Several significant cyberattacks targeting Internet of Things (IoT) cybersecurity defences have occurred in the past. It’s essential to note that the landscape of cyber threats is dynamic, and new incidents may occur. Here are some notable IoT-related cyberattacks:
1. Stuxnet (2010)
While not exclusively an IoT attack, Stuxnet is a prominent example of malware that targeted industrial systems, particularly supervisory control and data acquisition (SCADA) systems. It specifically aimed at disrupting Iran’s nuclear program.
2. Mirai Botnet (2016):
Mirai gained notoriety for launching massive Distributed Denial of Service (DDoS) attacks by compromising IoT devices, such as cameras and routers. It caused widespread internet outages by overwhelming targeted websites and services. Mirai was involved in a high-profile DDoS attack on Dyn, a domain name system (DNS) provider. The attack disrupted access to major websites and online services, highlighting the potential impact of compromised IoT cybersecurity in large-scale attacks.
3. Industroyer/CrashOverride (2016)
This malware targeted power grids and was responsible for a cyberattack on Ukraine’s power infrastructure in 2016. It is considered one of the first malware strains designed specifically to impact electric grid operations.
4. WannaCry (2017)
While not exclusively an IoT cyberattack, WannaCry ransomware impacted a significant number of IoT devices, particularly in healthcare and manufacturing. The ransomware exploited vulnerabilities in Windows systems, leading to disruptions worldwide.
5. TRITON/TRISIS (2017)
TRITON, also known as TRISIS, targeted industrial safety systems. It was discovered in an attack on a petrochemical plant in Saudi Arabia. The malware aimed to manipulate the plant’s safety systems, posing significant risks to human safety and the environment.
6. NotPetya (2017)
NotPetya, initially disguised as ransomware, caused widespread damage to various industries, including shipping, energy, and manufacturing. It affected critical infrastructure systems and had a substantial economic impact.
7. BrickerBot (2017)
BrickerBot operated as a “vigilante” malware, targeting vulnerable IoT devices with the intention of permanently disabling them. The malware aimed to fix insecure devices but did so in a destructive manner.
8. VPNFilter (2018)
VPNFilter targeted routers and network-attached storage (NAS) devices, affecting a large number of IoT devices. It had capabilities for data exfiltration, device destruction, and potential disruption of network communication.
9. LockerGoga (2019)
While not specifically targeting IIoT, LockerGoga gained attention for its impact on industrial systems. It infected several manufacturing and industrial firms, causing disruptions to production processes.
10. Silex (2019)
Silex malware targeted IoT devices with weak security and default credentials. It aimed to brick the devices by deleting critical files, rendering them unusable. The attack highlighted the importance of securing IoT devices against both data breaches and physical damage.
11. Ekans/RansomEXX (2020)
Ekans, also known as RansomEXX, is ransomware that targets industrial control systems (ICS). It gained attention for its ability to terminate specific industrial processes before encrypting files.
12. TrickBot (2020)
TrickBot, originally a banking trojan, expanded its capabilities to target IoT devices. It posed a threat to both individuals and organizations by compromising a wide range of devices for malicious purposes, including information theft and ransomware attacks.
