How do you believe the increasing interconnectedness of devices and systems (Internet of Things) is impacting the threat of cyber extortion? What new vulnerabilities or challenges does it introduce?

The rise of the Internet of Things has made cyber extortion a much bigger problem. Every new device connected to the internet becomes a possible entry point for attackers. At Parachute, we see this every day when we help businesses secure smart printers, thermostats, and even coffee machines. I remember working with a client who didn't realize their smart security cameras were an easy target. Attackers found the cameras online, took control, and demanded a payment to unlock them. It's a clear reminder that anything connected can be a risk. Many IoT devices are built with little thought about security. Updates are rare, passwords are weak, and users often have no idea the danger they face. We once helped a company recover after a DDoS attack that started with a compromised smart speaker in their office. That one device was enough for attackers to knock out their website and customer portals. Even worse, many IoT devices are part of supply chains, so one weakness can put an entire network at risk. Teams managing these devices need to think about security from the first day they plug something in. My advice is simple: treat every device like a computer. Change default passwords, update software when you can, and limit which devices connect to sensitive systems. Teach your team about IoT risks just like you would about phishing emails. Most problems I've seen could have been avoided with a few simple steps. At Parachute, we always remind our clients — if it's smart enough to connect to the internet, it's smart enough to be hacked. A little attention now can save a lot of headaches later.

The increasing interconnectedness of devices and systems—particularly through the proliferation of IoT—is significantly amplifying the threat surface for cyber extortion. In our experience at Cyfax.ai, we've observed a marked rise in threat actors targeting IoT endpoints, a trend that's been validated by both our own dark web monitoring platform and corroborated by peer platforms in this segment. Notably, several new IoCs related to IoT compromise have emerged across 2024-2025, aligning with CISA threat advisories that cite real-world exploitation of devices such as improperly configured webcams by known threat actors. This expanded attack surface introduces multiple challenges: Device Diversity & Fragmentation - Many IoT devices operate on lightweight or proprietary operating systems with limited support for next-gen detection or response tooling. Some can't hold a software agent in memory, making traditional endpoint defenses ineffective. OT Device Blind Spots - In environments where IoT overlaps with operational technology (OT), especially in industrial or maritime settings, scanning is constrained. Aggressive scans risk disrupting device function, while overly passive scans often miss critical vulnerabilities—creating a paradox for defenders. Supply Chain Risk - IoT devices often enter the environment through third-party vendors and are rarely inventoried or updated, creating silent entry points for lateral movement or persistent footholds. Default Credentials & Exposure - Many IoT devices still ship with default credentials and are left exposed to the internet, making them low-hanging fruit for opportunistic threat actors and botnets alike. In short, as IoT devices continue to permeate enterprise and critical infrastructure environments, they've become both a direct target and a strategic stepping stone for cyber extortion groups. This underscores the urgent need for more specialized detection, device segmentation, and vendor accountability across the entire IoT ecosystem.

The proliferation of IoT devices has dramatically increased cyber extortion threats from a data recovery perspective. As President & CEO of DataNumen, serving Fortune Global 500 companies for over 24 years, I've observed how IoT creates multiple vulnerabilities. Each connected device becomes a potential entry point for ransomware. When attackers compromise one IoT device, they can spread malware across entire networks, corrupting data on multiple systems. This creates complex recovery challenges that traditional backup methods can't handle. The most critical issue is fragmented data storage - IoT distributes data across multiple locations and formats, making comprehensive recovery extremely difficult during extortion events. Additionally, IoT's real-time data requirements give attackers significant leverage, as any recovery delay causes immediate operational losses. Organizations must implement IoT-specific recovery protocols including segmented networks and specialized data recovery solutions. As cyber threats evolve, robust recovery capabilities become as crucial as preventive security measures.

The rise of connected devices has increased the risk of cyber extortion. With items like smart cameras and industrial sensors online, the number of potential entry points for attackers has grown, enabling access to broader networks. This can lead to the theft of sensitive information or tactics like ransom and blackmail. The inter-connectivity creates new vulnerabilities, such as insecure default settings, outdated software, and weak encryption. Attackers exploit these weaknesses to form botnets, steal data, or gain physical access to facilities. Addressing these issues is complicated by the sheer volume and diversity of devices, each requiring its security measures to prevent widespread organisational failures.

With the rise of the Internet of Things (IoT), the landscape of cyber extortion has evolved. IoT devices, from smart cameras to industrial sensors, are increasingly targeted by cybercriminals due to their interconnected nature and often lax security measures. One major issue is the prevalence of weak or hardcoded passwords. Many IoT devices come with default credentials that users rarely change, providing an easy entry point for attackers. Once compromised, these devices can be hijacked to launch attacks or serve as gateways into more secure networks. Moreover, the communication between IoT devices is frequently unencrypted, making it susceptible to interception and manipulation. The absence of regular firmware updates exacerbates the problem, as outdated software can harbor known vulnerabilities. This is particularly concerning when IoT devices are integrated into critical infrastructure, where a single breach can have far-reaching consequences. To combat these threats, it's essential to adopt robust security practices. This includes enforcing strong authentication protocols, encrypting data transmissions, and ensuring timely software updates. By addressing these vulnerabilities, we can better protect our IoT ecosystems from cyber extortion and other malicious activities.

The growing surface area of edge devices and connected devices represent a significant challenge for organizations, governments, and constituents. This is represented in the spike in observable ransomware attacks last year, with over 5,200 attacks according to the NCC Group. The FBI found that cyber crime extorted at least $16 billion dollars. More sophisticated cyber campaigns from state adversaries have been utilizing more AI-powered offensive digital tools to increase the ability to deploy ransomware, especially with growing ransomware-as-a-service solutions available. Last year, the FBI and NSA found Chinese-linked cyber groups hijacking routers and other connected devices for botnet ops. Such efforts, especially in critical infrastructure and the woefully secured OT sector, show the challenge of securing the supply chain and the proliferation of third-party risk vulnerabilities. Organizations must do more on strong cyber audits and assessments of their devices, their partners, and current security practices. Regular internal cyber education, exercises, best practices, and continuing monitoring can help increase resilience and readiness. Please do not hesitate to reach out if you have follow-up questions on this timely topic. I would love to be of help. Thanks for considering me and hope to be a resource for you and your readers. Best, Jeff https://www.100milestrategies.com https://www.linkedin.com/in/jeffreyle/