Trend Micro Envisions Maturing IoT Attacker Business Models
Insecure IoT devices- Trend Micro published a threat report called Uncovering IoT Threats in the Cybercrime Underground that outlined many interesting discoveries about threat groups targeting IoT devices and offered predictions for the coming months.
While the underground groups reflect differing interests, skills and languages, they have commonalities that should sound alarms to custodians of SCADA and ICS installations throughout the energy, communications, transportation and manufacturing sectors (see: Could Large-Scale IIoT Failures Be on the Horizon?)
Each of these criminal online communities is highly interested in learning how to compromise all kinds of IoT devices.
Each of these criminal online communities is highly interested in learning how to compromise all kinds of IoT devices. There are loads of tutorials and research that have been compiled on hacking techniques, vulnerability exploitation and even source code for script kiddies, allowing even the least-skilled hacker to do plenty of serious damage.
Although the Trend Micro researchers did not discover a concerted effort on the part of criminal groups to massively damage or compromise any critical large-scale IoT infrastructure, all indications are leading that way. Most of today’s mass infections are caused by exploitable vulnerabilities – as was the MikroTik case in Brazil – or by weak credentials – as in every Mirai attack (see: IoT Botnets: Why the Next Mirai Could Be Worse)
The researchers were starting to see the first attempts to find ways to monetize device infections, which, if successful, would substantially boost systemic IoT attacks on commercial infrastructure where attackers could easily monetize their attacks. The researchers also tracked evidence of nation-states and more dangerous threat actors infecting IoT devices to use them as DDoS platforms and proxy agents.
Cybercriminals motivated by money are also finding similar uses for infected devices, giving life to advanced commercial attack scenarios. Their monetization model is going to continue to be based on extorting custodians of industrial targets under the threat of extended downtime, similar to the recent increase in ransomware attacks.