Using the Internet of Things to Go Deep

Wikistrat’s Bill Sempf warns that the “Internet of Things” can be used to reach deeper into compromised data than ever before.

Internet of Things

ITU Picture/L.Berney

The next twelve months will bring a technical depth to information security unlike anything we have seen before. The deep linking of data will be accompanied by more mature malware, including using Internet of Things devices and mobile platforms to host entire virtual machines, then using those to reach deeper into compromised data than seen before.

As attackers become more sophisticated, watch for deep linking of data to become the norm while seeking more lucrative targets. While hacktivism and digital vandalism will still be extant, the bite of organized crime will become deeper and stronger. Data correlation will play a big role in this as attackers link together details from various breaches to create more complete identities. Complete identities command a greater price on the black market, and Internet users without sufficient protections in place will find themselves the primary target for criminals.

In 2009, a security company conducted a project they reported on at Defcon 17 linking together social networking accounts of various targets using common data to create more complete social profiles. This new effort will be like that — called Social Butterfly — but more subtle. It will start as correlation of passwords (something that is already occurring at a small scale) and move on to the analysis of public data and competitor information to estimate/guess/infer intellectual property. These more complete profiles will become the currency of a certain segment of the criminal underworld. Basic identity theft will be replaced with blackmail like Cryptolocker to generate actual cash from identities rather than bulk sales.

Click here to read all of Wikistrat’s predictions for 2016.

About the author

Bill Sempf

Bill Sempf
Wikistrat Contributing Analyst
Application Security Architect and Board Member at the Open Web Application Security Project

This post was Tagged with:

Facebook Twitter Email