A series of distributed denial-of-service (DDoS) attacks powered by the malware botnet Mirai on October 21, 2016 disabled Dyn, the domain name system provider for hundreds of major websites, including Netflix, Twitter, and PayPal. The malware infected and spread through systems with the help of hacker-compromised web-connected cameras and digital recorders in consumer households, and security experts expressed their concerns about new threats from home electronics and the Internet of Things (IoT).
Research firm Gartner projects that 26 billion IoT devices will be installed by 2020. These IoT devices and sensors will be connected to freight containers, facility alarms, data centers, HVAC environmental monitoring equipment, hospital operating rooms, etc., and companies will be expected to do something with the information collected from these devices.
IoT applications that are already in the field include smart meters used by electric and gas utilities. Estimates are that by 2020, there will be over 900 million of these smart meters installed globally, with Asia leading the transition to smart energy grids, followed by Europe and North America. The cost of installing these smart meters is over $100 billion, but the projected financial benefits will reach $160 billion. So the return on investment (ROI) is there, but what else do companies have to worry about?
With smart meters, we're looking at millions of devices with physical exposure and the ability to inject software attacks from multiple points of entry. To a greater or lessor degree, this IoT exposure also applies to manufacturing, logistics, and other companies operating IoT devices at the edges of enterprises, and even to highly centralized companies where malware could leak in through an IoT-monitored HVAC or environmental monitoring device.
In December 2015, 30 of 135 power substations in the Ukraine were taken out for nearly six hours by a cybersecurity attack. Initially, hackers used malware to direct utilities' industrial control computers to disconnect the substations; then, they inserted a wiper virus that made the computers inoperable.
In September 2016, IoT devices and around 150,000 CCTV cameras were used as part of a botnet to attack the infrastructure of a French web hosting company, also compromising IoT devices. At one point, 1.1. Tbps were being dumped on the firm's networks.