How the Internet of Things (IoT) became a dark web target – and what to do about it

The dark web has evolved into a clandestine marketplace where illicit activities flourish under the cloak of anonymity.

Due to its restricted accessibility, it exhibits a decentralized structure with less stringent enforcement of security controls, making it a common marketplace for malicious activities. The Internet of Things (IoT), with its devices' interconnected nature and vulnerabilities, has become an attractive target for cybercriminals operating out of the dark web. One weak link – i.e., a compromised IoT device – can compromise the entire network's security. The financial repercussions of a breached device can be vast, not just in terms of ransom demands but also in regulatory fines, loss of reputation and the cost of remediation.

With their interconnected nature and vulnerabilities, IoT devices are attractive entry points for cybercriminals. They are highly desirable targets since they often represent a single point of vulnerability that can impact numerous victims simultaneously.

Check Point Research found a sharp increase in cyberattacks targeting IoT devices, observing a trend across all regions and sectors. Europe experiences the highest number of incidents per week: on average, nearly 70 IoT attacks per organization.

Based on research from PSAcertified, the average cost of a successful attack on an IoT device exceeds $330,000. Forrester's report reveals that 34% of enterprises that fell victim to a breach via IoT devices faced higher cumulative breach costs than cyberattacks on non-IoT devices, ranging between $5 million and $10 million.

By exploiting security vulnerabilities, malicious actors can gain unauthorized access to devices, networks, and sensitive data, enabling them to launch various attacks. Other examples are utilizing compromised IoT devices for botnet infections, turning them into zombies to participate in distributed denial-of-service (DDoS), ransomware and propagation attacks, as well as crypto-mining and exploitation of IoT devices as proxies for the dark web.

The dark web relies on an arsenal of tools and associated services to facilitate illicit activities. Kaspersky research revealed a thriving underground economy operating within the dark web centred around services associated with IoT. In particular, there seems to be a huge demand for DDoS attacks orchestrated through IoT botnets: During the first half of 2023, Kaspersky identified over 700 advertisements for DDoS attack services across various dark web forums.

IoT devices have become valuable assets in this underworld marketplace; on the dark web, the value of a compromised device is often greater than the retail price of the device itself. Upon examining one of the numerous Telegram channels used for trading dark web products and services, one can come across scam pages, tutorials covering various malicious activities, harmful configuration files with "how-to's", SSH crackers, and more. Essentially, a complete assortment of tools, from hacking resources to anonymization services, can be found for the purpose of capitalizing on compromised devices. Furthermore, vast amounts of sensitive data are bought and sold.

Adversarial machine learning can be used to attack, deceive and bypass machine learning systems. The combination of IoT and AI has propelled dark web-originated attacks to unprecedented levels, including:

The convergence of IoT and AI brings numerous advantages, but it also presents fresh challenges. To enhance IoT security and device resilience and safeguard sensitive data, organizations must implement comprehensive security measures based on zero-tolerance principles across the entire IoT supply chain.

Factors such as data security, device security, secure communication, confidentiality, privacy, and other non-functional requirements like maintainability, reliability, usability and scalability highlight the critical need for security controls in IoT devices. These should encompass elements like secure communication, access controls, encryption, software patches, device hardening, etc. As part of the security process, the focus should be on industry standards such as "secure by design" and "secure by default", the average number of IoT attacks per organization, broken down by region every week.

Collaborations and alliances within the industry are pivotal in developing standardized IoT security practices and establishing industry-wide security standards. By integrating dedicated IoT security, organizations can enhance their overall value proposition and ensure compliance with regulatory obligations.

In today's landscape, numerous regions demand adherence to stringent security standards, both during product sales and while responding to Request for Information and Request for Proposal solicitations. IoT manufacturers with robust, ideally on-device security capabilities can showcase a distinct advantage, setting them apart from their competitors. Furthermore, incorporating dedicated IoT security controls enables seamless, scalable and efficient operations, reducing the need for emergency software updates.

IoT security plays a crucial role in enhancing the Overall Equipment Effectiveness (a measurement of manufacturing productivity, defined as availability x performance x quality), as well as facilitating early bug detection in IoT firmware before official release. Additionally, it demonstrates a solid commitment to prevention and security measures.

By prioritizing dedicated IoT security, we actively contribute to the establishment of secure and reliable IoT ecosystems, which serve to raise awareness, educate stakeholders, foster trust and cultivate long-term customer loyalty. Ultimately, they enhance credibility and reputation in the market. Ensuring IoT device security is essential in preventing IoT devices from falling into the hands of the dark web army.