Internet of Things

Ransomware attacks will target more IoT devices in 2018

Large organizations with deployments of IoT security cameras, DVRs, and sensors will be especially impacted by ransomware's pivot from the desktop to IoT, says IBM Security's Caleb Barlow.

In 2017, there was a massive amount of ransomware attacks targeting corporate systems. In 2018, those attacks will shift to target Internet of Things (IoT) devices. TechRepublic's Dan Patterson met with IBM Security's vice president of threat intelligence Caleb Barlow to discuss the consequences of IoT-based ransomware attacks.

Now that people have internet-connected devices in everything from dishwashers to cars, we're more likely to see those devices locked up by ransomware, Barlow said. These devices are often highly vulnerable, and there is also a lot of information available on how to exploit the vulnerabilities.

"We suspect next year we'll start to see larger scale attacks in the IoT space," he said.

SEE:Enterprise IoT Research 2017: Benefits, Trends, and Security Concerns(Tech Pro Research)

System administrators need to understand the inventory of where these IoT devices are located, what they are connected to, and how to update them. With any device that connects to the internet, "we need a way to update it in real time over the wire, and if we don't have that we should really question why we should use it," he said.

Barlow's other 2018 predictions include:

  • Africa will emerge as a cybersecurity powerhouse. There will be new forms of cyberattacks, and Africa will be added to the world stage of cyberplayers. Barlow reported IBM's intelligence team has seen a lift in actors coming from Africa, as well as attacks landing in Africa.
  • Cybersecurity will transition into an artificial intelligence (AI) vs. AI fight— meaning defenders will use AI to defend their systems, while adversaries will use AI to find the holes in those systems.
  • Data firms will move away from using personal identifiers as forms of access. Immutable data such as a person's social security number, date of birth, or mother's maiden name will no longer be used as forms of access because of the large amount of people who had their personal records hacked in 2017.


Also see

istock-610749178.jpg
Image: iStock/Jirsak

About Leah Brown

Leah Brown is the Associate Social Media Editor for TechRepublic. She manages and develops social strategies for TechRepublic and Tech Pro Research.

Editor's Picks

Free Newsletters, In your Inbox