IT disaster recovery, cloud computing and information security news

IoT threats and attacks are increasing, but rely on well-known security weaknesses

A new report from F-Secure finds that Internet of Things related threats and the number of attacks continue to increase, but still rely on well-known security weaknesses, such as unpatched software and weak passwords.

The report, using data collected and analyzed by F-Secure Labs, highlights that threats targeting Internet-connected devices are beginning to multiply more rapidly than in the past. The number of IoT threats observed by F-Secure Labs doubled in 2018, growing from 19 to 38 in the space of a single year. But many of these threats still use predictable, known techniques to compromise devices. Threats targeting weak/default credentials, unpatched vulnerabilities, or both, made up 87 percent of observed threats. 

F-Secure Operator Consultant Tom Gaffney says that larger device vendors are paying more attention to security than in the past, but there’s a lot of devices from many different manufacturers that don’t offer much in the way of security or privacy.

According to F-Secure Labs Principal Researcher Jarno Niemela, the root cause of many of the IoTs problems starts with the manufacturers’ supply chains. “Most device vendors license software development kits for the chipsets they use in their smart cameras, smart appliances, and other IoT devices. That’s where the vulnerabilities and other issues are coming from,” explains Niemela. “Device vendors have to start asking for more in terms of security from these suppliers, and also be prepared to issue updates and patches as they become available.”

More details (PDF).



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.