- Routers remain the top target for IoT-based cyberattacks
- Researchers say changing default passwords of smart devices may help prevent attacks
As more and more devices are getting connected to the Internet of Things (IoT), cyberattacks on smart devices are also gaining momentum.
While routers remain the top target for IoT-based cyberattacks, internet-connected gas pumps are also increasingly catching hackers’ attention.
This new target was uncovered by researchers at Trend Micro, which carried out an examination of dark web marketplaces in five different languages – Russian, Portuguese, English, Arabic, and Spanish.
The Internet of Things in the Cybercrime Underground report reveals that the Russian market is being targeted the most by cybercriminals, who are keen to make money from attacks and exploits.
Possibility of DDoS attacks
Like any unsecured connected device, there’s the possibility that internet-facing gas pumps could be roped into botnets for use in Distributed Denial of Service (DDoS) attacks, with attackers using them to help overload online services.
A previous Trend Micro report had also highlighted that remotely accessible and unsecured gas pumps could be abused by hackers to cause errors or physical damage.
Attack on IoT devices likely to increase
With billions more devices expected to enter homes and workplaces over the coming years – especially as 5G helps provide faster, more reliable connections for devices – cybercriminals will increasingly turn to IoT as a means of attack, warn researchers.
One of the ways to protect internet-connected gas pumps and similar smart devices is ensuring that their default password is changed, so brute-force attacks aren’t as effective, they suggested.
“Operators of these devices should also think about using features such as VPNs to encrypt the traffic, and mutual authentication whereby both the device and the user validate one other before continuing,” says Bharat Mistry, principal security strategist at Trend Micro
Software must continuously be updated and patched, and operators should always have a manual override at the ready in case of a compromised machine, he added.