This is part of an ongoing 2021 predictions series. We’ve asked top cyber experts to contribute their insights and expertise to provide a look ahead at what the new year may bring to cybersecurity.
Deral Heiland, Principal Security Research (IoT), Rapid7:
"Over the course of this year, the use of Internet of Things (IoT) and Industrial Internet of Things (IIoT) technologies has skyrocketed among businesses and consumers alike. In 2020, estimates around the installation of IoT devices reached 31 billion, and by 2021, researchers anticipate approximately 35 billion IoT devices will be installed worldwide. However, increased installation opens up the opportunity for cyberthreats. As such, we should expect new attacks to emerge that aim to take advantage of weak points within these technologies. Recent research regarding Tesla Backup Gateway batteries revealed that weak default credentials allowed threat actors to easily identify, locate and take over the devices – with the potential to cause real harm. This is a perfect example of how vulnerable this technology can be if correct security measures are not taken. As we head into the New Year, here are my predictions for the top IoT security threats to be on the lookout for:
An increase in IoT sensor and actuator technologies will introduce new methods for attacks
As we head into 2021, we’ll continue to see the expansion of both IoT sensors (which connect and transfer data to the cloud to perform certain actions) and IoT actuators (which convert an electrical signal into a corresponding physical quantity, such as gears and rails or pulleys and chains) that leverage cellular communication. Because of this, it is highly probable we will start to see new classes of exploits and attacks against cellular-based edge devices. These new classes of exploits and attacks will ultimately have a dramatic impact on critical infrastructure security in 2021.
As manufacturers depend more on IoT and IIoT tech, be aware of malware, botnets and ransomware
Manufacturers will continue to grow their dependencies on IoT and IIoT technology within the processes in the year ahead. Because of this, they should also expect to see continued growth in IoT malware and IoT-based botnets that target these technologies throughout 2021. In the same regard, there is a high probability that the industry will also see a move by cybercriminals focused around launching ransomware attacks against these manufacturers’ IIoT infrastructure.
There is no doubt that we will continue to see attacks aimed at IoT and IIoT devices next year, but it does not mean we are doomed. There are many initiatives that can help IT security teams protect data in the long run, including the recent IoT Cybersecurity Improvement Act, which the US Senate unanimously passed this year. The Act is a significant step towards ensuring that we have the right standards in place to keep our critical systems secure, issuing guidelines for the federal government on the appropriate use and management of IoT devices. Efforts such as this demonstrate bipartisan recognition of the importance of IoT security and the need for action."