1 00:00:00,06 --> 00:00:01,08 - [Instructor] The internet of Things, 2 00:00:01,08 --> 00:00:05,06 or IoT can be the source of major cybersecurity threats, 3 00:00:05,06 --> 00:00:07,02 including data leakage, 4 00:00:07,02 --> 00:00:09,05 distributed denial of service attacks, 5 00:00:09,05 --> 00:00:12,06 and any attack that can be launched from botnets. 6 00:00:12,06 --> 00:00:15,04 Let's take a look at what the Internet of Things is 7 00:00:15,04 --> 00:00:19,02 and why it's part of the cybersecurity threat landscape. 8 00:00:19,02 --> 00:00:21,06 More and more devices are being connected 9 00:00:21,06 --> 00:00:24,08 to the internet in the name of convenience and control, 10 00:00:24,08 --> 00:00:27,07 key drivers for the growth of IoT devices 11 00:00:27,07 --> 00:00:30,01 include the rise of cloud computing 12 00:00:30,01 --> 00:00:33,03 as the foundational technology for IoT, 13 00:00:33,03 --> 00:00:37,09 plummeting cost of IoT devices, common usage of smartphones 14 00:00:37,09 --> 00:00:44,04 and tablets to control IoT devices, and easy access to wifi. 15 00:00:44,04 --> 00:00:47,03 Practically any electronic device can be connected 16 00:00:47,03 --> 00:00:50,01 to the internet and become an IoT device. 17 00:00:50,01 --> 00:00:54,04 Common IoT devices include smart home lights, switches, 18 00:00:54,04 --> 00:00:58,08 thermostats, home appliances, TVs, security cameras, 19 00:00:58,08 --> 00:01:00,03 and even locks. 20 00:01:00,03 --> 00:01:02,07 Many health devices are also directly connected 21 00:01:02,07 --> 00:01:05,01 to the internet, such as fitness trackers, 22 00:01:05,01 --> 00:01:08,09 connected scales, pedometers, and sleep monitors. 23 00:01:08,09 --> 00:01:10,05 Personal assistants that respond 24 00:01:10,05 --> 00:01:13,00 to voice commands are also popular. 25 00:01:13,00 --> 00:01:17,04 And of course, most modern vehicles are also IoT devices. 26 00:01:17,04 --> 00:01:20,00 And the number of IoT devices is projected to grow 27 00:01:20,00 --> 00:01:23,04 to more than 50 billion by 2025. 28 00:01:23,04 --> 00:01:26,03 The problem is IoT devices are often connected 29 00:01:26,03 --> 00:01:29,02 to the internet without thinking about their security 30 00:01:29,02 --> 00:01:32,02 and IoT devices can be more vulnerable to attacks 31 00:01:32,02 --> 00:01:35,07 than servers and network devices connected to the internet. 32 00:01:35,07 --> 00:01:37,07 That's because they usually don't have enough 33 00:01:37,07 --> 00:01:40,03 computing power to support basic protections 34 00:01:40,03 --> 00:01:43,01 like antimalware and firewalls. 35 00:01:43,01 --> 00:01:46,05 They also often have built in back doors for maintenance 36 00:01:46,05 --> 00:01:49,02 with default passwords that can easily be found 37 00:01:49,02 --> 00:01:52,02 on the internet, because these IoT devices 38 00:01:52,02 --> 00:01:54,08 are usually directly connected to the internet, 39 00:01:54,08 --> 00:01:56,09 attackers can easily exploit these 40 00:01:56,09 --> 00:01:59,09 and other vulnerabilities with automated scripts. 41 00:01:59,09 --> 00:02:02,01 Once they have control of an IoT device 42 00:02:02,01 --> 00:02:05,07 it can be added to a botnet or used as a jumping off point 43 00:02:05,07 --> 00:02:09,01 to attack other devices on the same network. 44 00:02:09,01 --> 00:02:12,06 According to Symantec's internet security threat report, 45 00:02:12,06 --> 00:02:16,00 routers and connected cameras are the IoT devices most 46 00:02:16,00 --> 00:02:20,00 infected by malware and the main sources of IoT attacks, 47 00:02:20,00 --> 00:02:24,00 accounting for over 90% of malicious activity. 48 00:02:24,00 --> 00:02:26,07 One of the most dramatic examples of the threat 49 00:02:26,07 --> 00:02:30,05 of unmanaged IoT devices is the Mirai botnet. 50 00:02:30,05 --> 00:02:32,07 The attackers built their botnet army 51 00:02:32,07 --> 00:02:35,07 by running a simple script against devices 52 00:02:35,07 --> 00:02:38,05 on the internet that attempted to log in with 61 53 00:02:38,05 --> 00:02:41,04 known IoT default passwords. 54 00:02:41,04 --> 00:02:44,07 If they successfully logged in, the IoT device was infected 55 00:02:44,07 --> 00:02:48,01 with malware that directed them to follow the instructions 56 00:02:48,01 --> 00:02:50,09 of a central command and control system. 57 00:02:50,09 --> 00:02:53,01 The attack was very effective. 58 00:02:53,01 --> 00:02:55,00 It's estimated that there were nearly 59 00:02:55,00 --> 00:02:58,02 half a million Mirai infected IoT devices, 60 00:02:58,02 --> 00:03:01,07 mostly composed of closed circuit TV cameras, 61 00:03:01,07 --> 00:03:04,01 DVRs, and routers. 62 00:03:04,01 --> 00:03:06,07 They were used to conduct distributed denial service 63 00:03:06,07 --> 00:03:10,08 or DDoS attacks against a wide variety of targets. 64 00:03:10,08 --> 00:03:12,04 Some good news is governments 65 00:03:12,04 --> 00:03:15,00 and regulatory bodies are recognizing the problem 66 00:03:15,00 --> 00:03:17,00 of poor or no security standards 67 00:03:17,00 --> 00:03:19,03 for devices connecting to the internet. 68 00:03:19,03 --> 00:03:21,05 They're proposing minimum security standards 69 00:03:21,05 --> 00:03:25,03 for device manufacturers and labeling to raise the awareness 70 00:03:25,03 --> 00:03:28,08 of users about how secure their devices are. 71 00:03:28,08 --> 00:03:30,06 These requirements are being enforced 72 00:03:30,06 --> 00:03:34,05 as laws like the IoT cybersecurity improvement act 73 00:03:34,05 --> 00:03:38,00 which was signed into US law in 2020, 74 00:03:38,00 --> 00:03:40,05 but with next generation internet capabilities 75 00:03:40,05 --> 00:03:45,00 like 5g dramatically increasing data speeds and throughput, 76 00:03:45,00 --> 00:03:48,05 we may see IoT devices continue being a key player 77 00:03:48,05 --> 00:03:53,00 on the cybersecurity threat landscape well into the future.