Connect with us

Technology

Darktrace releases Internet of Things security report

Published

on


parking lot
Hackers took over a
digital parking kiosk for nefarious ends, according to the
Darktrace 2018 Threat Report.

LAKRUWAN
/ Getty Images


  • As Internet of Things (IoT) devices become more
    prevalent, so do the ways that hackers exploit them, according
    to the Darktrace 2018 Threat Report, released Tuesday.
  • In one instance, hackers took over a digital parking
    payment kiosk and connected it to websites featuring adult
    content.
  • In another instance, hackers connected to industrial
    blenders, slicers and other connected devices on a food
    assembly line in an attempt to access the greater
    network.

In a recent incident, hackers took control of a digital parking
kiosk and connected it to websites featuring adult content,
according to researchers at the cybersecurity company Darktrace.
The kiosk didn’t actually display the content,
which actually makes the stunt more confusing: If it wasn’t for a
weird prank, then why even bother?

“It’s unknown what the attacker’s motive might have been,” says
Darktrace.

But it points to a worrisome trend, as the company revealed
Tuesday by Darktrace in its annual Threat Report, which
highlights bizarre and unexpected ways that so-called black hat
hackers attempt to subvert and infiltrate networks. The key
takeaway is that if there’s a flaw, hackers will find and exploit
it. 

“The incident exemplifies the vulnerabilities that IoT devices
can pose and the need for comprehensive cyber defense across the
entire digital infrastructure,” the report says. 

Darktrace
uses AI to identify unusual activity
on a network,
particularly involving unconventional connected devices. 

In another instance recorded by the Darktrace report, hackers
attempted to get into a corporate network by connecting to
different IoT devices on an industrial food assembly line. They
managed to connect to industrial blenders, slicers and baggers in
an attempt to move within the network.

IoT devices like blenders don’t contain valuable or exploitable
information, such as corporate pay stubs. But the hackers wanted
to trick the IT network into letting them connect to the greater
company IT network. In theory, the hackers could move around the
network until making their way onto a PC or phone
that does have valuable data.

Of note is that in this example, the internet-connected
appliances hadn’t been vetted by the factory’s security experts.
They were just purchased, put online, and connected to the
network. 

“Crucially, these devices did not have approval from the security
team to be connected to the core IT infrastructure. By
correlating these factors in real time, Darktrace’s AI detected
the anomalous behavior and determined the activity to be a
significant risk to the organization’s assembly line,” according
to the report.

In another similar instance, hackers took control of personal
storage lockers at an amusement park in North America. These
smart lockers connect with a third-party online platform when
employees entered their access codes. The hackers used the locker
connection to hitch a ride into the third-party platform and
swipe data.

“The connections, which could have included identifying details
or sensitive credentials, had the potential to be transmitted
over the internet entirely unprotected – giving the attackers
ability to intercept the connections
and use the information to breach the company’s network
defenses,” according to the report.

Continue Reading
Advertisement Find your dream job

Trending