GDT Webinar Series – How to Fail at Security? Reserve Your Spot

Good news, bad news for IoT


How could there possibly be any news—other than the good kind—for IoT? It will inarguably be looked back on as the most impactful technological paradigm, per capita, of all time. More so than the personal computer. The number of IoT devices has surpassed the world’s population. The PC can’t claim a quarter of that.

You can connect cars, wearables, toys, TVs, meters of all types, security systems, monitoring systems for traffic, both auto and foot, and weather. There are smart cities, smart thermostats, smart lighting, smart appliances, etc. And for anything not connected, there are no doubt people tirelessly working on figuring it out how to make it smart and controllable via a tablet or phone.

But, sadly, with the good comes always comes some bad. And in the case of IoT, the bad involves security. According to a recent study, the number of cyber attacks directed at IoT devices doubled in 2018.

IoT attacks were rare prior to 2014, and the most noteworthy attack came two (2) years later in 2016 when Mirai was introduced. It is the most prevalent family of malware attacks. It’s the granddaddy of IoT attacks, and made its name on those of the DDoS variety. Many subsequent threats have been offshoots of it.

Patience, the good news is coming

Once Mirai made the scene, a steady stream of IoT-targeted attacks soon launched.

Hajime was launched a couple months after Mirai and took advantage of users who neglected to change default passwords on the routers supplied by ISPs.

IoT Reaper was introduced in late 2017, which didn’t rely on password negligence, but targeted HTTP control interface vulnerabilities in publicly facing IT and closed-circuit television cameras (CCTVs). It was a biggie, infecting millions of devices.

The adorably named Hide N Seek virus road the coattails of IoT Reaper. It also found cameras, but accessed the servers by randomly generating IP addresses. It crypto jacked infected servers, installing crypto miners to steal compute resources and generate virtual currency.

ADB.Miner was the first variant of Mirai, and the first to target Android devices. It used devices’ debugger interface to install a crypto miner to trade a virtual currency named Monero.

Fbot, which was also inspired by Mirai, included blockchain-based DNS that was difficult to track. Fbot first targeted ADB.Miner, uninstalled it, then used the infected Android device to crypto mine.

Torii, another Mirai variant, is a brute force attack and used exit nodes by utilizing software from Tor (The Onion Router), a free, open-source software for anonymous communications.

Last year, VPNFilter, the first government-led IoT cyber-attack, was detected. It was backed by the Russians and targeted routers used in the Ukraine, destroying its firmware and sniffing out weak credentials. Almost every router manufacturer on the market had some vulnerability that could be exploited in the attack.

Finally, the good stuff

The study found that almost ninety percent (90%) of all threats examined, including the aforementioned, could have been combated by either deploying a strong password or updating device software. Doing both will take care of ninety percent (90%) of your IoT security concerns. Easy, simple and secure—a no-brainer.

Also, device manufacturers are getting better at releasing products with security in mind. Up until recently, they had placed little emphasis on it. That’s good news moving forward, but not so much if you’re using a device that’s getting a little long in the tooth.

Even better news—you can call on these IoT and Smart City experts to soothe your fears and keep your IoT roadmap safe, sound and secure

For more information about IoT and Smart City solutions, and how to deploy them with security top-of-mind, talk to the experts at GDT. Their tenured, talented solutions architects, engineers and security analysts understand how to design and deploy IoT and Smart City solutions for organizations of all sizes to help them realize more productivity, enhanced operations and greater revenue. GDT helps organizations transform their legacy environments into highly productive digital infrastructures and architectures. You can reach them at They’d love to hear from you.


Share this article

You might also like:

The advent of artificial intelligence (AI) brings transformative potential across industries while also introducing significant data security challenges. As AI systems become integral to operational and decision-making processes, safeguarding sensitive information against sophisticated threats is paramount. This exploration sheds light on the complexities of AI and data security and proposes

Transport layer security (TLS) is one of the most common tools for keeping users safe on the internet. When automated, TLS certification management can help organizations ensure more reliable and consistent use of TLS, reducing the need for human intervention and risk of human error. In fact, over the years,

As the head of GDT’s security practice and an industry veteran, Jeanne Malone and her team help customers worldwide advance their cybersecurity posture. One of the biggest cybersecurity game-changers is artificial intelligence (AI). We asked Jeanne to weigh in on leveraging AI and machine learning in cybersecurity to improve intrusion