Security research roundup: survival at the edge of digital and physical threats

“By 2022, organizations will be plunged into crisis as merciless attackers exploit weaknesses in immature technologies and take advantage of an unprepared workforce. At the same time, natural forces will wreak havoc on infrastructure,” said Steve Durbin, Managing Director, ISF, in a prepared statement.

“Invasive technologies will be embraced across both industry and consumer markets, creating an increasingly tumultuous and unpredictable security environment. Organizations will have to adapt quickly to survive when digital and physical worlds collide. Those that don’t will find themselves exposed to threats that will outpace and overwhelm them,” Durbin wrote.

Facing an unpredictable security environment, the ISF identifies major threats generated by three main trends including:

– “invasive” technology

– unpatched and neglected infrastructure with outdated tech

– lack of trust in digital business caused by attacks and deceptive technology.

The first threat comes from invasive technology that is now part of daily activities in both industry and consumer markets through sensors, cameras, and other connected devices integrated into homes, offices, factories, and public spaces. The high volume of data being transmitted opens the door for cyberattacks that can invade privacy and risk people’s safety.

Security of edge and IoT environments

According to the report, edge computing for IoT industrial processes will be the main attack target because it provides multiple points of failure, while business continuity and disaster recovery plans will suffer from frequent extreme weather events. Older and unpatched IoT devices that are still connected to the network will also make great entry points for hackers.

Constant connectivity and real-time processing are industry-critical, but infrastructures will have to be protected against man-made, natural, accidental, and malicious threats at the same time. Downtime, data compromise, unethical use of technology, and privacy breaches affect company reputation and consumer trust.

Invasive technology threats include augmented reality attacks that risk privacy and safety, behavioral analytics considered invasive and unethical, and semi-autonomous robots with weak security that access personal data.

Deepfake manipulation of digital content, the lack of security training, and tech abuse will contribute to companies’ losing consumer trust.

“What our latest Threat Horizon report does is reflect that yes, digital and physical worlds are combining, but much more importantly, reflects that we’re going to have to change our overall thinking about the way that we deal with the risks that emanate from some of these threats,” Durbin wrote. If we’re going to be effective, we need to address many of these issues that we’ve just scratched the surface on all the way through to 2022.”

New IoT malware for DDoS attacks detected in the wild

In other news, CenturyLink’s Black Lotus Labs identified a new malware family targeting IoT devices, after it reviewed traffic increase from December 2019, the company announced. The Mozi malware family includes code from Gafgyt, Mirai, and IoT Reaper, combined into a peer-to-peer (P2P) botnet that launches DDoS attacks, and performs data exfiltration and command or payload execution. It targets unpatched routers and DVRs, or those with weak telnet passwords.

IoT security industry forecast by 2025

By 2025, there will be a stringent need for robust anti-malware security solutions due to smart city prevalence and industry automation adoption in multiple verticals, according to the IoT Security Market: Global Industry Trends, Share, Size, Growth, Opportunity and Forecast 2020-2025 report released by ResearchAndMarkets.com.

In 2019, the global IoT security market was valued at $10.2 billion, and it is forecast to grow at $40.7 billion by 2025, with a CAGR of nearly 26% in the given timeframe. Fast IoT adoption and growing cyber-terrorism threats will be the main growth drivers, alongside Bring Your Own Device (BYOD), smart cities, and general industry interest in automation. Other contributing factors include 4G and 5G technologies and social media channels as sources for identity and data theft.

IoT security solutions and network security currently hold the highest market share. The vertical with the highest market share is energy and utilities, and geographically it is Asia-Pacific where IoT security has most potential and opportunities.

Article Topics

edge computing  |  IoT  |  malware  |  security