What happens if a bad actor turns off your heat in the middle of winter, then demands $1,000 to turn it back on? Or even holds a small city’s power for ransom? Those kinds of attacks were among the top threats that security experts worried about at the RSA security conference this week.
While consumers don’t necessarily have to be concerned about all seven of the most dangerous types of attacks identified by the SANS Institute, several target consumers directly. The remainder could eventually “filter down” to consumers, though the effects might not be felt for some time.
Why this matters: Knowing what might affect your home network of devices is important knowledge, even if it’s up to someone else to build in the sort of protection that security experts are worried about. If you’re going to buy a connected gizmo for your growing smarthome collection, be sure it contains built-in security—or face the consequences.
The seven deadly attacks
Here are the seven most dangerous attack vectors, according to SANS, and what, if anything, you can do about them:
Ransomware. Ransomware surfaced more than 20 years ago, but it has since evolved into a seriously scary form of malware: crypto-ransomware, which encrypts your files and demands payment to unlock them. It’s an ideal way for bad guys to attack: Ransomware spreads like a virus, locks up your data independently, and forces you to contact the criminals for payment and recovery, according to Ed Skoudis, an instructor at the SANS Institute.
What you can do: Practice “network hygiene,” patching your system, using antimalware, and using permissions and network-access controls to limit exposure—once a PC is infected, you don’t want the infection spreading to other PCs on the network. Remember that ransomware is being monitored by actual people, with whom you can negotiate: “Your best bet is to appear small and poor,” Skoudis said, to try to reduce the amount you’ll pay.
The Internet of Things. The next stage of the evolution in consumer products is connectedness: Everything from baby cameras to toothbrushes are using wireless protocols to connect to each other and the internet. That, in turn, has left them vulnerable to hacks. Worse still, IoT devices are now attack platforms, as the Mirai worm demonstrated.
What you can do: Change the default passwords. If your smart-home gadget doesn’t allow it, either return it or wait (or petition the manufacturer) for firmware that allows a custom password. You can also take further steps to insulate connected devices by disabling remote access, using a separate dedicated home LAN for IoT devices, as well as a dedicated cloud account for controlling them, Skoudis said.
Sign up for CIO Asia eNewsletters.