Phishing Attacks aren’t Just Targeted at People Anymore
Quick Answer
Phishing now targets connected devices, not just inboxes. IoT devices (thermostats, doorbells, refrigerators, medical equipment) lag behind computers and servers on security, and the attack vector is still email. Researchers at Kaspersky compromised a smart home setup by sending a phishing email asking the user to download a backup copy onto the hub. Once installed, the attacker had maximum-privilege access to every connected device. IEEE research notes that users extend the trust they place in long-familiar devices like phones and TVs to new IoT hardware, making social engineering more effective. Defending the home or company requires anti-phishing filtering at the email layer, since human error remains the primary risk.
If you haven’t already heard, the Internet of Things (IoT) is going to be big. IoT simply means that every electrical device in your life will be connected to the Internet. From your doorbell to your thermostat to your refrigerator to every possible medical device. If you can plug it into an electrical socket it will probably plug into the Internet.
IoT devices will usher in the age of the Smart Home. They will control lighting, climate, entertainment systems and appliances, and generally make life better. That’s the good news.
Now for the bad news. If it’s attached to the Internet then it can be hacked. And as of right now, IoT devices are not yet up to par with computers and servers when it comes to security. They’re much more vulnerable. Which makes them the ideal target for a phishing attack.
As proof, researchers at Kaspersky ran a simulated attack on smart home security. What they found was that while it wasn’t easy to hack the devices, it was possible. And what was the attack vector? A phishing email.
According to an article on Security Week, “the researchers sent a phishing email asking the user to update the software on the device by downloading from the cloud the backup copy they had prepared. Once the backup was installed, the researchers gained access to the hub and to all devices attached to it with maximum privileges.”
Hackers aren’t just going after you anymore, they’re going after your information devices. And while that may not lead directly to financial losses, it will almost certainly result in a loss of privacy, at the very least.
As with most phishing attacks, attacks on IoT devices will be begin with social engineering. Confirmed by an article from IEEE, “The use of modern IoT devices has greatly increased the reach of an attacker, and the effectiveness of social engineering attacks. IoT devices often hold the trust of users as they belong to a family of devices which they have been able to safely use for years, such as cars, phones, and television sets. The trust relationship between users and IoT devices makes them an effective avenue for social engineering attacks because users are more likely to accept information received from them without question.”
That malicious email in your inbox can now impact everything in your home or your company if you’re not prepared. That means anti-phishing software is more valuable and more imperative than ever.
Don’t let hackers take over your life. Protect yourself by defending against the biggest cybersecurity risk of all, human error. Get phishing protection. You can protect your entire company or home in 10 minutes for less than you think. Try it risk free for 30 days.
General Manager
General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.
Secure your email infrastructure
Protect, authenticate, and deliver. Contact our team to find the right solution.