Technology
Enterprise Immune System
Industrial Immune System
Antigena Network
Antigena Email
Cyber AI Analyst
Industries
In the News
Press Releases
News Videos
Blog
Darktrace Events
Industry Events
On-Demand Events
Resources
Company Overview
Darktrace Community
Darktrace Education
Executive Team
Awards
Analyst Recognition
Careers
Partners
Contact
Legal
Deutsch
English
Español
Français
Italiano
Português
日本語
한국어
Darktrace Blog

The Internet of Stranger Things

Dave Palmer, Director of Technology | Monday December 5, 2016

To take down DNS provider Dyn, hackers exploited critical vulnerabilities in the Internet of Things. Vital internet services crashed, including Twitter, Amazon, and Netflix. Experts now suggest that amateurs may have been behind the attack. This begs the question — if amateurs can use IoT to wreak havoc, how will more sophisticated attackers proceed?

As IoT devices become increasingly prevalent — and as ransomware has skyrocketed by 259 percent in just five months — criminals will start to look at essential business equipment as a viable target. Healthcare machines like insulin pumps and MRIs are now network-connected, as are Boeing 787s, oilfield sensors, wind turbines, quality control machines, and more.

By taking control of essential equipment, a criminal can bring business to a grinding halt, either demanding payment to regain access, or sabotaging the equipment beyond repair.

But IoT attacks also don’t have to be so obvious. Once a criminal has control of a network device, they can subtly alter its data. For instance, by changing results obtained from a drilling company’s sensors, a criminal can trick them into mining a depleted area.

This represents a far more insidious kind of attack. With critical equipment under their control, a criminal can quietly tweak bank account numbers, medical results, or blueprints. Just a small change can prove catastrophic, and given the ubiquitous nature of IoT devices, every industry is vulnerable. Worse still, you may not realize until it’s too late.

By comparison, the Dyn attack seems rather crude.

To be sure, the DDoS attack on Dyn was eye-opening. In the course of a day, we learned the ease with which lackluster IoT security can be exploited for massive cyber-attacks. In this instance, the attacker created a Mirai botnet using home devices to overload the Dyn servers with attack traffic reported to be as high as 1.2 Tbps.

But the Dyn attack is just the beginning. Whether through a subtle attack or an aggressive ransomware extortion, modern businesses are facing substantial new threats because of the IoT. Our security approach needs to reflect this new reality. Fortunately, self-learning immune systems are here, and they can automatically adapt to protect even the newest technologies within our digital ecosystems.

For more on the future of IoT security, sign up for my webinar to learn how cyber-attacks will soon be powered by AI.

Dave Palmer

Dave is the Director of Technology at Darktrace, overseeing the mathematics and engineering teams and project strategies. With over 13 years’ experience at the forefront of government intelligence operations, Dave has worked across UK intelligence agencies GCHQ and MI5, where he was responsible for delivering mission-critical infrastructure services, including replacing and securing entire global networks, the development of operational internet capabilities and the management of critical disaster recovery incidents. He acts as an advisor to cyber security start-ups and growth-stage companies from the UK Government’s Cyber Security Accelerator and CyLon. His insights on AI and the future of cyber security are also regularly featured in the UK media. He holds a first-class degree in Computer Science and Software Engineering from the University of Birmingham.

Recent posts

How will US sanctions on the group behind TRITON protect critical infrastructure?
Wednesday November 18, 2020
Writing wrongs: Why Mimecast’s link rewriting gives a false sense of security
Thursday November 5, 2020
AI catches Maze ransomware targeting a healthcare organization
Thursday October 22, 2020
How Industrial Control Systems can be secure in the cloud
Wednesday October 14, 2020
How AI detected a hacker hiding in an energy grid within hours of deployment
Friday October 9, 2020
How a Mimecast miss led to a wide scale email compromise
Monday October 5, 2020
Read more