Home >> News: August 20th, 2015 >> Story
Satnews Daily
August 20th, 2015

Nexusguard + Cybersecurity Ventures Report Risks w/LoT Devices Now More Connections To The Internet


[SatNews] The report underscores the inherent risks of IoT devices, especially routers which are often used as the "jumping off" point for aggressive DDoS attackers...

Nexusguard, the worldwide leader in Distributed Denial of Service (DDoS) security solutions, announced today a sponsored in-depth security report that examines the underreported risks that come with always-online IoT devices that are susceptible to attack. The report was conducted by leading research and market intelligence firm Cybersecurity Ventures.

The report underscores the inherent risks of IoT devices, especially routers which are often used as the "jumping off" point for aggressive DDoS attackers. These vulnerable devices can be exploited during software updates and used as launch proxy servers that can be targeted at businesses which are then extorted for monetary payment. DDoS is often the "first wave" of attacks by hackers who use them to distract companies from other more targeted intrusions. Routers are also being used in Simple Service Discovery Protocol (SSDP) reflection attacks which target unpatched or un-patchable routers. These SSDP attacks are especially dangerous because they can utilize vulnerable routers to amplify an attack beyond normal bandwidth limits while also hiding the original source of the attack.  

Key report findings and market statistics include:

  • By year-end 2017, more than 20 percent of businesses will utilize security services to protect IoT initiatives 
  • The multi-trillion dollar IoT market will lift security research and spending through 2025 
  • IoT devices rely heavily on shared libraries and a rapid development cycle. Because of their constraints, many IoT devices have limited options for firmware upgrades and other risk management features making them highly susceptible to intrusion and attacks 
  • As older devices are no longer supported by manufacturers and patches/fixes are ceased, there will be increased opportunity for hackers
  • Recent pertinent security statistics from Nexusguard:
  • In the past seven days the company saw 64 internet-based scans for SSDP services 
  • In a recent attack the company tracked 559 edge devices (a device which provides an entry point into enterprise or service provider core networks) that were being exploited, with more than half located in the USA, China, Bulgaria and Russia

 

"IoT brings new layers of interconnectedness and efficiency, but the risks cannot be ignored," says Steve Morgan, CEO at Cybersecurity Ventures and Editor-In-Chief of the Cybersecurity Market Report and Cybersecurity 500 list of the world's hottest and most innovative cybersecurity companies. "We created this report to highlight the risks that come with IoT devices, as more and more of these objects are connected to the Internet and built with exploitable lightweight security. Nexusguard is emerging as a leader in the DDoS and IoT security realm, and their position is recognized by the CISOs and IT security executives, IT analysts, and the service provider community."

"We're very pleased to work with Cybersecurity Ventures to present this report that exposes the growing and often underestimated risks presented by the Internet of Things," explains Terrence Gareau, Chief Scientist, Nexusguard. "Home routers and other similar Internet-connected devices are easy access points for hackers, who can use them to launch DDoS or setup proxies for internet fraud that can shut down ISPs or cripple a business. These attacks can be especially harmful to the providers of IoT services, for example if an alarm system is controlled by an app, the attack could completely shut down this capability, rendering the entire service unusable. We're the dominant player in DDoS and IoT attack prevention and believe it is important to raise industry awareness about the persistent IoT threat."

Leading research and market intelligence firm Cybersecurity Ventures produces the quarterly Cybersecurity Market Report and the Cybersecurity 500, de-facto list of the world's hottest and most innovative cybersecurity companies. .