IoT Denial of Service Botnets and SCADA Attacks to Plague 2017

Written by

With 2016 now behind us, it’s time to reflect on the security incidents that troubled our year and look to the challenges ahead. Security experts have been issuing some pretty grim predictions for 2017, especially as we prepare for an Internet of Things (IoT) revolution caused by the increased number of devices becoming available on the market.

The internet and the way we interact with it has changed considerably in the past couple of years. We’re likely on the precipice of a new revolution brought forward by billions of internet-connected devices that will be connected to the internet by 2020.

IoT Botnets – The New Normal
Estimated to reach a whopping $19 trillion by 2020, the IoT market will not only tap into new opportunities, but it will require us to beef up security mechanisms and figure out the best security practices to build and use smart things and devices. With incidents like the Mirai IoT botnet that knocked off Domain Name System (DNS) service provider Dyn, it’s likely that more such attacks will hit the media in 2017.

Uncontrolled deployment and use of IoT devices will pose new challenges for the security industry, and for companies. Critically disrupting a country’s services was, until now, something that only nations could have pulled off, but IoT proliferation puts these massive attacks in the hands of unknown attackers. With the ability to disrupt an entire country’s internet services, IoT botnets will become the ‘weapon of choice’ in denial of service attacks throughout 2017.

Dubbed ‘The Internet of Threats’, 1 Tbps denial of service attacks aimed at any infrastructure, regardless of whether it’s a company or a state-owned organization, is likely to be just the beginning when it comes to unlocking the full disruptive capabilities of IoT botnets. With poor security habits employed by manufacturers and customers, smart devices will remain a constant security risk throughout the year.

SCADA Systems Looking Down the Barrel
Security experts have long said SCADA (Supervisory control and data acquisition) systems are not just prone to remote hacking, but that having them compromised could lead to the compromise of a country’s electricity, communications and even transportation systems. As these industrial control systems can sometimes control processes over multiple sites and large distances, they’re sometimes improperly configured and accessible via the internet. As they lack security mechanisms, security researchers have found that attackers could tamper with them and issue commands that could cripple the very systems that regulate heating, electricity and even water distribution for an entire city.

The U.S. Department of Homeland Security issued a report stating that SCADA attacks have increased 15% in 2015, compared to 2014. There were 295 incidents counted by the DHS, and in 2017 we’re definitely going to see those numbers rise, as costs for producing SCADA equipment have gone down and they’ve begun moving towards TCP/IP protocols.

While this could mean that everything will become more automated, requiring less human supervision and intervention, it also means that they’re more prone to hacking attempts and vulnerabilities that could render them inoperable or severely altered. Attacks on these systems will likely increase throughout 2017 as cyber-criminals and state actors have already started probing and assessing the security of SCADA systems for some time now.

Targeted Attacks and Darknets
Organizations both public and private will likely be the focus of more targeted attacks from threat actors ranging from nation states to industrial espionage outfits, potentially exploiting their public cloud presence and security weaknesses. Targeted attacks in 2016 mostly focused on leaking personal customer data or shaming companies for improperly securing their networks.

In 2017, cyber-criminals could take it up a notch and aim for high-profile companies and banks, with their end-goal being to extort or steal as much money as possible or publicly shame them.

However, Silk Road-type markets lurking on the darknet will also proliferate, selling and distributing illegal goods, materials and services. Cybercrime tools sold on such marketplaces represent a real problem, as anyone can purchase powerful cybercrime tools.

While the original Silk Road market has been shut down by law enforcement, other TOR-ified hidden and highly specialized markets have quickly filled the gap to address demand. 

Making 2017 Safer
Both law enforcement and private security companies will likely start cooperating closer than ever to curb the rapid growth of cybercrime and the distribution of cybercrime tools. Some security companies have already joined Europol in dismantling a massive international criminal ring, Avalanche, which operated 20 malware and ransomware families.
 
Increased cooperation between law enforcement and security companies will undoubtedly make the internet a safer place and thwart many cyber-criminal and malware activities aimed at both companies and individuals.

What’s hot on Infosecurity Magazine?