Download to read offline
IoT - Rise of New Zombies Army
The document by Muhammad Faisal Naqvi discusses the Internet of Things (IoT) and the associated security vulnerabilities, highlighting the rise of IoT attacks such as ransomware and DDoS attacks. It outlines the primary security challenges, including poor authentication and insecure interfaces, and suggests strategies for mitigating risks like network segregation and automatic updates. The author underscores the urgent need for better standards and practices in IoT security as the number of connected devices continues to grow.
More Related Content
Similar to IoT - Rise of New Zombies Army
More from Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
![Number_Guessing_Game_Dsbsbssbzboc[1].pptx](https://cdn.slidesharecdn.com/ss_thumbnails/numberguessinggamedoc1-251206215042-a076fc05-thumbnail.jpg?width=640&height=640&fit=bounds)
IoT - Rise of New Zombies Army
- 2. IOT - RISEOF NEW ZOMBIES ARMY Muhammad Faisal Naqvi CISSP, CISA, AMBCI, ITIL, ISO 27001 LA
- 3. ABOUT MYSELF • MuhammadFaisal Naqvi • CISSP, CISA, AMBCI, ITIL, ISO 27001 LA & MI • MS (IT) E-Commerce (Gold medal) • Over 19 years of Experience Including: • Information Security Officer, Union Coop, UAE • Manager, EY – Ernst & Young • Discovered many Zero-day Vulnerabilities • Author of ISACA Journal • Author of Government Regulations • Linkedin: www.linkedin.com/in/mfaisalnaqvi/
- 4.
- 5. IOT – INTERNETOF THINGS • Smart Devices • Tiny card size • Fully powered computers • Connected to internet • As cheep as $5
- 6. TYPICAL IOT EXAMPLES •Home Appliances/ Tooth brushes • Vehicles/ Parking Spaces/ Signals • Bulbs/ Switches • Censors • Animals Tracking • Cameras • Door Locks • Medical Devices • Billions of Devices
- 8.
- 9. IOT SECURITY STATISTICS(CONT.)
- 10. IOT ATTACKS • PrivacyLeakage • Spam Mails • Smart Meters Hacking • IoT Ransomware • DDoS
- 11. DYN DNS DDOSATTACK • Largest DDoS attack on Record • Oct 2016 • Tens of millions of Zombies • Magnitude of 1.2 Tbps • Mirai Malware • Twitter, Visa, PayPal, Amazon, BBC, CNN, Fox, HBO, Netflix, Swedish Govt., Verizon, Business Insider, The Guardian, HostGator, NY Times, Playstation, Shopify, Starbucks, Wall Street Journal, Xbox
- 12. FUTURE POSSIBLE IOTDDOS ATTACK IoT DDoS
- 13. OWASP IOT TOPTEN 1. Insecure Web Interface 2. Insufficient Authentication/ Authorization 3. Insecure Network Services 4. Lack of Transport Encryption 5. Privacy Concerns
- 14. OWASP IOT TOPTEN (CONT.) 6. Insecure Cloud Interface 7. Insecure Mobile Interface 8. Insufficient Security Configuration 9. Insecure Software/ Firmware 10. Poor Physical Security
- 15.
- 16. IOT - MITIGATINGRISKS • Established, reputable brands. • Automatic updating • Change passwords immediately • Network segregation • Avoid free networks • Disable UPnP Protocol on Router
- 17. IOT SECURITY CHALLENGES •Large Number • Many Software/ Firmware/ Hardware/ Devices • Lack of Standardization • Less Resources for Complex Encryption • Can't install Antivirus/ Security Software • Through 2018, over 50% of IoT device manufacturers will not be able to address threats from weak authentication practices. Gartner
- 18. IOT PROTECTION BEYONDENDPOINT SECURITY • JS Challenge • Device Fingerprinting • Canvass Challenge • IP Rate Limiting • Human Interaction Challenge • Captcha Challenge • Content Delivery Network • Blacklisting by ISP
- 19.
- 20.