Technology
Products
Industries
News
Blog
Events
Resources
Company
English
Technology
Cyber AI
Darktrace Immune System
Autonomous Response
Cloud Security
Email Security
Threat Visualization
Integrations
Products
Enterprise Immune System
Industrial Immune System
Cyber AI Analyst
Antigena Network
Antigena SaaS
Antigena Email
Industries
Financial Services
Manufacturing & Supply
Education
Energy & Utilities
Government & Defense
Technology & Telecoms
Retail & e-Commerce
Legal & HR
Transportation
Healthcare & Pharma
Media & Entertainment
Nonprofit
News
In the News
Press Releases
Events
Darktrace Events
Cyber AI Forum Americas
Industry Events
On-Demand Events
Resources
White Papers
Data Sheets
Case Studies
Video Features
Industry Analyst Reports
Company
Company Overview
Investors
Darktrace Community
Darktrace Education
Awards
Partners
Careers
Executive Team
Subject Matter Experts
Board of Directors
Advisory Council
Science and Technology Committee
Contact
Deutsch
English
Español
Français
Italiano
Português
日本語
한국어
Technology
Products
Industries
News
Blog
Events
Resources
Company
Darktrace Blog

The Internet of Stranger Things

Dave Palmer, Director of Technology | Monday December 5, 2016

To take down DNS provider Dyn, hackers exploited critical vulnerabilities in the Internet of Things. Vital internet services crashed, including Twitter, Amazon, and Netflix. Experts now suggest that amateurs may have been behind the attack. This begs the question — if amateurs can use IoT to wreak havoc, how will more sophisticated attackers proceed?

As IoT devices become increasingly prevalent — and as ransomware has skyrocketed by 259 percent in just five months — criminals will start to look at essential business equipment as a viable target. Healthcare machines like insulin pumps and MRIs are now network-connected, as are Boeing 787s, oilfield sensors, wind turbines, quality control machines, and more.

By taking control of essential equipment, a criminal can bring business to a grinding halt, either demanding payment to regain access, or sabotaging the equipment beyond repair.

But IoT attacks also don’t have to be so obvious. Once a criminal has control of a network device, they can subtly alter its data. For instance, by changing results obtained from a drilling company’s sensors, a criminal can trick them into mining a depleted area.

This represents a far more insidious kind of attack. With critical equipment under their control, a criminal can quietly tweak bank account numbers, medical results, or blueprints. Just a small change can prove catastrophic, and given the ubiquitous nature of IoT devices, every industry is vulnerable. Worse still, you may not realize until it’s too late.

By comparison, the Dyn attack seems rather crude.

To be sure, the DDoS attack on Dyn was eye-opening. In the course of a day, we learned the ease with which lackluster IoT security can be exploited for massive cyber-attacks. In this instance, the attacker created a Mirai botnet using home devices to overload the Dyn servers with attack traffic reported to be as high as 1.2 Tbps.

But the Dyn attack is just the beginning. Whether through a subtle attack or an aggressive ransomware extortion, modern businesses are facing substantial new threats because of the IoT. Our security approach needs to reflect this new reality. Fortunately, self-learning immune systems are here, and they can automatically adapt to protect even the newest technologies within our digital ecosystems.

For more on the future of IoT security, sign up for my webinar to learn how cyber-attacks will soon be powered by AI.

Dave Palmer

Dave is the Chief Product Officer at Darktrace, overseeing the mathematics and engineering teams and project strategies. With over 13 years’ experience at the forefront of government intelligence operations, Dave has worked across UK intelligence agencies GCHQ and MI5, where he was responsible for delivering mission-critical infrastructure services, including replacing and securing entire global networks, the development of operational internet capabilities and the management of critical disaster recovery incidents. He acts as an advisor to cyber security start-ups and growth-stage companies from the UK Government’s Cyber Security Accelerator and CyLon. His insights on AI and the future of cyber security are also regularly featured in the UK media. He holds a first-class degree in Computer Science and Software Engineering from the University of Birmingham.

Recent posts

How AI defends critical infrastructure from ransomware
Thursday May 13, 2021
Protecting organizations in a post-SolarWinds world
Monday May 10, 2021
Insider threats, supply chains, and IoT: Breaking down a modern-day cyber-attack
Tuesday May 4, 2021
How AI email security reduces the burden on human defenders
Thursday April 29, 2021
APT35 ‘Charming Kitten' discovered in a pre-infected environment
Friday April 23, 2021
Hafnium cyber-attack neutralized by AI in December 2020
Friday April 16, 2021
Read more