Attivo Networks Blogs

Mitigating IoT security risks through the use of deception technology

The internet of things is growing rapidly, and IoT-enabled devices are beginning to appear in all aspects of our lives. This not only impacts consumers, but also enterprises, as it is expected that over 50% of all organizations will have some form of IoT in operation in 2019. The number of IoT-connected devices has risen exponentially, and that growth shows no sign of slowing as Gartner forecasts that more than 20 billion internet-connected appliances and machines will be in use by 2020 — a number that, even now, has surpassed the world’s population. With more and more companies developing internet-enabled devices ranging from doorbells and security cameras to refrigerators and thermostats, it comes as little surprise that threat actors are discovering new vulnerabilities and developing new ways to exploit them.

oT presents an unconventional attack surface, opening additional access points where attackers can establish a foothold and exploit corporate networks — often undetected by traditional perimeter defenses. A recent Kaspersky Labs report confirmed that these weaknesses are being exploited with alarming regularity. In the first half of 2018 alone, researchers identified three times as many malware samples attacking IoT-enabled devices than in all of 2017 — and 10 times the 2016 total. Not only are attackers aware of these vulnerabilities, they are targeting them at an accelerating rate.

Recognition of this threat is growing, not just within the industry, but within law enforcement as well. This August, the FBI issued a public service announcement titled “Cyber Actors Use Internet of Things as Proxies for Anonymity and Pursuit of Malicious Cyber Activities.” The PSA warned both manufacturers and users of IoT-enabled devices of the vulnerabilities inherent to the network and common ways that attackers attempt to exploit them. While the PSA also made a number of suggestions regarding how to address these vulnerabilities, these recommendations are neither comprehensive nor enforceable.

States, too, have begun to take notice, and this year California became the first state in the U.S. to pass a bill regulating IoT security. The bill, SB-327, will require manufacturers to equip connected devices with a “reasonable security feature or features that are appropriate to the nature and function of the device” when it takes effect in January 2020. The bill also includes specific security measures, including a mandate that smart devices must come preprogrammed with a password “unique to each device manufactured”– a statute aimed at addressing one of the most well-known IoT vulnerabilities, and one famously exploited by malware such as the Mirai botnet.


Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

11 − nine =

Ready to find out what’s lurking in your network?

Scroll to Top