12 Essential IoT Security Insights from 2023

While most consumers worry about privacy—fear that security cameras reveal private moments or that smart speakers capture sensitive conversations—these concerns represent only a fraction of the real threats facing IoT devices. In practice, attackers view IoT endpoints as stepping stones to larger objectives: launching distributed denial‑of‑service (DDoS) attacks, pivoting into corporate networks, or compromising critical infrastructure.

In a recent DEFCON session, Bryson Bort, CEO of Scythe and former Army Cyber Institute advisor, highlighted the most significant IoT and industrial control system (ICS) trends of the past year.

1. Nation‑State Attribution Is Increasing

Historically, most cyberattacks were attributed to organized crime. Recent Verizon Data Breach Investigations Reports (2023) show a clear shift: attacks linked to state‑affiliated actors are on the rise, while those tied to purely criminal groups are declining. As nation‑state activity grows, so does the effort to trace the origins of attacks, underscoring the need to understand the geopolitical motives behind each incident.

2. IoT Devices Serve as Pivot Points

Although the idea of a camera spying on you is alarming, attackers’ primary goals are usually financial gain or targeted espionage. A more realistic threat involves exploiting weak IoT devices to move laterally within a network. Microsoft’s Security Response Center documented a campaign where a threat actor (known as “Strontium” or APT 28/Fancy Bear) compromised a VOIP phone, printer, and video decoder to gain foothold and then scan for higher‑privileged accounts.

3. Air‑Gapping Is a Myth

Air‑gapped networks—supposedly isolated from the internet—have proven vulnerable. Bryson Bort notes that he has never encountered a truly air‑gapped system during his penetration tests. The Stuxnet attack remains the most cited example, where attackers infiltrated an Iranian nuclear facility via a seemingly innocuous USB drive.

4. Green Energy Adds Cyber Complexity

Modern power grids now integrate renewable sources and distributed generation (e.g., solar panels, EV chargers). This bidirectional flow demands sophisticated computer control, which expands the attack surface. Bort questions whether we should revert to analog systems, but the shift to green energy is reshaping grid security.

5. Critical Infrastructure Targets Rise

Nation‑states are intensifying efforts to compromise industrial control systems—voting machines, water treatment plants, and power grids. The United States, United Kingdom, Israel, Russia, North Korea, Iran, and even Vietnam (which has recently targeted foreign automotive firms) are among the most advanced cyber actors.

6. Cyber Attacks Fund Isolated Regimes

Reports indicate that cyber operations can provide financial support for closed economies. For instance, North Korea allegedly siphoned $2 billion from global financial institutions and crypto exchanges to fund its missile program. The U.S. has even allocated billions to purchase cyber‑weapons aimed at crippling North Korean missile systems.

7. A Single Malware Can Inflict Billions

WannaCry and NotPetya, though not specifically designed for IoT, demonstrated the catastrophic potential of ransomware. The NHS lost 19,000 appointments and incurred a £92 million cost, while a shipping conglomerate suffered $200–$300 million in damages. These incidents illustrate how a single infection can collapse entire operations.

8. Trisis Signals a New Threat Era

First identified in 2017, Trisis combined phishing and watering‑hole tactics to breach IT systems, then pivoted to OT networks, compromising safety‑instrumented systems (SIS) that directly control physical processes. FireEye links the attack to Russian actors, and recent reports suggest the threat now targets U.S. power infrastructure.

9. Critical‑Infrastructure Campaigns Scale Up

While large‑scale infrastructure attacks remain rare, intelligence indicates a growing number of organizations are actively seeking to infiltrate critical assets. These campaigns are often iterative, aimed at gathering long‑term access rather than immediate disruption.

10. Ransomware Could Target IoT Devices Soon

Researchers have demonstrated ransomware against a range of IoT devices, yet mainstream attacks have focused on traditional computing platforms. Bort forecasts that within five years, ransomware could extend to smart vehicles, home automation, and other connected devices—potentially demanding cryptocurrency payments to unlock the system.

11. Suppliers Are Integral to the Risk Model

Supply‑chain vulnerabilities have become a top concern. Bloomberg’s allegations that a leading Chinese server‑motherboard supplier was compromised sparked debate, though the claims were disputed by major tech firms. Bort stresses that any component touching your infrastructure—hardware, firmware, or software—must be considered part of your risk profile.

12. Data Monetization Drives IoT Sales

Smart devices often come at little to no extra cost because manufacturers monetize telemetry data. Bort highlights that a smart TV is typically cheaper than a non‑smart counterpart because the company sells user data—viewing habits, location, and more. Business Insider reports that similar data harvesting occurs in automotive manufacturing. A U.S.–China Economic and Security Review Commission report warns that Chinese IoT companies increasingly access U.S. consumer data, raising national‑security concerns.

In summary, the IoT threat landscape in 2023 is dominated by nation‑state actors, supply‑chain risks, and evolving ransomware tactics. Protecting your devices requires a layered approach: secure device hardening, supply‑chain vetting, network segmentation, and continuous monitoring.