A new report has revealed that an unknown actor recently succeeded in hacking into a tank… Relax, not the military kind. Rather, it was a “smart” fish tank operated by a North American casino.
As silly as this sounds, the attack demonstrated the security vulnerabilities posed by Internet of Things products, as the adversary was able to exfiltrate data from the tank and send it to a device in Finland.
According to machine-learning cybersecurity company Darktrace, the casino’s fish tank contains advanced sensors that automatically regulate temperature, salinity, and feeding schedules. But Darktrace’s threat detection technology determined that the tank, which was connected to an isolated VPN, was sending anomalous data transfers to a rare external destination.
The incident was one among several unusual cyberattacks featuring advanced technologies or sophisticated methods that were highlighted by Darktrace in its newly released 2017 Global Threat Report. In another IoT-based attack, an adversary compromised an architectural firm’s smart drawing pads in order to launch distributed denial of service attacks against entertainment companies, design companies, and government bodies.
“We are seeing new areas of vulnerability arise as modern companies embrace the Internet of Things,” Darktrace stated in its report. “The proliferation of new connected objects multiplies the inroads to critical networks and data, yet organizations often have remarkably poor visibility of these hidden outposts of their networks.”