Most people are enamored with the internet, and the ability we have to connect to limitless data and each other. The benefit is so great, in fact, that most people are also willing to accept the risk that comes with joining a network of five billion devices (expected to reach 20 billion by 2020). Each device has the capability to connect to another for any purpose intended by its user – good or evil. So even if only one percent were controlled by someone with malicious intent, 50 million devices would be in the hands of criminals.
Let’s explore why an evildoer would want to get control over millions of devices. This landscape has changed over the years, but today it’s about financial gain. An assailant’s ability to control scads of devices capable of executing code gives him an enormous amount of processing power – which can then be used to dismantle security measures, disable companies, and ultimately steal information. For which he gets a pretty penny on the black market.
Some attacks are strategically targeted, such as the one executed on Target stores in late 2013. This attack, according to Reuters, left 40 million customers’ credit card numbers exposed. It was precise, too, hitting the 19 busiest shopping days of the holiday season. More recently, cyber criminals have upped their game, attacking smaller companies by encrypting and holding their data for ransom- a class of attack generically called “ransomware”. If the victim doesn’t pay for a decryption key within a given time, the key is deleted and the data will never be decrypted. Most are left with no choice but to pay. What’s worse, these cyber-thugs are selling the code, proliferating this sort of attack on a grander scale.