Malware in the media – IoT-devices a new playing field for botnets
Dutch government and financial infrastructure is under heavy DDoS attacks (Reuters, SecurityWeek). These attacks occurred a week after Dutch media disclosed that Dutch counter-intelligence warned US homeland on the democratic party email hacks. On social media and the internet people soon connected the two events and a conspiracy story was born.
The leading magazine CSOonline called IoT-security the number one challenge of 2018. According to Symantec and ESET IoT-devices are increasingly used for DDoS attacks. The reason why cybercriminals focus on IoT is the expected exponential growth and the fact that a large number of IoT-devices are unprotected or unpatched.
Above research results clearly show that most people buying smart products do not understand that these devices need the same patching and protecting like any other internet connected device running software.
Last year’s Wifi Krack and the recent Meltdown and Spectre show that IT vendors handle these incidents differently than more traditional products (although these products also contain IT-technology). For instance, when a Bosch motor management system in a BMW car has a hidden defect, the car maker would organize a recall action. So why can’t you claim your warranty when an Intel Chip has a hidden defect in an ASUS, Dell, Lenovo or HP computer?
The answer is simple. Look for instance at the hardware warranty of Apple. The warranty clearly states “This warranty does not apply to any non-Apple branded hardware.” Since 95% of the hardware is from third-party manufacturers, the warranty is an empty box in these circumstances. The recent incidents emphasize the need for patched systems and up to date software.