Back to blog

Keen on the Internet of Things? Beware of IoT Botnet Zombie Attacks!

Procurement News
Jan 30 2017, 1:08 AM5 min read

Everyone’s talking about the Internet of Things and all of the exciting things it can do for us! But just how much have we considered the possible security risks? 

What’s All the IoT Fuss About?

CPOs are becoming ever keener on enhancing hyper-connectivity within their organisations using the Internet of Things. This is unsurprising given the potential opportunities for procurement teams; warehouses that can tell you what parts you’re running out of and reorder them for you, more efficient processes and the chance to revolutionise how they manage supply chains.

Of course, it’s not just businesses that will benefit from IoT. Early adopters are already using IoT in their homes with smart fridges, smart toasters and smart collars for their pets. Experts predict that by 2020, more than half of new organisations will run on IoT.

Given all of these benefits, you might well ask what’s not to love? Well, judging by recent events, it might be prudent for us all to exercise a little more caution as far as IoT is concerned. As it stands, the process is wide open to cyberattacks.

Botnet Zombie Attacks

Individual devices pose almost no threat to any computer or data centre but what happens if millions of them were taken over at once? IoT devices are likely to have weaker security (research suggests that default usernames and passwords for devices are rarely changed), which makes them an easy target. Hackers will pre-program their malware with the most commonly used default passwords in order to hack multiple devices.

Back in October, an IoT botnet, Mirai, attacked a number of the internet’s websites including Spotify, Netflix and PayPal. The botnet works by consistently searching for accessible IoT devices protected by default passwords. Once these have been identified, the malware turns them into remotely controlled bots and is able to use them for large-scale network attacks – think robot zombie army!

This week, computer security journalist Brian Krebs posted an article on his blog, Krebs on Security, revealing the identity of Mirai author to be Paras Jha, owner of a DDoS mitigation service company ProTraf Solutions and a student of Rutgers University. Whilst Mirai has only been used mischievously so far, to shut down certain sites, the actions have brought to question what damage could be inflicted by real cybercriminals.

The Worst Case Scenario

Whilst the Mirai October attacks were relatively harmless and only resulted in some websites crashing, some tech commentators are regarding it as a test-run. It’s concerning that the next botnet attack could be aimed at data theft or physical asset disruption.

As Krebs stated in his blog “These weapons can be wielded by anyone – with any motivation – who’s willing to expend a modicum of time and effort to learn the basic principles of its operation.” Someone with a grievance against a particular website could easily have it taken offline or simply employ a hacker to do it for them.

It’s especially concerning to imagine the consequences of IoT devices being hacked within critical or high security areas such as hospitals, banking, government, transport etc. Time will tell if we are able to secure IoT before we are subject to further, and perhaps more significant, botnet attacks.

What Can Be Done?

How can individuals and organisations improve their IoT security and prevent cyber attacks? We’ve put together a quick checklist to help you strengthen your security.

  • Use strong login passwords for all your devices and strong Wi-Fi passwords. A strong password contains upper and lower case letters, numbers and symbols.
  • Make sure all the software you use is fully updates – this can fix security flaws.
  • Don’t open mysterious email links or attachments – if you weren’t expecting it, don’t open it!
  • Never reveal card information.
  • Don’t trust anyone who calls you to discuss your computer or devices – hang up the phone.

What do you think about the IoT security risks? Should CPOs halt their investments and wait for the cybersecurity to catch up with the technology? Let us know in the comments below.

Here’s what else has been going on in the world of procurement this week…

Trump Kills TPP

  • President Trump upended America’s bipartisan trade policy on Monday as he formally abandoned the ambitious, 12-nation Trans-Pacific Partnership.
  • In doing so, he demonstrated that he would not follow old rules, effectively discarding longstanding Republican orthodoxy that expanding global trade was good for the world and America.
  • Although the Trans-Pacific Partnership had not been approved by Congress, Mr. Trump’s decision to withdraw carries broad geopolitical implications in a fast-growing region.
  • Trump said American workers would be protected against competition from low-wage countries like Vietnam and Malaysia, also parties to the deal.

Read More on New York Times

Wal-Mart Cuts 1,000 HQ Jobs

  • Wal-Mart Stores began a round of some 1,000 layoffs at its corporate headquarters, with most cuts targeting the retailer’s supply chain operations.
  • The shakeups, which have been expected, suggest that Wal-Mart is willing to undo much of the work in its existing e-commerce operations in favour of Jet’s signature pricing and fulfilment algorithms, which reward shoppers in real time with savings on items purchased and shipped together.
  • The dent in its supply chain ranks could undermine one of Wal-Mart’s core strengths: its highly efficient brick-and-mortar-based distribution system.

Read More on Retail Dive

Samsung’s Exploding Galaxy Note7 Blamed on Battery Suppliers

  • Approximately 2.5 million phones have been recalled by Samsung due to explosive defects of the Galaxy Note since September 2016.
  • Recalls happen all the time, but while the Samsung case rose to infamy due to its flammable and potentially injurious nature, the revelation that Samsung’s primary and backup suppliers independently produced a faulty phone component is equally remarkable.
  • What was a supply chain problem was resolved by an operations solution in this particular case. However, batteries will be subject to more strict quality controls to avoid future issues.
  • Previous analyses also have suggested Samsung’s rush to production — both before and after the first recall — may have also impacted the finished good’s quality.

Read More on Supply Chain Dive

Procurement Salaries On The UP In 2017

  • Procurement professionals can expect to see pay rises averaging 10% in 2017, according to a salary survey
  • However, contractors will get the biggest rises – 15% – while permanent staff can expect to get 4%
  • Sam Walters, associate director at Robert Walters, said: “Across all levels of seniority we have seen demand grow for high quality procurement professionals over the past year, with those with IT procurement experience being particularly highly sought after

Read more at Supply Management

Previous article
Bruce Macfarlane profile photo
Bruce Macfarlane
Jan 29 2017, 1:42 AM
3 min read
Why “Free Help” With Buying Decisions Costs More
Career Management
Next article
Manoj Saxena profile photo
Manoj Saxena
Jan 31 2017, 1:07 AM
3 min read
The Coming Backlash Against Artificial Intelligence and How to Handle It
Generation Procurement