Lucrative Ransomware Operations Increasingly Targeting IoT Ecosystem

Subscribe To Download This Insight

By Michela Menting | 2Q 2021 | IN-6132

The lack of security measures within the Internet of Things ecosystem is resulting in a rising number of ransomware attacks.

Registered users can unlock up to five pieces of premium content each month.

Log in or register to unlock this Insight.


Ransomware & IoT on the Rise


Two recent events have accentuated an increasingly worrying gap between organized cybercriminals and the cybersecurity industry as they relate to the Internet of Things (IoT). The first is a recently published report by Analyst1 on an apparent Cartel of various ransomware gangs with coordinated practices, shared infrastructure, as well as “as-a-service” business models, and automated attack capabilities, among other sophisticated and well-developed tactics. This report comes hot on the heels of various others from security vendors analyzing the growth of IoT attacks in the last two years. Both ransomware and IoT attacks are the top two most popular attack trends in recent years. The second event is the recent ransomware attack on IoT vendor Sierra Wireless, which effectively forced them to shut down production of their IoT modules for 9 days. Upon announcement of the attack, Sierra Wireless’ stock price dropped 15%.

A Tenuous but Serious Link


The link between IoT attacks and ransomware is not so obvious at first. Ransomware is hugely profitable when it can target vulnerabilities and exploits that affect millions of systems and machines. The organized cybercriminal activity that has emerged around it is highly developed. Their exploits are mainly targeted at homogenous and universal environments, such as the ones for PCs, laptops, and smartphones. The IoT is much more diverse and fragmented, making any one particular attack limited in terms of reach. Attacks have to be more customized and specific. However, they are often quite likely to succeed, even on a small scale, due to the widespread absence of security being employed for IoT devices generally.

However tenuous the relationship between ransomware and IoT attacks is today, the potential consequences are serious for tomorrow. The conflagration of the two is inevitable. IoT attacks currently focus on disruption or co-option into botnets, data theft, and potentially dangerous interreference with functional or physical safety processes. The real dangers in smart utilities, connected vehicles, and digital healthcare cannot be overstated. When adding ransomware into the equation, where healthcare, government, and industry already rank highly in the recurring victim trifecta, the threat vectors enabled by poor IoT security configuration will see organized cybercriminals increasingly exploit them.

The Analyst1 report provides some insight into ransomware usage for espionage; IoT devices that incorporate audio and video will prove lucrative targets for such groups. The implications for infiltration by state actors are real. Beyond that, ransomware attacks on fleet management services, or platooning vehicles for example, could be highly damaging, not to say dangerous. And perhaps much more realistically, the disruption of manufacturing sites, supply chains, or even consumer services can be financially damaging, and these areas are especially profitable for organized cybercrime.

The Sierra Wireless incident, unfortunately, does not bolster trust in the effective resolution of such attacks. The lack of public transparency around the event makes it unclear whether the halt in manufacturing was purely precautionary, or whether their production site was indeed affected. The only explanation provided was that the attack did not impact any customer-facing services or products; but this does not shed any light on any industrial IoT equipment that may have been used on the factory floor, or in the design systems for their modules and gateways, that could potentially have been affected. This is worrying, as the firm’s products are used in many different industries, including automotive, energy, healthcare, industrial, and transportation.

An Expanding IoT Ecosystem Means an Equally Growing Threat Landscape


What is clear is that as the IoT expands, increased regulations and standards, as well as interoperability, start cementing the ecosystem, the opportunity for malicious exploitation can only grow. The advent of 5G, and its promise for enhanced mobile broadband, ultra-reliable low latency, and massive machine type communications will only bolster IoT adoption, significantly at the enterprise level. This type of enhanced and ubiquitous connectivity will also allow for more sophisticated attacks, such as ransomware, to port over and start targeting enterprise applications.

Beyond the calls for secure design, secure implementation, and secure management of IoT devices, is also a clear need for transparency and visibility about attacks. Sierra Wireless opaqueness is in stark contrast to the way gaming outfit CD PROJEKT RED reacted to its own recent ransomware attack, where it openly disclosed what happened and how it was going to deal with it. This lack of transparency profits only threat actors in the end, and any deep-rooted trust in IoT development must absolutely take into account the sharing of attack information, and ultimately, the provision of visibility to end users.



Companies Mentioned