The attackers used that to get a foothold in the network. They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud
Nicole Eagan, the CEO of cybersecurity company Darktrace, told the WSJ CEO Council in London on Thursday: “There’s a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC [air conditioning] systems, to people who bring in their Alexa devices into the offices. There’s just a lot of IoT. It expands the attack surface and most of this isn’t covered by traditional defenses.”
Robert Hannigan, who ran the British government’s digital spying agency GCHQ from 2014 to 2017, appeared alongside Eagan on the panel and agreed that hackers targeting internet of things devices is a growing problem for companies.
“With the internet of things producing thousands of new devices shoved onto the internet over the next few years, that’s going to be an increasing problem,” Hannigan said. “I saw a bank that had been hacked through its CCTV cameras because these devices are bought purely on cost.”
He said regulation to mandate safety standards would likely be needed.
Of course, there are better routes to privacy; security; and freedom, than come from regulation…