Earlier this year, shocking data released by Zscaler, a cloud security company, revealed that more than 14,000 IoT-based malware attempts were blocked every month since May of 2019. Their findings indicated that the rise in IoT-based malware attempts was associated with two variables: a lack of adequate security and the introduction of more and more shadow devices—IoT devices that employees bring into work with them, such as smartwatches and cellphones.
It’s no secret that IoT devices are not secure. In fact, according to a 2019 report by Irdeto, only 58% of companies make security part of the product design cycle. Yet enforcing robust digital security could be the difference between saving and endangering a patient’s life in a hospital or a driver’s life in an autonomous vehicle. And with the coronavirus now reaching nearly all corners of the world, IoT device security is even more important than ever—not only for hospitals devices, but for home devices as well.
According to Reason Cybersecurity, hackers are now manipulating a Johns Hopkins University map that tracks the number of COVID-19 cases around the world by using it to disguise malware. When someone downloads the map file, a malware called AZORult infects the user’s computer and collects information stored within web browsers, such as passwords and cookies. This malware allows hackers to steal credit card numbers, login information, and other important data.
As hackers continue to use the coronavirus to their advantage, online users must use caution—especially with the advent of more remote work. Businesses are now urging employees to work remotely in order to contain the virus, and those working with sensitive information could be at serious risk of cyberattacks. For instance, if federal employees are asked to work remotely, government data could be threatened. According to Senator Mark Warner, the government’s move to possibly allow federal employees to work remotely will expand opportunities for hackers to attack and disrupt vital government services. Other countries, such as Russia, could use cyberattacks to spread misinformation about the coronavirus or slow government communications.
To make matters worse, many federal employees do not have access to government-issued laptops and phones, which means they would be accessing the network via their personal devices (shadow devices). Eighty-three percent of IoT-based transactions on personal devices occur over plain-text channels, less secure channels that leave device data vulnerable to hackers. The use of public Wi-Fi networks will also pose a threat to security, as will email phishing scams in which hackers impersonate employees’ bosses or coworkers.
Not only are IoT devices susceptible to digital hacking, but they are also vulnerable to side-channel attacks that use a device’s electromagnetic field radiation to break cryptography and gain access to valuable information stored within the hardware. You can read more about this here.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency released a checklist on Friday to support agencies whose employees will work remotely. While cybersecurity firms have stressed the importance of bolstering device security in past years, it is now painstakingly clear that we have not invested enough time, money, and energy into the cybersecurity of our devices. This virus only puts into perspective the need for rigorous device testing. Sources: https://www.msn.com/en-my/news/other/hackers-hiding-malware-in-bogus-map-of-covid-19-spread-says-cybersecurity-firm/ar-BB1186ZW, https://www.washingtonpost.com/nation/2020/03/13/federal-employees-may-soon-be-ordered-work-home-that-could-pose-serious-cybersecurity-risks/