Technology
Products
Industries
News
Press Releases
Videos
Blog
Events
Resources
Company
Darktrace Community
Executive Team
Awards
Analyst Recognition
Careers
Partners
Contact
Legal
Deutsch
English
Español
Français
Italiano
Português
日本語
한국어

Darktrace Blog

The Internet of Stranger Things

Dave Palmer, Director of Technology | Monday December 5, 2016

To take down DNS provider Dyn, hackers exploited critical vulnerabilities in the Internet of Things. Vital internet services crashed, including Twitter, Amazon, and Netflix. Experts now suggest that amateurs may have been behind the attack. This begs the question — if amateurs can use IoT to wreak havoc, how will more sophisticated attackers proceed?

As IoT devices become increasingly prevalent — and as ransomware has skyrocketed by 259 percent in just five months — criminals will start to look at essential business equipment as a viable target. Healthcare machines like insulin pumps and MRIs are now network-connected, as are Boeing 787s, oilfield sensors, wind turbines, quality control machines, and more.

By taking control of essential equipment, a criminal can bring business to a grinding halt, either demanding payment to regain access, or sabotaging the equipment beyond repair.

But IoT attacks also don’t have to be so obvious. Once a criminal has control of a network device, they can subtly alter its data. For instance, by changing results obtained from a drilling company’s sensors, a criminal can trick them into mining a depleted area.

This represents a far more insidious kind of attack. With critical equipment under their control, a criminal can quietly tweak bank account numbers, medical results, or blueprints. Just a small change can prove catastrophic, and given the ubiquitous nature of IoT devices, every industry is vulnerable. Worse still, you may not realize until it’s too late.

By comparison, the Dyn attack seems rather crude.

To be sure, the DDoS attack on Dyn was eye-opening. In the course of a day, we learned the ease with which lackluster IoT security can be exploited for massive cyber-attacks. In this instance, the attacker created a Mirai botnet using home devices to overload the Dyn servers with attack traffic reported to be as high as 1.2 Tbps.

But the Dyn attack is just the beginning. Whether through a subtle attack or an aggressive ransomware extortion, modern businesses are facing substantial new threats because of the IoT. Our security approach needs to reflect this new reality. Fortunately, self-learning immune systems are here, and they can automatically adapt to protect even the newest technologies within our digital ecosystems.

For more on the future of IoT security, sign up for my webinar to learn how cyber-attacks will soon be powered by AI.

Blog Archive

Glimpsing inside the trojan horse: An insider analysis of Emotet
Thursday January 10, 2019
Flying under the radar: How Darktrace detects ‘low and slow’ cyber-attacks
Monday December 3, 2018
Here’s how black hats will spend Black Friday
Thursday November 22, 2018
Law and disorder: Firms in the firing line
Thursday October 25, 2018
Troubled waters: Cyber-attacks on San Diego and Barcelona’s ports
Thursday October 4, 2018
Healthcare beware: Crypto-mining, malware, and IoT attacks
Monday August 20, 2018
Trusting the cloud: Unencrypted data upload by government body
Monday July 16, 2018
Beyond the hash: How unsupervised machine learning unlocks the true power of JA3
Friday June 22, 2018
Ransomware one year after WannaCry: attack vectors still commonly exploited by attackers
Wednesday May 9, 2018
How profitable is crypto-mining malware?
Monday April 16, 2018
How malware abused Sixt.com and Breitling.com for covert Command & Control communication
Wednesday March 7, 2018
Cryptocurrencies and the future of cyber defense
Tuesday February 13, 2018
Machine vs machine: instant domain fluxing identification with Darktrace
Friday February 2, 2018
The implications of TRITON for the future of ICS security
Monday January 22, 2018
Expediting the investigation of widespread Trojan infections with Darktrace
Friday December 8, 2017
Smuggled Raspberry Pis attempt to steal passwords
Monday November 27, 2017
A new botnet discovered using IoT drawing pads for reflection attacks
Monday October 30, 2017
Down the BadRabbit Hole
Wednesday October 25, 2017
The ‘Matrix Banker’ Reloaded
Thursday October 12, 2017
Resurgence of the Feodo banking Trojan on a government network
Monday October 2, 2017
How a cloud server nearly released IP at a major manufacturing company
Monday September 18, 2017
How Darktrace’s AI detects metamorphic malware
Monday July 31, 2017
Darktrace’s perspective on the NotPetya attack
Thursday June 29, 2017
Every rule has an exception: How to detect insider threat without rules
Wednesday June 21, 2017
WannaCry: Darktrace’s response to the global ransomware campaign
Wednesday May 17, 2017
Defending against ransomware: a live threat scenario
Monday May 8, 2017
Trust attacks and the evolution of ransomware
Wednesday April 5, 2017
The threat is already inside
Monday March 6, 2017
Smile! You're on camera
Monday February 13, 2017
Cyber-threats mean banks are no longer ‘too big to fail’
Monday January 30, 2017
AI will supercharge spear-phishing
Monday January 9, 2017
5 cyber security predictions for 2017
Friday December 16, 2016
The Internet of Stranger Things
Monday December 5, 2016
Holiday hacking: Cyber-attacks on Cyber Monday
Friday November 18, 2016
2016: The year of election tampering?
Friday November 4, 2016
6 emerging cyber-threats you didn’t see in the news
Monday October 24, 2016

About the authors

Justin Fier

Justin Fier is the Director for Cyber Intelligence & Analytics at Darktrace, based in Washington D.C. Justin is one of the US’s leading cyber intelligence experts, and his insights have been widely reported in leading media outlets, including Wall Street Journal, CNN, the Washington Post, and VICELAND. With over 10 years of experience in cyber defense, Justin has supported various elements in the US intelligence community, holding mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems and Abraxas. Justin is also a highly-skilled technical specialist, and works with Darktrace’s strategic global customers on threat analysis, defensive cyber operations, protecting IoT, and machine learning.

Dave Palmer

Dave Palmer is the Director of Technology at Darktrace, overseeing the mathematics and engineering teams and project strategies. With over ten years of experience at the forefront of government intelligence operations, Palmer has worked across UK intelligence agencies GCHQ & MI5, where he delivered mission-critical infrastructure services, including the replacement and security of entire global networks, the development of operational internet capabilities and the management of critical disaster recovery incidents. He holds a first-class degree in Computer Science and Software Engineering from the University of Birmingham.

Andrew Tsonchev

Andrew advises Darktrace’s strategic Fortune 500 customers on advanced threat detection, machine learning and autonomous response. He has a technical background in threat analysis and research, and holds a first-class degree in physics from Oxford University and a first-class degree in philosophy from King’s College London. He was most recently featured on BBC World, BBC Morning and Al Jazeera to comment on the news regarding the GRU.

Max Heinemeyer

Max is a cyber security expert with over eight years’ experience in the field specializing in network monitoring and offensive security. At Darktrace, Max works with strategic customers to help them investigate and respond to threats as well as overseeing the cyber security analyst team in the Cambridge UK headquarters. Prior to his current role, Max led the Threat and Vulnerability Management department for Hewlett-Packard in Central Europe. He was a member of the German Chaos Computer Club, working as a white hat hacker in penetration testing and red teaming engagements. Max holds a MSc from the University of Duisburg-Essen and a BSc from the Cooperative State University Stuttgart in International Business Information Systems.