Today the Internet of Things (IoT) connects people all around the world. We use it to connect, share knowledge, and make the world more convenient. As our world continues to grow the IoT continues connects businesses, schools, and people to the cloud making our world more interactive. Newly developed smart devices can help hospitals run smoothly, secure our homes, power supply chains and assist us in achieving a more sustainable world. New innovations such as smart lightbulbs and smart sensors can help monitor and manage our current greenhouse emissions levels. Energy efficient devices, electric cars and solar power systems all help to lower our greenhouse emmissions. But wherever there is a device connected to the IoT there exists a possible cyber attack vector. There are many different IoT vulnerabilities present in internet of things (iot) today. Cyber warfare or cyber attacks against devices and infrastructure are becoming more common in our world today. In additions, attacks against networks, devices, and companies can be difficult to protect against in real time. These attacks are usually classified as zero day exploits, where a previously unknown attack vector or application flaw is found. Viruses and malware can become embedded in systems software and consumer applications. Occasionally, successful attacks can go unnoticed for months or years and even bypass known antivirus software.

Infamous Attack Vectors Include:

Viruses: A type of computer program that can replicate and spread to other devices. Malware: Software that can be embedded or hidden in other applications. Worms: Computer malware that can be spread easily throughout computer networks. Trojan Horse: This is a type of malware that misleads or misrepresents itself causing confusion or harm to computer users. Remote Access: A way for back actors or cyber attackers to gain access to a network or computing systems Passwords Hacking: A way for A way for back actors or cyber attackers to gain access personal data, credentials, and sensitive assets. Open Ports: Many infamous attacks have been executed because a certain port or driver in not secured against zero day attacks. Unsecured Networks: Matware and bot networks can spread via consumer and business domain routers alike. Unsecured Systems Controlls: Infamous viruses have been used against systems that never reset default passwords for systems users. Computing Systems Without Backups: No entity or business relying up computing systems is safe without having backup system restores. Computing systems, networks, and personal devices are subject to a diverse variety of attacks everyday. Websites hosting personal, medical, educational, research, corperate and financial data are frequently attacked. In 2021 there was a 50% increase of attacks on corporate networks when compared to data about 2020. In the United States many government agency websites, U.S. financial systems, educators and vaccine companies have been especially hard hit by several of these attacks vectors since the pandemic began. It is estimated that North Korea stole over $500 million dollars in assets alone in 2022, and that’s just one of the harmful entities well known on the cyber security field today. The stuxnet virus was very effective because once it infiltrated a nuclear facility it not only caused malfunctioning equipment, but it has had the ability to spread. The stuxnet virus was a worm/trojan horse which resembled a virus, this is because it was able to become embedded in systems and software as it spread. Stuxnet was able to discover the proper computers it was targeting while evading detection and used 7 distinct mechanisms to spread to new computers. This virus also took advantage of back doors, or software flaws that were unknown to developers at that time. Stuxnet virus was also able to copy itself to open file shares and automatically propagate to connected computers while looking for software to attack. It looked for breach in the windows RPC service via winows print spooler service as well. It was also able to log into the centrifuge monitoring system (Siemans controller chair) by using the original default software login that was not remembered or acknowledged by the systems operator, wherein whoever setup the system should have disabled such default password. A breach via thumb drive