IoT Threats to Third-Party Networks

January 31, 2017//Ellen Neveux

Last Updated: November 18, 2020

The October attack on Dyn raised worldwide awareness of the danger of the Internet of Things (IoT). When commandeered by malware, smart devices can contribute to botnet armies capable of crippling a business network and disrupting supply chains.

Because older devices are not engineered to repel an internet attack, devices at home and at work can contribute to DDoS attacks leveled each day at businesses and organizations.

An army of bots
In January, researchers in the United Kingdom discovered over 350,000 Twitter accounts created as bots in June 2013. By programming the bots, users are able to fake follower numbers, influence trending Tweets, and achieve other goals not yet known.

This massive bot army is apparently dormant, and purposefully designed not to over- or under-Tweet, in order to avoid detection. As news of the discovery broke, the researchers noted they had just identified another silent Twitter botnet with more than 500,000 bots.

What does a rogue smart device or a secret Twitter account have to do with your business?  Incidents of cybercrime continue to rise, and attacks on third-party vendors are a primary target. As the weakest link in a supply chain, a DDoS attack on a third-party vendor could incapacitate a network and offer opportunities for intrusion or data exfiltration.

In a Cyber Risk Report by SurfWatch labs, study authors note, “The large-scale attacks we’ve seen this year highlight the ability of cybercriminals to continuously shift their tactics to weak links in the security chain. Organizations’ cyber risks have increased due to the growing number of vulnerable devices, easy-to-guess and/or reused user credentials and supply chain cybersecurity weaknesses. The interconnectivity of data, devices, and vendors creates numerous avenues of attack for cybercriminals.”

The domino effect
Outsourcing offers key advantages in costs and subject matter expertise. Yet, the safety of your business data depends on your risk management and the security protocols of vendor partners.

When a partner is hacked or loses data, your business network could already be compromised. Whether insecure devices, security vulnerabilities, or phantom accounts—when the dominos fall, make sure your platform doesn’t fail with it.

About SecureLink

Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.

Subscribe to the SecureLink Blog.
close close