The coming switch to 5G cellular networks will be a boon to businesses in many ways, but it will also create a vast new “attack surface” for hackers.
The main attraction to 5G — “lightning-fast” internet speeds — is also what creates the risk. Why? Because it will fuel a huge influx of “smart” devices that can connect more easily and efficiently to the web through 5G than they are able to today with WiFi and 3G/4G.
We’re still in the early days of the Internet of Things revolution, but 5G will make this field explode. In just a few years, we can expect to see billions more of these devices enter the market, from workplace-specific gadgets to smart buildings, robocars and home appliances.
There’s just one problem — the Internet of Things is mostly comprised of insecure devices, which are extremely easy to hack.
Consequently, 5G will essentially flood the market with countless new vulnerable endpoints, many of which will put businesses at risk of data breaches, sabotage, extortion and other threats.
Sneaking into your network
The primary danger for businesses is that the surge in IoT devices will create a plethora of new backdoors that hackers can use to sneak inside their networks. These attacks will totally blindside companies.
Consider this example: In 2018, a Las Vegas casino was breached after hackers snuck in through a vulnerable ‘smart’ thermometer in a lobby fish tank.
This type of peripheral attack will be difficult for businesses to contain in the coming years. Remember, as smartdevices replace traditional products (like door locks, thermostats, lightbulbs, etc.) and create whole new product categories (e.g., smart speakers, smart desks, remote sensors), they are essentially adding a ton of new endpoints to the periphery of the business network. These devices are often insecure by design, and they’re more likely to be overlooked because they reside on the edge of the network.
This makes IoT devices an ideal target for hackers. It’s an easy way for them to bypass a company’s cybersecurity and get a foothold on the network. Once inside, they can look for other devices on the network and gradually move into the core business.
Physically disruptive attacks
This large IoT attack surface has other consequences for companies besides data breaches. It can also lead to “kinetic” cyber attacks — a digital attack that has a physical consequence.
That is because IoT devices are now increasingly controlling important physical functions, like power flow, air conditioning, door locks, building systems, vehicle operations, etc.
If one of these devices is hacked, it could be “weaponized” to commit an act of physical sabotage. However, even just disabling it with malware — such as ransomware — would be enough to cause a disruption to a business. Take the 2017 WannaCry ransomware attack. This disrupted IoT devices around the world, including MRI scanners, blood-storage refrigerators and police traffic cameras.
For years, businesses have faced cyber extortion from a type of attack known as distributed denial-of-service (DDoS). As the Internet of Things grows bigger, these attacks will get much worse.
In a DDoS attack, the hacker knocks a company’s website offline or disrupts its connection to the Internet by flooding it with traffic. To do this, the hacker needs to harness the power of thousands of other devices, in what is called a “botnet.” In the past, botnets were made up of infected computers, but now hackers are starting to create them from IoT devices, as in the case of the 2016 Mirai botnet or this 2017 attack on a university which used infected vending machines and lightbulbs.
IoT botnets can be significantly larger and more powerful than computer botnets, and 5G data speeds will make this problem even worse.
Limiting business risk
As 5G expands the attack surface, businesses need to change their thinking in order to keep up.
To start with, companies should treat IoT devices the same way they do computers. This means keeping them updated and patched, monitored for threats, and including them in preventive measures like firewalls and anti-virus. Segment the network as much as possible too, in order to isolate IoT devices from more sensitive areas of the network. Companies also need to prioritize post-breach contingency planning. Know what to do and who to call in the event of a successful attack. Cyber insurance is also critical.
Jason Glassberg is co-founder of Casaba Security (www.casaba.com), a cybersecurity and ethical hacking firm that advises businesses ranging from startups to Fortune 100s. He is a former cybersecurity executive for Ernst & Young and Lehman Brothers.
Article Source: CLICK HERE