Recent Trend Micro study suggests 2.5 million cyber assets are exposed to cybercrime.
New research has come to light, revealing a large number of electronic devices at risk in London – webcams, routers, medical equipment, company databases, and baby monitors. According to evidence provided by security firm Trend Micro, more than 2.5 million devices dubbed IoT (short for Internet-of-things) in the capital are exposed to cybercrime and hacking as of today, 28 November 2017. This number is currently among the highest, matched only by Berlin.
IoT devices connected through search engine Shodan are targeted and compromised by criminals with tech skills – or “hackers”, as they are frequently termed – by scanning for “cyber assets” that have not been made private by users, Cities Exposed analysis warns.
Without proper protective protocols and appropriate user security, connected devices can inadvertently expose user data. In sensitive cases, the data collected by hackers can even be used as ransom material.
Rick Ferguson, Trend Micro researcher, expresses concern at the fact that citizens of large capitals, recognized as hubs for big industries such as business and tech, are not developing their knowledge into personal security techniques as well.
It is very likely that the number of at-risk devices is much greater in reality, the researcher says, considering that they can be used in order to breach larger networks.
Manchester is the second high-risk location in the UK, with a ratio of approximately 320,000 devices exposed, followed by Glasgow, with 160,000 devices exposed, the cited analysis reports.
The UK currently possesses over 5,000 at-risk webcams which could be purposed by attackers to surveil victims or illegally retrieving and posting video streams from the devices of origin, experts say.
As the Trend Micro report itself explains, our day-to-day lives are organically linked with devices of all sorts. We are inherently dependent upon their functionality and, therefore, upon their security. Ideally, availability should not be affected by the intrinsic security of device; moreover, it should be transparent to all connected users. Under these circumstances, users are worried as to how they might best protect themselves.
The analysis explains that there is no blanket solution for user protection in a digital environment. Aside from the general security measures available, users must trust the manufacturers themselves to provide solid security measures from unboxing onward. Generally, the analysis reports that users will ultimately be required to rely on “security by obscurity” – concealing personal devices in the midst of billions others in order to avoid potential risks.
The risks are tangible and serious. In the past, hackers are known to have accessed webcams to obtain footage of children. Exposed IoT devices have been collectively exploited to develop large botnets – a network of hacked devices used in order to flood a service provider with requests that block the service itself through their sheer number. This type of hack is named a DDoS (distributed-denial-of-service) attack, relying on vast numbers unsuspecting user devices to attain their goal.
Users are therefore left to rely on manufacturers and providers for the bulk of their online security. Nonetheless, experts advise users to boost their protection through password encryption, ensuring that their passwords of choice are as unique as possible.