The destructive power of both malware attacks derived from the difficulty to patch large numbers of compute devices. Thus while the attacks were not “zero-day”, cyber attackers created weapons-grade malware by adding the ability to laterally search for vulnerable systems.
For organizations migrating to the cloud or deploying IoT infrastructure the recent cyber attacks should be a wake up call to the destructive power of malware that can autonomously hunt for targets!
The increasing number of personal compute devices and supply chain partners connecting to enterprise clouds makes universal endpoint protection impossible. Subsequently, malware can find and propagate from infected compute devices to cloud-based applications. Once infected, hosted apps can become malware super spreaders. However as bad as the risk of malware is to enterprises, the risk to IoT systems is even greater.
The new generation of IoT devices has the ability to autonomously communicate locally and globally. As IoT devices come in hundreds of different variations with specialized software modules, patching IoT systems is far more difficult than personal compute devices.
Infected IoT devices can spread malware from autonomous vehicles and energy management systems to consumer products and cloud computers – and then back again. A malware attack on billons of networked IoT devices would take months or years to correct.
