MIAMI – The way Eugene Kaspersky sees it, there may soon come a day when you wake up and your coffeemaker refuses to brew anything – or worse, will only brew decaf – until you pay up on the ransomware that has infected it.
Kaspersky, CEO of Kaspersky Lab, told some of the company’s top partners at its annual North American Partner Conference here this weekend that he believes IoT stands not only for “Internet of Things,” but also for “Internet of Threats.” The emergence of IP and intelligence in an increasing number of previously disconnected devices will lead to new and novel attack vectors, the executive predicted.
“It’s not just the pleasures of this world, the benefits and the beauty, that we have to think about,” Kaspersky told partners. “We also have to think about the other side, the bad guys, as well.”
And while the coffee maker was a bit of a perhaps a tongue-in-cheek example, Kaspersky said he does see a variety of attack opportunities on devices that have heretofore not been connected to the network. The first one to be hit, he posited, will be right in our living rooms.
“I’m expecting to see the first attacks on smart TVs this year, or maybe next year,” he told attendees.
That attack could take a multitude of forms, Kaspersky said, ranging from ransomware that blocks TV viewing until the user pays up, to malicious software that orders pay-per-view content the user does not wish to order, to a scenario whereby malicious parties could use smart TV capabilities to pull a Yakov Smirnov-style “Russian reversal,” and have TV watch you.
Of course, since the company believes it’s an up-and-coming attack vector, Kaspersky is already working on ways to deal with it – he said the company is at the prototype stage with smartphone protection, which could be quickly turned into a utility to help after the first attacks are announced and ultimately “into a product to make you all more busy.”
Kaspersky also addressed the rising presence of both organized crime and government in the cyber-attacks game, with goals and outcomes ranging from simple espionage to some sabotage. He shared the story of a German steel mill which last years had its factory physically damaged as a result of an attack on its SCADA network. He did not provide any identifying details on either the mill or the attack.
But he did say that state-sponsored security breaches and attacks are on the rise, and they “speak a variety of languages,” going as far as to observe that “most nations are in this game.”
“We’ve already reached the point of cyber-terrorism – very professional attacks with very professional tools on the physical infrastructure. And we’re one short step from cyber-weapons. We’re just a ‘warhead’ away,” Kaspersky said.
While Kaspersky used to strongly advocate for international organizations to tackle cyber-crime and security attacks, the emergence of nations as the source of many attacks suggests that those nations will likely hold the cars closer to their vests. Now, instead of calling for international co-operation to deal with cyber-criminals, Kaspersky is talking about the potential of nations pulling out of the global Internet, at least as far as key government agencies and systems are concerned.
“Nations will have to develop second networks, and it has the potential to severely damage the concept of an Internet that is open and global,” Kaspersky said.
However, remembering his audience, the executive added that it will be a very expensive undertaking for nations that choose to do so, “and IT companies will be very happy” as a result of the additional work required to design, implement, and maintain these parallel national networks.