Evolution of IoT Attacks: An Interactive Infographic

There will be 41.6 billion connected IoT devices, generating 79 zettabytes (ZB) of data in 2025 (IDC). Every Internet-connected “thing,” from power
grids to smart doorbells, is at risk of attack. BLUETOOTH INDUSTRIAL MEDICAL

BOTNET GENERIC IOT SMART HOME

Throughout recent decades, cyberattacks against IoT devices have become more sophisticated, more common, and unfortunately, much more
effective. However, the industry has fought back, developing and implementing new security technologies to prevent and protect against attacks. CAR INFRASTRUCTURE WATCH/WEARABLE
This infographic shows how the industry has evolved with new technologies, protocols, and processes, to raise the bar on cybersecurity.

Mouse over each attack for more information.

STUXNET WATER BMW MIRAI FITBIT SAUDI PETROL SILEX LINUX DARK NEXUS
VIRUS UTILITY CONNECTED BOTNET VULNERABILITY CHEMICAL MALWARE BOTNET
SYSTEM DRIVE SYSTEM PLANT ATTACK
(SCADA)

PUERTO UNIVERSITY UKRAINIAN HAJIME AMNESIA AMAZON PHILIPS HUE

RICO OF MICHIGAN POWER VIGILANTE BOTNET RING HACK LIGHTBULB
SMART TRAFFIC GRID BOTNET
METERS LIGHTS

MEDTRONIC GERMAN TESLA CCTV PERSIRAI FANCY SWEYNTOOTH

INSULIN STEEL MODEL S BOTNET BOTNET BEAR VS. FAMILY
PUMPS MILL HACK REMOTE SPORTS
HACK

HACKABLE HEART BASHLITE FIAT CHRYSLER NYADROP SELF- REAPER THINKPHP TWO MILLION KAIJI
MONITORS BOTNET REMOTE CONTROL UPDATING MALWARE BOTNET EXPLOITATION TAKEOVER MALWARE

First Era | THE AGE OF EXPLORATION | 2005 - 2009 Second Era | THE AGE OF EXPLOITATION | 2011 - 2019 Third Era | THE AGE OF PROTECTION | 2020
Security is not a priority for early IoT/embedded devices. Most The number of connected devices is exploding, and cloud connectivity Connected devices are ubiquitous in every area of life, from
cyberattacks are limited to malware and viruses impacting Windows- is becoming commonplace. Criminals improve their ability to monetize transportation and manufacturing to medicine and entertainment. In
based embedded control systems. Instead of actively putting up a attacks on IoT devices through crypto mining, ad-click fraud, and spam response to this growing number and severity of attacks, governments
defense, organizations assume no one would bother to attack these email campaigns. Nation-state actors use IoT devices for politically and industrial groups began to enact legislation requiring higher levels
devices running in isolated networks. motivated attacks. While many new security technologies are being of security for IoT devices. Because hackers will continue to find “soft
adopted, their use is inconsistent, incomplete, and sometimes flawed, targets” in legacy and new devices implemented without strong security
• Security methods and technologies include:
resulting in many devices that are still vulnerable: measures, companies worldwide are beginning to build strong security
• Security by obscurity
controls into IoT devices, using security frameworks and unified solutions
• Minimal security, often easily bypassed • Security protocols (TLS and SSH)
with key security technologies that work together to provide multiple
• Secure protocols (SSH or SSL) used in a few systems, usually no • Secure boot
layers of protection. Chief components include:
other security controls • TPM or Secure Element for secure key storage
• Air-gapped networks • Hardened operating system • Security protocols (TLS and • Embedded Firewall and
• Embedded Firewall SSH) intrusion detection
• Secure boot • Data at Rest protection
• TPM or Secure Element for • Certificates/PKI for
secure key storage authentication and identification
• Hardened operating system