfee Labs noted a rise of 4million detected samples in the second quarter of 2015 compared to 1.5million in the one previous to that.
From the ridiculous to the dangerous
Imagine if a hacker took control of one of you smartThings. Perhaps you get home expecting a beer to be delivered but instead find a ransom demand on your smartFridge. Or your smartThermostat has been locked (and it’s Winter) – you have to pay to get some heating on. Okay, now let’s be serious – with more health monitoring being electronic, what if some safety-critical equipment – perhaps a dialysis machine treating your child – what if this is locked by ransomware?
To summarize Things
It is a growing concern that security focuses on protecting a network and its data. All these peripheral devices need to be protected, too. Whether at home or business, the things that give the convenience/efficiency do their magic by being peripheral nodes in a network. Each has to have an I.P address to work its magic. Each new I.P address is another invitation for ransomware. Before taking the convenience/efficiency route with a new gizmo, check out the security of the device. Every node is a trade route, and ransomware is very good at detecting these paths.
