IoT threats to third-party networks

January 31, 2017

The cyberattack on Dyn raised worldwide awareness of the danger of the Internet of Things (IoT). When commandeered by malware, smart devices can contribute to botnet armies capable of crippling a business network and disrupting supply chains. Because older devices are not engineered to repel an internet attack, devices at home and at work can contribute to DDoS attacks leveled each day at businesses and organizations in industries like manufacturing.

An army of bots create a threat to IoT devices

Researchers in the United Kingdom discovered over 350,000 Twitter accounts created as bots in June 2013. By programming the bots, users are able to fake follower numbers, influence trending tweets, and achieve other goals not yet known. This massive bot army is apparently dormant, and purposefully designed not to over- or under-tweet, in order to avoid detection. As news of the discovery broke, the researchers noted they had just identified another silent Twitter botnet with more than 500,000 bots. What does a rogue smart device or a secret Twitter account have to do with your business?  Incidents of cybercrime continue to rise, and attacks on third-party vendors are a primary target. As the weakest link in a supply chain, a DDoS attack on a third-party vendor could incapacitate a network and offer opportunities for intrusion or data exfiltration. In a Cyber Risk Report by SurfWatch labs, study authors note, “The large-scale attacks we’ve seen this year highlight the ability of cybercriminals to continuously shift their tactics to weak links in the security chain. Organizations’ cyber risks have increased due to the growing number of vulnerable devices, easy-to-guess and/or reused user credentials and supply chain cybersecurity weaknesses. The interconnectivity of data, devices, and vendors creates numerous avenues of attack for cybercriminals.”

The domino effect of IoT threats

Outsourcing offers key advantages in costs and subject-matter expertise. Yet, the safety of your business data depends on your risk management and the security protocols of vendor partners. When a partner is hacked or loses data, your business network could already be compromised. Whether insecure IoT devices, security vulnerabilities, or phantom accounts—when the dominoes fall, make sure your platform doesn't fail with it.