According to Trend Micro, insecure devices are inadvertently fuelling a range of emerging threats, including corporate data theft and network intrusions, ransomware-related outages, sabotage of industrial equipment, and botnet-driven DDoS and crypto-mining.
“As the success of Mirai, Brickerbot and other attacks have shown, cyber criminals and nation-state actors are increasingly turning their attention to exploiting vulnerabilities in IoT devices,” said Mick McCluney, technical director, Trend Micro ANZ.
“The problem here is that patching flaws after their discovery is highly problematic. Many manufacturers may not have a software update mechanism in place, and even if patches can be issued, customers may have challenges applying them – especially large corporations with potentially thousands of IoT endpoints running in mission critical environments.”
The company says that during the first half of 2018 alone, the ZDI published 600 advisories, a 33% increase compared to the same timeframe in 2017 – with SCADA and Industrial IoT vulnerabilities comprising around 30% of submissions so far this year, with the ICS-CERT the number one supplier of SCADA/ICS flaws.